CVE-2019-2215

Known exploited
Public exploit
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095
Max CVSS
7.8
EPSS Score
0.30%
Published
2019-10-11
Updated
2019-10-18
CISA KEV Added
2021-11-03

CVE-2017-13156

Public exploit
An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847.
Max CVSS
7.8
EPSS Score
0.10%
Published
2017-12-06
Updated
2019-11-07

CVE-2015-3864

Public exploit
Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3824.
Max CVSS
10.0
EPSS Score
97.18%
Published
2015-10-01
Updated
2017-09-16

CVE-2015-3105

Public exploit
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
Max CVSS
10.0
EPSS Score
97.33%
Published
2015-06-10
Updated
2016-12-31

CVE-2013-4710

Public exploit
Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary methods of Java objects or cause a denial of service (reboot) via a crafted web page, as demonstrated by use of the WebView.addJavascriptInterface method, a related issue to CVE-2012-6636.
Max CVSS
9.3
EPSS Score
3.58%
Published
2014-03-03
Updated
2014-03-10

CVE-2012-6301

Public exploit
The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element.
Max CVSS
5.0
EPSS Score
6.04%
Published
2012-12-10
Updated
2012-12-11

CVE-2010-4804

Public exploit
The Android browser in Android before 2.3.4 allows remote attackers to obtain SD card contents via crafted content:// URIs, related to (1) BrowserActivity.java and (2) BrowserSettings.java in com/android/browser/.
Max CVSS
4.3
EPSS Score
9.74%
Published
2011-06-09
Updated
2011-10-27
In wipe_ns_memory of nsmemwipe.c, there is a possible incorrect size calculation due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-11
Updated
2024-03-12
In aoc_unlocked_ioctl of aoc.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-11
Updated
2024-03-12
In plugin_extern_func of , there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-11
Updated
2024-03-15
In fvp_set_target of fvp.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-11
Updated
2024-03-12
In ppcfw_init_secpolicy of ppcfw.c, there is a possible permission bypass due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-11
Updated
2024-03-12
In ProtocolPsKeepAliveStatusAdapter::getCode() of protocolpsadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with baseband firmware compromise required. User interaction is not needed for exploitation.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-11
Updated
2024-03-12
In ss_SendCallBarringPwdRequiredIndMsg of ss_CallBarring.c, there is a possible null pointer deref due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-11
Updated
2024-03-12
there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-11
Updated
2024-03-15
A malicious DNS response can trigger a number of OOB reads, writes, and other memory issues
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-11
Updated
2024-03-15
In tmu_config_gov_params of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-11
Updated
2024-03-15
In sendHciCommand of bluetooth_hci.cc, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-11
Updated
2024-03-12
In strncpy of strncpy.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-11
Updated
2024-03-12
In EUTRAN_LCS_DecodeFacilityInformationElement of LPP_LcsManagement.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure after authenticating the cell connection with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-11
Updated
2024-03-12
In onSkipButtonClick of FaceEnrollFoldPage.java, there is a possible way to access the file the app cannot access due to Intent Redirect GRANT_URI_PERMISSIONS Attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-11
Updated
2024-03-12
In update_policy_data of , there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-11
Updated
2024-03-15
In lpm_req_handler of , there is a possible out of bounds memory access due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-11
Updated
2024-03-15
In tmu_set_pi of tmu.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-11
Updated
2024-03-12
In update_freq_data of , there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
Max CVSS
N/A
EPSS Score
0.04%
Published
2024-03-11
Updated
2024-03-15
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!