Total
6434 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2014-7224 | 1 Google | 1 Android | 2020-02-12 | 9.0 HIGH | 8.8 HIGH |
A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicious user execute arbitrary code. | |||||
CVE-2015-1525 | 1 Google | 1 Android | 2020-01-28 | 4.3 MEDIUM | 5.5 MEDIUM |
audio/AudioPolicyManagerBase.cpp in Android before 5.1 allows attackers to cause a denial of service (audio_policy application outage) via a crafted application that provides a NULL device address. | |||||
CVE-2015-1530 | 1 Google | 1 Android | 2020-01-28 | 6.0 MEDIUM | 7.8 HIGH |
media/libmedia/IAudioPolicyService.cpp in Android before 5.1 allows attackers to execute arbitrary code with media_server privileges or cause a denial of service (integer overflow) via a crafted application that provides an invalid array size. | |||||
CVE-2013-6792 | 1 Google | 1 Android | 2020-01-27 | 7.5 HIGH | 9.8 CRITICAL |
Google Android prior to 4.4 has an APK Signature Security Bypass Vulnerability | |||||
CVE-2014-9908 | 1 Google | 1 Android | 2020-01-13 | 3.3 LOW | 6.5 MEDIUM |
A Denial of Service vulnerability exists in Google Android 4.4.4, 5.0.2, and 5.1.1, which allows malicious users to block Bluetooh access (Android Bug ID A-28672558). | |||||
CVE-2016-5346 | 1 Google | 3 Android, Pixel, Pixel Xl | 2020-01-12 | 2.1 LOW | 5.5 MEDIUM |
An Information Disclosure vulnerability exists in the Google Pixel/Pixel SL Qualcomm Avtimer Driver due to a NULL pointer dereference when processing an accept system call by the user process on AF_MSM_IPC sockets, which could let a local malicious user obtain sensitive information (Android Bug ID A-32551280). | |||||
CVE-2019-9471 | 1 Google | 1 Android | 2020-01-09 | 4.6 MEDIUM | 6.7 MEDIUM |
In set_outbound_iatu of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-144168326 | |||||
CVE-2019-9470 | 1 Google | 1 Android | 2020-01-09 | 4.6 MEDIUM | 6.7 MEDIUM |
In dma_sblk_start of abc-pcie.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-144167528 | |||||
CVE-2019-2204 | 1 Google | 1 Android | 2020-01-08 | 10.0 HIGH | 9.8 CRITICAL |
In FindSharedFunctionInfo of objects.cc, there is a possible out of bounds read due to a mistake in AST traversal. This could lead to remote code execution in the pacprocessor with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.1, Android-9 Android ID: A-138442295 | |||||
CVE-2019-19690 | 2 Google, Trendmicro | 2 Android, Mobile Security | 2019-12-28 | 7.5 HIGH | 9.8 CRITICAL |
Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature. | |||||
CVE-2019-8792 | 2 Apple, Google | 3 Iphone Os, Shazam, Android | 2019-12-23 | 6.8 MEDIUM | 8.8 HIGH |
An injection issue was addressed with improved validation. This issue is fixed in Shazam Android App Version 9.25.0, Shazam iOS App Version 12.11.0. Processing a maliciously crafted URL may lead to arbitrary javascript code execution. | |||||
CVE-2019-2228 | 1 Google | 1 Android | 2019-12-22 | 4.9 MEDIUM | 5.5 MEDIUM |
In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196 | |||||
CVE-2019-19464 | 3 Apple, Cbc, Google | 3 Iphone Os, Gem, Android | 2019-12-09 | 5.0 MEDIUM | 5.3 MEDIUM |
The CBC Gem application before 9.24.1 for Android and before 9.26.0 for iOS has Unencrypted Analytics. | |||||
CVE-2019-9464 | 1 Google | 1 Android | 2019-12-09 | 4.3 MEDIUM | 5.5 MEDIUM |
In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141028068 | |||||
CVE-2019-2230 | 1 Google | 1 Android | 2019-12-09 | 5.0 MEDIUM | 7.5 HIGH |
In nfcManager_routeAid and nfcManager_unrouteAid of NativeNfcManager.cpp, there is possible memory reuse due to a use after free. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-141170038 | |||||
CVE-2019-2227 | 1 Google | 1 Android | 2019-12-09 | 3.3 LOW | 6.5 MEDIUM |
In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-140768453 | |||||
CVE-2019-2225 | 1 Google | 1 Android | 2019-12-09 | 5.8 MEDIUM | 8.8 HIGH |
When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-110433804 | |||||
CVE-2019-2222 | 1 Google | 1 Android | 2019-12-09 | 6.8 MEDIUM | 7.8 HIGH |
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140322595 | |||||
CVE-2019-2223 | 1 Google | 1 Android | 2019-12-09 | 6.8 MEDIUM | 7.8 HIGH |
In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140692129 | |||||
CVE-2019-2226 | 1 Google | 1 Android | 2019-12-09 | 4.9 MEDIUM | 5.5 MEDIUM |
In device_class_to_int of device_class.cc, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140152619 |