CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2019-2193
https://notcve.org/view.php?id=CVE-2019-2193
13 Nov 2019 — In WelcomeActivity.java and related files, there is a possible permissions bypass due to a partially provisioned Device Policy Client. This could lead to local escalation of privilege, leaving an Admin app installed with no indication to the user, with User execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-132261064 En el archivo WelcomeActivity.java y archivos relacionados, hay una posible omisión... • https://source.android.com/security/bulletin/2019-11-01 • CWE-269: Improper Privilege Management •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-2187
https://notcve.org/view.php?id=CVE-2019-2187
11 Oct 2019 — In nfc_ncif_decode_rf_params of nfc_ncif.cc, there is a possible out of bounds read due to an integer underflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-124940143 En la función nfc_ncif_decode_rf_params del archivo nfc_ncif.cc, se presenta una posible lectura fuera de límites debido a un desbord... • https://source.android.com/security/bulletin/2019-10-01 • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-2114
https://notcve.org/view.php?id=CVE-2019-2114
11 Oct 2019 — In the default privileges of NFC, there is a possible local bypass of user interaction requirements on package installation due to a default permission. This could lead to local escalation of privilege by installing an application with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9Android ID: A-123700348 En los privilegios predeterminados de NFC, se presenta una posible omisión local de los requisitos de inte... • https://source.android.com/security/bulletin/2019-10-01 • CWE-276: Incorrect Default Permissions •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-2186
https://notcve.org/view.php?id=CVE-2019-2186
11 Oct 2019 — In GetMBheader of combined_decode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-136175447 En la función GetMBheader del archivo combine_decode.cpp, se presenta una posible escritura fuera de límites debido a una falta de comprobación de ... • https://source.android.com/security/bulletin/2019-10-01 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-2185
https://notcve.org/view.php?id=CVE-2019-2185
11 Oct 2019 — In VlcDequantH263IntraBlock_SH of vlc_dequant.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-136173699 En la función VlcDequantH263IntraBlock_SH del archivo vlc_dequant.cpp, se presenta una posible escritura fuera de límites debido a una ... • https://source.android.com/security/bulletin/2019-10-01 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2019-2184
https://notcve.org/view.php?id=CVE-2019-2184
11 Oct 2019 — In PV_DecodePredictedIntraDC of dec_pred_intra_dc.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-134578122 En la función PV_DecodePredictedIntraDC del archivo dec_pred_intra_dc.cpp, se presenta una posible escritura fuera de límites debido a una fal... • https://source.android.com/security/bulletin/2019-10-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-2173
https://notcve.org/view.php?id=CVE-2019-2173
11 Oct 2019 — In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-123013720 En la función startActivityMayWait del archivo ActivityStarter.java, se presenta un posible Inicio de Actividad incorrecto ... • https://source.android.com/security/bulletin/2019-10-01 • CWE-276: Incorrect Default Permissions •
CVSS: 10.0EPSS: 48%CPEs: 159EXPL: 30CVE-2019-2215 – Android Kernel Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2019-2215
04 Oct 2019 — A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local application or a separate vulnerability in a network facing application.Product: AndroidAndroid ID: A-141720095 Un uso de la memoria previamente liberada en el archivo binder.c, permite una elevación de privilegios desde una aplicación en el kernel de Linux. No es re... • https://packetstorm.news/files/id/156495 • CWE-416: Use After Free •
CVSS: 6.5EPSS: 1%CPEs: 11EXPL: 0CVE-2019-9433 – libvpx: Use-after-free in vp8_deblock() in vp8/common/postproc.c
https://notcve.org/view.php?id=CVE-2019-9433
27 Sep 2019 — In libvpx, there is a possible information disclosure due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-80479354 En libvpx, se presenta una posible divulgación de información debido a una comprobación de entrada inapropiada. Esto podría conllevar a una divulgación de información remota sin ser necesarios privilegios de ejecución adici... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-9376
https://notcve.org/view.php?id=CVE-2019-9376
27 Sep 2019 — In Account of Account.java, there is a possible boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Android; Versions: Android-9, Android-8.0, Android-8.1; Android ID: A-129287265. En el paquete Accounts, se presenta un posible bloqueo debido a una comprobación de entrada inapropiada. Esto podría conllevar a una denegación de servicio local permanente sin ser necesarios... • https://source.android.com/security/bulletin/2021-01-01 • CWE-834: Excessive Iteration •