CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2019-14783 264 2019-08-08 2019-09-25
2.1
None Local Low Not required None Partial None
On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, FotaAgent allows a malicious application to create privileged files. The Samsung ID is SVE-2019-14764.
2 CVE-2019-9506 310 2019-08-14 2019-08-28
4.8
None Local Network Low Not required Partial Partial None
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing.
3 CVE-2019-9463 269 Bypass 2019-09-27 2019-10-03
4.4
None Local Medium Not required Partial Partial Partial
In Platform, there is a possible bypass of user interaction requirements due to background app interception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113584607
4 CVE-2019-9462 125 DoS 2019-09-27 2019-09-30
5.0
None Remote Low Not required None None Partial
In Bluetooth, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-91544774
5 CVE-2019-9461 200 +Info 2019-09-06 2019-09-09
7.8
None Remote Low Not required Complete None None
In the Android kernel in VPN routing there is a possible information disclosure. This could lead to remote information disclosure by an adjacent network attacker with no additional execution privileges needed. User interaction is not needed for exploitation.
6 CVE-2019-9460 787 2019-09-27 2019-10-02
4.6
None Local Low Not required Partial Partial Partial
In mediaserver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-62535446
7 CVE-2019-9459 120 Overflow 2019-09-27 2019-09-30
7.5
None Remote Low Not required Partial Partial Partial
In libttspico, there is a possible OOB write due to a heap buffer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-79593569
8 CVE-2019-9458 362 2019-09-06 2019-09-09
4.4
None Local Medium Not required Partial Partial Partial
In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
9 CVE-2019-9456 787 2019-09-06 2019-09-24
4.6
None Local Low Not required Partial Partial Partial
In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
10 CVE-2019-9455 200 +Info 2019-09-06 2019-09-09
2.1
None Local Low Not required Partial None None
In the Android kernel in the video driver there is a kernel pointer leak due to a WARN_ON statement. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
11 CVE-2019-9454 787 Mem. Corr. 2019-09-06 2019-09-09
4.6
None Local Low Not required Partial Partial Partial
In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
12 CVE-2019-9453 20 2019-09-06 2019-09-09
2.1
None Local Low Not required Partial None None
In the Android kernel in F2FS touch driver there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.
13 CVE-2019-9452 125 2019-09-06 2019-09-09
2.1
None Local Low Not required Partial None None
In the Android kernel in SEC_TS touch driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.
14 CVE-2019-9451 787 2019-09-06 2019-09-10
4.6
None Local Low Not required Partial Partial Partial
In the Android kernel in the touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
15 CVE-2019-9450 362 Mem. Corr. 2019-09-06 2019-09-10
4.4
None Local Medium Not required Partial Partial Partial
In the Android kernel in the FingerTipS touchscreen driver there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
16 CVE-2019-9449 125 2019-09-06 2019-09-09
2.1
None Local Low Not required Partial None None
In the Android kernel in FingerTipS touchscreen driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.
17 CVE-2019-9448 787 2019-09-06 2019-09-09
4.6
None Local Low Not required Partial Partial Partial
In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
18 CVE-2019-9447 416 2019-09-06 2019-09-09
4.6
None Local Low Not required Partial Partial Partial
In the Android kernel in the FingerTipS touchscreen driver there is a possible use-after-free due to improper locking. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
19 CVE-2019-9446 787 2019-09-06 2019-09-09
4.6
None Local Low Not required Partial Partial Partial
In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
20 CVE-2019-9445 125 2019-09-06 2019-09-09
2.1
None Local Low Not required Partial None None
In the Android kernel in F2FS driver there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.
21 CVE-2019-9444 200 +Info 2019-09-06 2019-09-09
2.1
None Local Low Not required Partial None None
In the Android kernel in sync debug fs driver there is a kernel pointer leak due to the usage of printf with %p. This could lead to local information disclosure with system execution privileges needed. User interaction is not needed for exploitation.
22 CVE-2019-9443 264 Bypass 2019-09-06 2019-09-09
4.6
None Local Low Not required Partial Partial Partial
In the Android kernel in the vl53L0 driver there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege due to a set_fs() call without restoring the previous limit with System execution privileges needed. User interaction is not needed for exploitation.
23 CVE-2019-9442 416 Mem. Corr. 2019-09-06 2019-09-09
4.6
None Local Low Not required Partial Partial Partial
In the Android kernel in the mnh driver there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation.
24 CVE-2019-9441 787 2019-09-06 2019-09-09
4.6
None Local Low Not required Partial Partial Partial
In the Android kernel in the mnh driver there is a possible out of bounds write due to improper input validation. This could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
25 CVE-2019-9440 610 2019-09-27 2019-10-04
2.1
None Local Low Not required Partial None None
In AOSP Email, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of the Email app's protected files with User execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-37637796
26 CVE-2019-9438 610 2019-09-27 2019-10-03
2.1
None Local Low Not required Partial None None
In the Package Manager service, there is a possible information disclosure due to a confused deputy. This could lead to local disclosure of information about installed packages for other users with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-77821568
27 CVE-2019-9436 264 Bypass 2019-09-06 2019-09-09
4.6
None Local Low Not required Partial Partial Partial
In the Android kernel in the bootloader there is a possible secure boot bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation.
28 CVE-2019-9435 125 2019-09-27 2019-09-30
2.1
None Local Low Not required Partial None None
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80146682
29 CVE-2019-9434 125 2019-09-27 2019-09-30
4.0
None Remote Low Single system Partial None None
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with heap information written to the log with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80432895
30 CVE-2019-9433 20 2019-09-27 2019-09-30
4.3
None Remote Medium Not required Partial None None
In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354
31 CVE-2019-9432 125 2019-09-27 2019-09-30
5.0
None Remote Low Not required Partial None None
In Bluetooth, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure in the Bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80546108
32 CVE-2019-9431 125 2019-09-27 2019-09-30
4.0
None Remote Low Single system Partial None None
In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with heap information written to the log with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109755179
33 CVE-2019-9430 476 DoS 2019-09-27 2019-09-30
5.0
None Remote Low Not required None None Partial
In Bluetooth, there is a possible null pointer dereference due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109838296
34 CVE-2019-9429 787 Mem. Corr. 2019-09-27 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
In profman, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110035108
35 CVE-2019-9428 200 +Info 2019-09-27 2019-10-02
4.3
None Remote Medium Not required Partial None None
In the Framework, it is possible to set up BROWSEABLE intents to take over certain URLs. This could lead to remote information disclosure of sensitive URLs with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110150807
36 CVE-2019-9427 416 2019-09-27 2019-10-01
2.1
None Local Low Not required Partial None None
In Bluetooth, there is a possible information disclosure due to a use after free. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110166350
37 CVE-2019-9426 787 2019-09-06 2019-09-09
4.6
None Local Low Not required Partial Partial Partial
In the Android kernel in Bluetooth there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
38 CVE-2019-9425 125 DoS 2019-09-27 2019-09-30
5.0
None Remote Low Not required None None Partial
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110846194
39 CVE-2019-9424 200 +Info 2019-09-27 2019-09-30
4.3
None Remote Medium Not required Partial None None
In the Screen Lock, there is a possible information disclosure due to an unusual root cause. In certain circumstances, the setting to hide the unlock pattern can be ignored. Product: AndroidVersions: Android-10Android ID: A-110941092
40 CVE-2019-9423 787 2019-09-27 2019-10-03
4.6
None Local Low Not required Partial Partial Partial
In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android ID: A-110986616
41 CVE-2019-9422 125 2019-09-27 2019-09-30
5.0
None Remote Low Not required Partial None None
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111214766
42 CVE-2019-9421 125 Overflow 2019-09-27 2019-10-02
1.9
None Local Medium Not required Partial None None
In libandroidfw, there is a possible OOB read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111215250
43 CVE-2019-9420 190 DoS Overflow 2019-09-27 2019-10-01
4.3
None Remote Medium Not required None None Partial
In libhevc, there is a possible out of bounds read due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111272481
44 CVE-2019-9419 125 2019-09-27 2019-09-30
5.0
None Remote Low Not required Partial None None
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111407544
45 CVE-2019-9418 400 DoS 2019-09-27 2019-09-30
7.1
None Remote Medium Not required None None Complete
In libstagefright, there is a possible resource exhaustion due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111450210
46 CVE-2019-9417 125 2019-09-27 2019-09-30
2.1
None Local Low Not required Partial None None
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111450079
47 CVE-2019-9416 1187 2019-09-27 2019-09-30
4.3
None Remote Medium Not required Partial None None
In libstagefright there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111804142
48 CVE-2019-9415 1187 2019-09-27 2019-09-30
4.3
None Remote Medium Not required Partial None None
In libstagefright there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111805098
49 CVE-2019-9414 20 2019-09-27 2019-10-02
4.3
None Remote Medium Not required Partial None None
In wpa_supplicant, there is a possible man in the middle vulnerability due to improper input validation of the basicConstraints field of intermediary certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111893041
50 CVE-2019-9413 125 2019-09-27 2019-09-30
5.0
None Remote Low Not required Partial None None
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111935831
Total number of vulnerabilities : 2563   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.