U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 1,158 matching records.
Displaying matches 121 through 140.
Vuln ID Summary CVSS Severity
CVE-2019-9468

In export_key_der of export_key.cpp, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-10 Android ID: A-139683471

Published: January 06, 2020; 1:15:23 PM -0500
V3.1: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2019-2187

In nfc_ncif_decode_rf_params of nfc_ncif.cc, there is a possible out of bounds read due to an integer underflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-124940143

Published: October 11, 2019; 3:15:10 PM -0400
V3.1: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2019-2186

In GetMBheader of combined_decode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-136175447

Published: October 11, 2019; 3:15:10 PM -0400
V3.1: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2019-2185

In VlcDequantH263IntraBlock_SH of vlc_dequant.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-136173699

Published: October 11, 2019; 3:15:10 PM -0400
V3.1: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2019-2184

In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-134578122

Published: October 11, 2019; 3:15:10 PM -0400
V3.1: 8.8 HIGH
V2.0: 9.3 HIGH
CVE-2019-2173

In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-123013720

Published: October 11, 2019; 3:15:10 PM -0400
V3.1: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2019-2179

In NDEF_MsgValidate of ndef_utils in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.

Published: September 05, 2019; 6:15:12 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2019-2178

In rw_t4t_sm_read_ndef of rw_t4t in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC service with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: September 05, 2019; 6:15:12 PM -0400
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2019-2177

In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible device type confusion due to a permissions bypass. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.

Published: September 05, 2019; 6:15:12 PM -0400
V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2019-2174

In SensorManager::assertStateLocked of SensorManager.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: September 05, 2019; 6:15:11 PM -0400
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2019-2124

In ComposeActivityEmailExternal of ComposeActivityEmailExternal.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure.

Published: September 05, 2019; 6:15:11 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 2.1 LOW
CVE-2019-2123

In execTransact of Binder.java in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible local execution of arbitrary code in a privileged process due to a memory overwrite. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Published: September 05, 2019; 6:15:11 PM -0400
V3.0: 7.8 HIGH
V2.0: 4.6 MEDIUM
CVE-2019-2115

In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

Published: September 05, 2019; 6:15:11 PM -0400
V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2019-2136

In Status::readFromParcel of Status.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-132650049.

Published: August 20, 2019; 4:15:13 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.9 MEDIUM
CVE-2019-2135

In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-125900276.

Published: August 20, 2019; 4:15:13 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 7.1 HIGH
CVE-2019-2134

In phFriNfc_ExtnsTransceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-132083376.

Published: August 20, 2019; 4:15:12 PM -0400
V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2019-2133

In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-132082342.

Published: August 20, 2019; 4:15:12 PM -0400
V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2019-2132

It is possible to overlay the VPN dialog by a malicious application. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130568701.

Published: August 20, 2019; 4:15:12 PM -0400
V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2019-2131

An application with overlay permission can display overlays on top of settings UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-119115683.

Published: August 20, 2019; 4:15:12 PM -0400
V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2019-2130

In CompilationJob::FinalizeJob of compiler.cc, there is a possible remote code execution due to type confusion. This could lead to escalation of privilege from a malicious proxy configuration with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-132073833.

Published: August 20, 2019; 4:15:12 PM -0400
V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH