Search Results (Refine Search)
- Keyword (text search): android
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2019-2229 |
In updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139803872 Published: December 06, 2019; 6:15:12 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
CVE-2019-2228 |
In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196 Published: December 06, 2019; 6:15:12 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2019-2227 |
In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-140768453 Published: December 06, 2019; 6:15:12 PM -0500 |
V4.0:(not available) V3.1: 6.5 MEDIUM V2.0: 3.3 LOW |
CVE-2019-2226 |
In device_class_to_int of device_class.cc, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140152619 Published: December 06, 2019; 6:15:12 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2019-2225 |
When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-110433804 Published: December 06, 2019; 6:15:12 PM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 5.8 MEDIUM |
CVE-2019-2223 |
In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140692129 Published: December 06, 2019; 6:15:12 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-2222 |
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140322595 Published: December 06, 2019; 6:15:12 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-2221 |
In hasActivityInVisibleTask of WindowProcessController.java there’s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138583650 Published: December 06, 2019; 6:15:12 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
CVE-2019-2220 |
In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-138636979 Published: December 06, 2019; 6:15:12 PM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.9 MEDIUM |
CVE-2019-2219 |
In several functions of NotificationManagerService.java and related files, there is a possible way to record audio from the background without notification to the user due to a permission bypass. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-119041698 Published: December 06, 2019; 6:15:11 PM -0500 |
V4.0:(not available) V3.1: 4.7 MEDIUM V2.0: 4.7 MEDIUM |
CVE-2019-2218 |
In createSessionInternal of PackageInstallerService.java, there is a possible improper permission grant due to a missing permission check. This could lead to local escalation of privilege by installing malicious packages with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0, Android-8.1, Android-9, and Android-10 Android ID: A-141169173 Published: December 06, 2019; 6:15:11 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2019-2217 |
In setCpuVulkanInUse of GpuStats.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141003796 Published: December 06, 2019; 6:15:11 PM -0500 |
V4.0:(not available) V3.1: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2019-11554 |
The Audible application through 2.34.0 for Android has Missing SSL Certificate Validation for Adobe SDKs, allowing MITM attackers to cause a denial of service. Published: December 06, 2019; 11:15:10 AM -0500 |
V4.0:(not available) V3.1: 5.9 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-19464 |
The CBC Gem application before 9.24.1 for Android and before 9.26.0 for iOS has Unencrypted Analytics. Published: November 29, 2019; 9:15:10 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2019-19463 |
The Anhui Huami Mi Fit application before 4.0.11 for Android has an Unencrypted Update Check. Published: November 29, 2019; 9:15:10 PM -0500 |
V4.0:(not available) V3.1: 5.3 MEDIUM V2.0: 5.0 MEDIUM |
CVE-2019-16241 |
On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can be bypassed by creating a special file within the /data/local/tmp/ directory. The System application that implements the lock screen checks for the existence of a specific file and disables PIN authentication if it exists. This file would typically be created via Android Debug Bridge (adb) over USB. Published: November 26, 2019; 11:15:12 AM -0500 |
V4.0:(not available) V3.1: 6.8 MEDIUM V2.0: 4.6 MEDIUM |
CVE-2019-15629 |
Trend Micro Password Manager versions 3.x, 5.0, and 5.1 for Android is affected by a FLAG_MISUSE vulnerability that could be exploited to allow the application to share information to third-party applications on the device. Published: November 25, 2019; 4:15:11 PM -0500 |
V4.0:(not available) V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2019-5876 |
Use after free in media in Google Chrome on Android prior to 77.0.3865.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Published: November 25, 2019; 10:15:37 AM -0500 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-13707 |
Insufficient validation of untrusted input in intents in Google Chrome on Android prior to 78.0.3904.70 allowed a local attacker to leak files via a crafted application. Published: November 25, 2019; 10:15:33 AM -0500 |
V4.0:(not available) V3.1: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-13703 |
Insufficient policy enforcement in the Omnibox in Google Chrome on Android prior to 78.0.3904.70 allowed a remote attacker to spoof the contents of the Omnibox (URL bar) via a crafted HTML page. Published: November 25, 2019; 10:15:32 AM -0500 |
V4.0:(not available) V3.1: 4.3 MEDIUM V2.0: 4.3 MEDIUM |