| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2019-9506 |
310 |
|
|
2019-08-14 |
2019-08-28 |
4.8 |
None |
Local Network |
Low |
Not required |
Partial |
Partial |
None |
|
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. |
|
2 |
CVE-2019-9463 |
269 |
|
Bypass |
2019-09-27 |
2019-10-03 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In Platform, there is a possible bypass of user interaction requirements due to background app interception. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113584607 |
|
3 |
CVE-2019-9460 |
787 |
|
|
2019-09-27 |
2019-10-02 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In mediaserver, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-62535446 |
|
4 |
CVE-2019-9458 |
362 |
|
|
2019-09-06 |
2019-09-09 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In the Android kernel in the video driver there is a use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
|
5 |
CVE-2019-9456 |
787 |
|
|
2019-09-06 |
2019-09-24 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
|
6 |
CVE-2019-9454 |
787 |
|
Mem. Corr. |
2019-09-06 |
2019-09-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the Android kernel in i2c driver there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
|
7 |
CVE-2019-9451 |
787 |
|
|
2019-09-06 |
2019-09-10 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the Android kernel in the touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
|
8 |
CVE-2019-9450 |
362 |
|
Mem. Corr. |
2019-09-06 |
2019-09-10 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In the Android kernel in the FingerTipS touchscreen driver there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
|
9 |
CVE-2019-9448 |
787 |
|
|
2019-09-06 |
2019-09-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to a missing bounds check. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
|
10 |
CVE-2019-9447 |
416 |
|
|
2019-09-06 |
2019-09-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the Android kernel in the FingerTipS touchscreen driver there is a possible use-after-free due to improper locking. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
|
11 |
CVE-2019-9446 |
787 |
|
|
2019-09-06 |
2019-09-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the Android kernel in the FingerTipS touchscreen driver there is a possible out of bounds write due to improper input validation. This could lead to a local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
|
12 |
CVE-2019-9443 |
264 |
|
Bypass |
2019-09-06 |
2019-09-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the Android kernel in the vl53L0 driver there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege due to a set_fs() call without restoring the previous limit with System execution privileges needed. User interaction is not needed for exploitation. |
|
13 |
CVE-2019-9442 |
416 |
|
Mem. Corr. |
2019-09-06 |
2019-09-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the Android kernel in the mnh driver there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with System privileges required. User interaction is not needed for exploitation. |
|
14 |
CVE-2019-9441 |
787 |
|
|
2019-09-06 |
2019-09-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the Android kernel in the mnh driver there is a possible out of bounds write due to improper input validation. This could lead to escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
|
15 |
CVE-2019-9436 |
264 |
|
Bypass |
2019-09-06 |
2019-09-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the Android kernel in the bootloader there is a possible secure boot bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. |
|
16 |
CVE-2019-9434 |
125 |
|
|
2019-09-27 |
2019-09-30 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
In Bluetooth, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with heap information written to the log with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80432895 |
|
17 |
CVE-2019-9433 |
20 |
|
|
2019-09-27 |
2019-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354 |
|
18 |
CVE-2019-9431 |
125 |
|
|
2019-09-27 |
2019-09-30 |
4.0 |
None |
Remote |
Low |
Single system |
Partial |
None |
None |
|
In Bluetooth, there is a possible out of bounds read due to a use after free. This could lead to remote information disclosure with heap information written to the log with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-109755179 |
|
19 |
CVE-2019-9429 |
787 |
|
Mem. Corr. |
2019-09-27 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In profman, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110035108 |
|
20 |
CVE-2019-9428 |
200 |
|
+Info |
2019-09-27 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In the Framework, it is possible to set up BROWSEABLE intents to take over certain URLs. This could lead to remote information disclosure of sensitive URLs with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-110150807 |
|
21 |
CVE-2019-9426 |
787 |
|
|
2019-09-06 |
2019-09-09 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the Android kernel in Bluetooth there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. |
|
22 |
CVE-2019-9424 |
200 |
|
+Info |
2019-09-27 |
2019-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In the Screen Lock, there is a possible information disclosure due to an unusual root cause. In certain circumstances, the setting to hide the unlock pattern can be ignored. Product: AndroidVersions: Android-10Android ID: A-110941092 |
|
23 |
CVE-2019-9423 |
787 |
|
|
2019-09-27 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for exploitation. Product: AndroidVersions: Android-10Android ID: A-110986616 |
|
24 |
CVE-2019-9420 |
190 |
|
DoS Overflow |
2019-09-27 |
2019-10-01 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
In libhevc, there is a possible out of bounds read due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111272481 |
|
25 |
CVE-2019-9416 |
1187 |
|
|
2019-09-27 |
2019-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In libstagefright there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111804142 |
|
26 |
CVE-2019-9415 |
1187 |
|
|
2019-09-27 |
2019-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In libstagefright there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111805098 |
|
27 |
CVE-2019-9414 |
20 |
|
|
2019-09-27 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In wpa_supplicant, there is a possible man in the middle vulnerability due to improper input validation of the basicConstraints field of intermediary certificates. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111893041 |
|
28 |
CVE-2019-9412 |
125 |
|
|
2019-09-27 |
2019-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In libSBRdec there is a possible out of bounds read due to incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112006096 |
|
29 |
CVE-2019-9411 |
1187 |
|
|
2019-09-27 |
2019-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112204845 |
|
30 |
CVE-2019-9410 |
1187 |
|
|
2019-09-27 |
2019-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112204443 |
|
31 |
CVE-2019-9409 |
1187 |
|
|
2019-09-27 |
2019-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In libhevc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112272091 |
|
32 |
CVE-2019-9408 |
1187 |
|
|
2019-09-27 |
2019-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112380157 |
|
33 |
CVE-2019-9407 |
732 |
|
Bypass |
2019-09-27 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In notification management of the service manager, there is a possible permissions bypass. This could lead to local escalation of privilege by preventing user notification, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112434609 |
|
34 |
CVE-2019-9406 |
1187 |
|
|
2019-09-27 |
2019-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In libhevc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112552517 |
|
35 |
CVE-2019-9403 |
125 |
|
|
2019-09-27 |
2019-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In cn-cbor, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-113512324 |
|
36 |
CVE-2019-9399 |
326 |
|
|
2019-09-27 |
2019-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
The Print Service is susceptible to man in the middle attacks due to improperly used crypto. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-115635664 |
|
37 |
CVE-2019-9391 |
1187 |
|
|
2019-09-27 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In libxaac, there is a possible out of bounds read due to uninitialized data. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111050781 |
|
38 |
CVE-2019-9385 |
125 |
|
|
2019-09-27 |
2019-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In libxaac, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120452956 |
|
39 |
CVE-2019-9380 |
862 |
|
|
2019-09-27 |
2019-10-02 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In the settings UI, there is a possible spoofing vulnerability due to a missing permission check. This could lead to a user mistakenly changing permission settings with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-123700098 |
|
40 |
CVE-2019-9378 |
732 |
|
Bypass |
2019-09-27 |
2019-10-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the Activity Manager service, there is a possible permission bypass due to incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-124539196 |
|
41 |
CVE-2019-9376 |
20 |
|
DoS |
2019-09-27 |
2019-10-04 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
In the Accounts package, there is a possible crash due to improper input validation. This could lead to permanent local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129287265 |
|
42 |
CVE-2019-9374 |
732 |
|
Bypass |
2019-09-27 |
2019-10-04 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In CompanionDeviceManager, there is a possible bypass of user interaction requirements due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-129476618 |
|
43 |
CVE-2019-9370 |
125 |
|
|
2019-09-27 |
2019-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In sonivox, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-133880046 |
|
44 |
CVE-2019-9366 |
125 |
|
|
2019-09-27 |
2019-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In libSBRdec there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112052062 |
|
45 |
CVE-2019-9362 |
125 |
|
|
2019-09-27 |
2019-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In libSACdec, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120426980 |
|
46 |
CVE-2019-9361 |
1187 |
|
|
2019-09-27 |
2019-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111762807 |
|
47 |
CVE-2019-9360 |
125 |
|
|
2019-09-27 |
2019-10-02 |
4.9 |
None |
Local |
Low |
Not required |
Complete |
None |
None |
|
In the TEE, there's a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120610663 |
|
48 |
CVE-2019-9359 |
1187 |
|
|
2019-09-27 |
2019-09-30 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In libavc there is a possible information disclosure due to uninitialized data. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-111407302 |
|
49 |
CVE-2019-9358 |
787 |
|
|
2019-09-27 |
2019-10-02 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to a to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-120156401 |
|
50 |
CVE-2019-9354 |
125 |
|
|
2019-09-27 |
2019-10-01 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
In NFC server, there's a possible out of bounds read due to a missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-118148142 |
