|
221201
|
7.8 |
HIGH
Local
|
google
|
android
|
In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution priv…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-2202
|
2024-11-21 13:40 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221202
|
7.8 |
HIGH
Local
|
google
canonical
|
android
ubuntu_linux
|
In generate_jsimd_ycc_rgb_convert_neon of jsimd_arm64_neon.S, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution in an unprivileged proces…
|
CWE-787
Out-of-bounds Write
|
CVE-2019-2201
|
2024-11-21 13:40 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221203
|
6.7 |
MEDIUM
Local
|
google
|
android
|
In createSessionInternal of PackageInstallerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User intera…
|
NVD-CWE-noinfo
|
CVE-2019-2199
|
2024-11-21 13:40 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221204
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In Download Provider, there is a possible SQL injection vulnerability. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed f…
|
CWE-89
SQL Injection
|
CVE-2019-2198
|
2024-11-21 13:40 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221205
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In processPhonebookAccess of CachedBluetoothDevice.java, there is a possible permission bypass due to an insecure default value. This could lead to local information disclosure of the user's contact …
|
CWE-1188
Insecure Default Initialization of Resource
|
CVE-2019-2197
|
2024-11-21 13:40 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221206
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In Download Provider, there is possible SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.…
|
CWE-89
SQL Injection
|
CVE-2019-2196
|
2024-11-21 13:40 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221207
|
7.8 |
HIGH
Local
|
google
|
android
|
In tokenize of sqlite3_android.cpp, there is a possible attacker controlled INSERT statement due to improper input validation. This could lead to local escalation of privilege with no additional exec…
|
CWE-20
CWE-89
Improper Input Validation
SQL Injection
|
CVE-2019-2195
|
2024-11-21 13:40 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221208
|
7.8 |
HIGH
Local
|
google
|
android
|
In WelcomeActivity.java and related files, there is a possible permissions bypass due to a partially provisioned Device Policy Client. This could lead to local escalation of privilege, leaving an Adm…
|
CWE-269
Improper Privilege Management
|
CVE-2019-2193
|
2024-11-21 13:40 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221209
|
7.8 |
HIGH
Local
|
google
|
android
|
In call of SliceProvider.java, there is a possible permissions bypass due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed…
|
CWE-20
Improper Input Validation
|
CVE-2019-2192
|
2024-11-21 13:40 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
221210
|
9.8 |
CRITICAL
Network
|
google
|
android
|
In okToConnect of HidHostService.java, there is a possible permission bypass due to an incorrect state check. This could lead to remote escalation of privilege with no additional execution privileges…
|
NVD-CWE-noinfo
|
CVE-2019-2036
|
2024-11-21 13:40 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
