National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:google:android:-
There are 1,185 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2019-2054

In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-119769499

Published: May 08, 2019; 01:29:01 PM -04:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-6243

NVIDIA Tegra TLK Widevine Trust Application contains a vulnerability in which missing the input parameter checking of video metadata count may lead to Arbitrary Code Execution, Denial of Service or Escalation of Privileges. Android ID: A-72315075. Severity Rating: High. Version: N/A.

Published: May 07, 2019; 04:29:01 PM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2019-9798

On Android systems, Firefox can load a library from APITRACE_LIB, which is writable by all users and applications. This could allow malicious third party applications to execute a man-in-the-middle attack if a malicious code was written to that location and loaded. *Note: This issue only affects Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 66.

Published: April 26, 2019; 01:29:02 PM -04:00
V3: 7.4 HIGH
V2: 5.8 MEDIUM
CVE-2018-12400

In private browsing mode on Firefox for Android, favicons are cached in the cache/icons folder as they are in non-private mode. This allows information leakage of sites visited during private browsing sessions. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63.

Published: February 28, 2019; 01:29:01 PM -05:00
V3: 5.3 MEDIUM
V2: 5.0 MEDIUM
CVE-2018-12391

During HTTP Live Stream playback on Firefox for Android, audio data can be accessed across origins in violation of security policies. Because the problem is in the underlying Android service, this issue is addressed by treating all HLS streams as cross-origin and opaque to access. *Note: this issue only affects Firefox for Android. Desktop versions of Firefox are unaffected.*. This vulnerability affects Firefox < 63, Firefox ESR < 60.3, and Thunderbird < 60.3.

Published: February 28, 2019; 01:29:00 PM -05:00
V3: 8.8 HIGH
V2: 9.3 HIGH
CVE-2019-2001

The permissions on /proc/iomem were world-readable. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-117422211.

Published: February 28, 2019; 12:29:01 PM -05:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2019-2000

In several functions of binder.c, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025789.

Published: February 28, 2019; 12:29:01 PM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2019-1999

In binder_alloc_free_page of binder_alloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-120025196.

Published: February 28, 2019; 12:29:00 PM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2019-5767

Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK.

Published: February 19, 2019; 12:29:01 PM -05:00
V3: 6.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-5765

An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent.

Published: February 19, 2019; 12:29:00 PM -05:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2019-5759

Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

Published: February 19, 2019; 12:29:00 PM -05:00
V3: 9.6 CRITICAL
V2: 6.8 MEDIUM
CVE-2018-6271

NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software delivers extra data with the buffer and does not properly validated the extra data, which may lead to denial of service or escalation of privileges. Android ID: A-80198474.

Published: February 13, 2019; 05:29:00 PM -05:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2018-6268

NVIDIA Tegra library contains a vulnerability in libnvmmlite_video.so, where referencing memory after it has been freed may lead to denial of service or possible escalation of privileges. Android ID: A-80433161.

Published: February 13, 2019; 05:29:00 PM -05:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2018-6267

NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software does not validate or incorrectly validates input that can affect the control flow or data flow of a program, which may lead to denial of service or escalation of privileges. Android ID: A-70857947.

Published: February 13, 2019; 05:29:00 PM -05:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2018-13893

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Out of bound mask range access caused by using possible old value of msg mask table count while copying masks to userspace.

Published: February 11, 2019; 10:29:00 AM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-13889

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Heap memory was accessed after it was freed

Published: February 11, 2019; 10:29:00 AM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2018-12014

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Null pointer dereference vulnerability may occur due to missing NULL assignment in NAT module of freed pointer.

Published: February 11, 2019; 10:29:00 AM -05:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2018-12011

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Uninitialized data for socket address leads to information exposure.

Published: February 11, 2019; 10:29:00 AM -05:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2018-12010

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Absence of length sanity check may lead to possible stack overflow resulting in memory corruption in trustzone region.

Published: February 11, 2019; 10:29:00 AM -05:00
V3: 7.8 HIGH
V2: 4.6 MEDIUM
CVE-2018-12006

In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Users with no extra privileges can potentially access leaked data due to uninitialized padding present in display function.

Published: February 11, 2019; 10:29:00 AM -05:00
V3: 5.5 MEDIUM
V2: 2.1 LOW