Information Technology Laboratory
National Vulnerability Database
National Vulnerability Database
NVD
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2019-9268 |
In libstagefright, there is a possible use-after-free due to improper locking. This could lead to local escalation of privilege in the media server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-77474014 Published: September 27, 2019; 3:15:18 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
| CVE-2019-9266 |
In sensorservice, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-119501435 Published: September 27, 2019; 3:15:18 PM -0400 |
V3.1: 6.7 MEDIUM V2.0: 7.2 HIGH |
| CVE-2019-9265 |
In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-37994606 Published: September 27, 2019; 3:15:18 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2019-9264 |
In libxaac there is a possible out of bounds read due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116774502 Published: September 27, 2019; 3:15:18 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-9263 |
In telephony, there is a possible bypass of user interaction requirements due to missing permission checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73136824 Published: September 27, 2019; 3:15:18 PM -0400 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
| CVE-2019-9262 |
In MPEG4Extractor, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution in the media extractor with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111792351 Published: September 27, 2019; 3:15:18 PM -0400 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2019-9261 |
In libxaac there is a possible out of bounds read due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-116774214 Published: September 27, 2019; 3:15:18 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-9260 |
In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113495295 Published: September 27, 2019; 3:15:18 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2019-9259 |
In the Bluetooth stack, there is a possible out of bounds write due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113575306 Published: September 27, 2019; 3:15:18 PM -0400 |
V3.1: 6.7 MEDIUM V2.0: 7.2 HIGH |
| CVE-2019-9258 |
In wifilogd, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113655028 Published: September 27, 2019; 3:15:18 PM -0400 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
| CVE-2019-9257 |
In Bluetooth, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113572342 Published: September 27, 2019; 3:15:18 PM -0400 |
V3.1: 7.8 HIGH V2.0: 4.6 MEDIUM |
| CVE-2019-9256 |
In libmediaextractor there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111921829 Published: September 27, 2019; 3:15:18 PM -0400 |
V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
| CVE-2019-9253 |
In KeyStore, there is a possible storage of symmetric keys in the TEE instead of the strongbox due to a missing strongbox flag. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109769728 Published: September 27, 2019; 3:15:18 PM -0400 |
V3.1: 4.4 MEDIUM V2.0: 4.9 MEDIUM |
| CVE-2019-9252 |
In libavc there is a possible out of bounds read due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-73339042 Published: September 27, 2019; 3:15:18 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-9251 |
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120274615 Published: September 27, 2019; 3:15:18 PM -0400 |
V3.1: 5.0 MEDIUM V2.0: 1.9 LOW |
| CVE-2019-9250 |
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120276962 Published: September 27, 2019; 3:15:18 PM -0400 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
| CVE-2019-9249 |
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120255805 Published: September 27, 2019; 3:15:17 PM -0400 |
V3.1: 5.5 MEDIUM V2.0: 2.1 LOW |
| CVE-2019-9247 |
In AAC Codec, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120426166 Published: September 27, 2019; 3:15:17 PM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-9246 |
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120428637 Published: September 27, 2019; 3:15:17 PM -0400 |
V3.1: 5.0 MEDIUM V2.0: 1.9 LOW |
| CVE-2019-9244 |
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120865977 Published: September 27, 2019; 3:15:17 PM -0400 |
V3.1: 5.0 MEDIUM V2.0: 1.9 LOW |