# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2019-2177 |
275 |
|
Exec Code Bypass |
2019-09-05 |
2019-09-06 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible device type confusion due to a permissions bypass. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. |
2 |
CVE-2019-2130 |
704 |
|
Exec Code |
2019-08-20 |
2019-08-26 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In CompilationJob::FinalizeJob of compiler.cc, there is a possible remote code execution due to type confusion. This could lead to escalation of privilege from a malicious proxy configuration with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-132073833. |
3 |
CVE-2019-2126 |
415 |
|
Exec Code |
2019-08-20 |
2019-08-22 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368. |
4 |
CVE-2019-2123 |
264 |
|
Exec Code |
2019-09-05 |
2019-09-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
In execTransact of Binder.java in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible local execution of arbitrary code in a privileged process due to a memory overwrite. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. |
5 |
CVE-2019-2109 |
787 |
|
Exec Code |
2019-07-08 |
2019-07-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
In MakeMPEG4VideoCodecSpecificData of AVIExtractor.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. Android ID: A-130651570. |
6 |
CVE-2019-2107 |
787 |
|
Exec Code |
2019-07-08 |
2019-07-15 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130024844. |
7 |
CVE-2019-2106 |
787 |
|
Exec Code |
2019-07-08 |
2019-07-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
In ihevcd_sao_shift_ctb of ihevcd_sao.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130023983. |
8 |
CVE-2019-2105 |
119 |
|
Exec Code Overflow Mem. Corr. |
2019-07-08 |
2019-07-09 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In FileInputStream::Read of file_input_stream.cc, there is a possible memory corruption due to uninitialized data. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-116114182. |
9 |
CVE-2019-2097 |
704 |
|
Exec Code Mem. Corr. |
2019-06-07 |
2019-06-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In HAliasAnalyzer.Query of hydrogen-alias-analysis.h, there is possible memory corruption due to type confusion. This could lead to remote code execution from a malicious proxy configuration, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-117606285. |
10 |
CVE-2019-2094 |
787 |
|
Exec Code |
2019-06-07 |
2019-06-11 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
In parseMPEGCCData of NuPlayerCCDecoder.cpp, there is a possible out of bounds write due to missing bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-129068792. |
11 |
CVE-2019-2047 |
787 |
|
Exec Code |
2019-05-08 |
2019-05-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In UpdateLoadElement of ic.cc, there is a possible out-of-bounds write due to type confusion. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-117607414 |
12 |
CVE-2019-2046 |
190 |
|
Exec Code Overflow Mem. Corr. |
2019-05-08 |
2019-05-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In CalculateInstanceSizeForDerivedClass of objects.cc, there is possible memory corruption due to an integer overflow. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-117556220 |
13 |
CVE-2019-2045 |
787 |
|
Exec Code |
2019-05-08 |
2019-05-09 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In JSCallTyper of typer.cc, there is an out of bounds write due to an incorrect bounds check. This could lead to remote code execution in the proxy auto-config with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.1 Android-9 Android ID: A-117554758 |
14 |
CVE-2019-2044 |
787 |
|
Exec Code |
2019-05-08 |
2019-05-09 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
In MakeMP>G4VideoCodecSpecificData of APacketSource.cpp, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-123701862 |
15 |
CVE-2019-2029 |
416 |
|
Exec Code Mem. Corr. |
2019-04-19 |
2019-04-22 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
In btm_proc_smp_cback of tm_ble.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-120612744. |
16 |
CVE-2019-2028 |
20 |
|
Exec Code |
2019-04-19 |
2019-04-22 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
In numerous hand-crafted functions in libmpeg2, NEON registers are not preserved. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-120644655. |
17 |
CVE-2019-2027 |
787 |
|
Exec Code |
2019-04-19 |
2019-04-22 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
In floor0_inverse1 of floor0.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-119120561. |
18 |
CVE-2019-2009 |
787 |
|
Exec Code |
2019-06-19 |
2019-06-20 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-120665616 |
19 |
CVE-2019-2003 |
264 |
|
Exec Code |
2019-06-19 |
2019-06-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
In addLinks of Linkify.java, there is a possible phishing vector due to an unusual root cause. This could lead to remote code execution or misdirection of clicks with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-116321860 |
20 |
CVE-2019-1990 |
787 |
|
Exec Code |
2019-06-19 |
2019-06-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
In ihevcd_fmt_conv_420sp_to_420p of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-118453553 |
21 |
CVE-2019-1989 |
787 |
|
Exec Code |
2019-06-19 |
2019-06-20 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
In ih264d_fmt_conv_420sp_to_420p of ih264d_format_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-118399205 |