CVSS: 8.8EPSS: 4%CPEs: 12EXPL: 0CVE-2019-9278 – libexif: out of bounds write in exif-data.c
https://notcve.org/view.php?id=CVE-2019-9278
27 Sep 2019 — In libexif, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege in the media content provider with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112537774 En libexif, se presenta una posible escritura fuera de límites debido a un desbordamiento de enteros. Esto podría conllevar a una escalada de privilegios remota en el proveedor de contenido multimedi... • http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00000.html • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0CVE-2019-9232 – libvpx: Out of bounds read in vp8_norm table
https://notcve.org/view.php?id=CVE-2019-9232
27 Sep 2019 — In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-122675483 En libvpx, se presenta una posible lectura fuera de límites debido a una falta de comprobación de límites. Esto podría conllevar a una divulgación de información remota sin ser necesarios privilegios de ejecución adicionales.... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-2124
https://notcve.org/view.php?id=CVE-2019-2124
05 Sep 2019 — In ComposeActivityEmailExternal of ComposeActivityEmailExternal.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure. En la función ComposeActivityEmailExternal del archivo ComposeActivityEmailExternal.java en Android versiones 7.1.1, 7.1.2, 8.0, 8.1 y 9, existe una manera posible de adjuntar archivos a un correo electrónico silenciosamente debido a un problema de tipo confused dep... • https://source.android.com/security/bulletin/2019-09-01 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-2180
https://notcve.org/view.php?id=CVE-2019-2180
05 Sep 2019 — In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure from the printer service with no additional execution privileges needed. User interaction is not needed for exploitation. En la función ippSetValueTag del archivo ipp.c en Android versiones 8.0, 8.1 y 9, se presenta una posible lectura fuera de límites debido a una comprobación de entrada inapropiada. Esto podría conllevar a la divulga... • https://source.android.com/security/bulletin/2019-09-01 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-2179
https://notcve.org/view.php?id=CVE-2019-2179
05 Sep 2019 — In NDEF_MsgValidate of ndef_utils in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. En la función NDEF_MsgValidate de ndef_utils en Android versiones 7.1.1, 7.1.2, 8.0, 8.1 y 9, se presenta una posible lectura fuera de límites debido a un desbordamiento de enteros. Esto podría conllevar a la divulgación de infor... • https://source.android.com/security/bulletin/2019-09-01 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-2178
https://notcve.org/view.php?id=CVE-2019-2178
05 Sep 2019 — In rw_t4t_sm_read_ndef of rw_t4t in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC service with no additional execution privileges needed. User interaction is not needed for exploitation. En la función rw_t4t_sm_read_ndef de rw_t4t en Android versiones 7.1.1, 7.1.2, 8.0, 8.1 y 9, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. Esto podría... • https://source.android.com/security/bulletin/2019-09-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2019-2115
https://notcve.org/view.php?id=CVE-2019-2115
05 Sep 2019 — In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. En la función GateKeeper::MintAuthToken del archivo gatekeeper.cpp en Android versiones 7.1.1, 7.1.2, 8.0, 8.1 y 9, se presenta una posible corrupción de memoria debido a una doble liberación. Esto podría conllevar a una escala... • https://github.com/Fred12301/CVE-2019-2115-Pixel-2-2-XL • CWE-415: Double Free CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-2177
https://notcve.org/view.php?id=CVE-2019-2177
05 Sep 2019 — In isPreferred of HidProfile.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible device type confusion due to a permissions bypass. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. En la función isPreferred del archivo HidProfile.java en Android versiones 7.1.1, 7.1.2, 8.0, 8.1 y 9, se presenta una posible confusión del tipo de dispositivo debido a una omisión de permisos. Esto podría conllevar a la ejecución ... • https://source.android.com/security/bulletin/2019-09-01 • CWE-275: Permission Issues •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-2176
https://notcve.org/view.php?id=CVE-2019-2176
05 Sep 2019 — In ihevcd_parse_buffering_period_sei of ihevcd_parse_headers.c in Android 8.0, 8.1 and 9, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. En la función ihevcd_parse_buffering_period_sei del archivo ihevcd_parse_headers.c en Android versiones 8.0, 8.1 y 9, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. E... • https://source.android.com/security/bulletin/2019-09-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-2174
https://notcve.org/view.php?id=CVE-2019-2174
05 Sep 2019 — In SensorManager::assertStateLocked of SensorManager.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible use after free due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. En la función SensorManager::ClaimStateLocked del archivo SensorManager.cpp en Android versiones 7.1.1, 7.1.2, 8.0, 8.1 y 9, se presenta un posible uso de la memoria previamente liberada debido a un bloqueo ... • https://source.android.com/security/bulletin/2019-09-01 • CWE-416: Use After Free CWE-667: Improper Locking •