CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-2222
https://notcve.org/view.php?id=CVE-2019-2222
06 Dec 2019 — n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140322595 En la función ihevcd_parse_slice_data del archivo ihevcd_parse_slice.c, se presenta una posible escritura fuera de límites debido a una falta de comprobación de lí... • https://source.android.com/security/bulletin/2019-12-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-2223
https://notcve.org/view.php?id=CVE-2019-2223
06 Dec 2019 — In ihevcd_ref_list of ihevcd_ref_list.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140692129 En la función ihevcd_ref_list del archivo ihevcd_ref_list.c, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. Esto podría co... • https://source.android.com/security/bulletin/2019-12-01 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-2225
https://notcve.org/view.php?id=CVE-2019-2225
06 Dec 2019 — When pairing with a Bluetooth device, it may be possible to pair a malicious device without any confirmation from the user, and that device may be able to interact with the phone. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-110433804 Cuando se empareja con un dispositivo Bluetooth, es posible emparejar un dispositivo malicio... • https://source.android.com/security/bulletin/2019-12-01 • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-2226
https://notcve.org/view.php?id=CVE-2019-2226
06 Dec 2019 — In device_class_to_int of device_class.cc, there is a possible out of bounds read due to improper casting. This could lead to local information disclosure in the Bluetooth server with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140152619 En la función device_class_to_int del archivo device_class.cc, se presenta una posible lectura fuera de límites debido a una conversión inapropiada. Est... • https://source.android.com/security/bulletin/2019-12-01 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-2228 – Ubuntu Security Notice USN-4340-1
https://notcve.org/view.php?id=CVE-2019-2228
06 Dec 2019 — In array_find of array.c, there is a possible out-of-bounds read due to an incorrect bounds check. This could lead to local information disclosure in the printer spooler with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-111210196 En la función array_find del archivo array.c, se presenta una posible lectura fuera de límites debido a una comprobación de límites incorrecta. Esto pod... • https://lists.debian.org/debian-lts-announce/2019/12/msg00030.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2019-2229
https://notcve.org/view.php?id=CVE-2019-2229
06 Dec 2019 — In updateWidget of BaseWidgetProvider.java, there is a possible leak of user data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-139803872 En la función updateWidget del archivo BaseWidgetProvider.java, se presenta un posible filtrado de datos del usuario debido a una falta de comprobación de pe... • https://source.android.com/security/bulletin/2019-12-01 • CWE-862: Missing Authorization •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-2232
https://notcve.org/view.php?id=CVE-2019-2232
06 Dec 2019 — In handleRun of TextLine.java, there is a possible application crash due to improper input validation. This could lead to remote denial of service when processing Unicode with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-140632678 En la función handleRun del archivo TextLine.java, se presenta un posible bloqueo de la aplicación debido a una comprobación de entrada inapropiada. Es... • https://source.android.com/security/bulletin/2019-12-01 • CWE-20: Improper Input Validation CWE-682: Incorrect Calculation •
CVSS: 10.0EPSS: 0%CPEs: 4EXPL: 0CVE-2019-2036
https://notcve.org/view.php?id=CVE-2019-2036
13 Nov 2019 — In okToConnect of HidHostService.java, there is a possible permission bypass due to an incorrect state check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-79703832 En la función okToConnect del archivo HidHostService.java, se presenta una posible omisión de permisos debido a una comprobación de estado incorrecta. Esto podría ... • https://source.android.com/security/bulletin/2019-11-01 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2019-2198
https://notcve.org/view.php?id=CVE-2019-2198
13 Nov 2019 — In Download Provider, there is a possible SQL injection vulnerability. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135270103 En Download Provider, hay una posible vulnerabilidad de inyección SQL. Esto podría conllevar a una divulgación de información local sin ser necesarios privilegios de ejecución adicionales. No es requerid... • https://github.com/IOActive/AOSP-DownloadProviderDbDumperSQLiWhere • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2019-2196
https://notcve.org/view.php?id=CVE-2019-2196
13 Nov 2019 — In Download Provider, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-135269143 En Download Provider, hay una posible inyección SQL. Esto podría conllevar a una divulgación de información local sin ser necesarios privilegios de ejecución adicionales. No es requerida una interacción del usuario para... • https://github.com/IOActive/AOSP-DownloadProviderDbDumperSQLiLimit • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •