Total
34802 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-2256 | 1 Qualcomm | 70 Mdm9650, Mdm9650 Firmware, Msm8909w and 67 more | 2024-11-21 | N/A |
| An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | ||||
| CVE-2019-2255 | 1 Qualcomm | 70 Msm8909w, Msm8909w Firmware, Msm8996au and 67 more | 2024-11-21 | N/A |
| An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | ||||
| CVE-2019-2233 | 1 Google | 1 Android | 2024-11-21 | 6.8 Medium |
| In getUserCount and getCount of UserSwitcherController.java, there is possible new user creation due to a logic error. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140486529 | ||||
| CVE-2019-2221 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In hasActivityInVisibleTask of WindowProcessController.java there’s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138583650 | ||||
| CVE-2019-2220 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-138636979 | ||||
| CVE-2019-2199 | 1 Google | 1 Android | 2024-11-21 | 6.7 Medium |
| In createSessionInternal of PackageInstallerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-138650665 | ||||
| CVE-2019-2182 | 1 Google | 1 Android | 2024-11-21 | 7.8 High |
| In the Android kernel in the kernel MMU code there is a possible execution path leaving some kernel text and rodata pages writable. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. | ||||
| CVE-2019-2132 | 1 Google | 1 Android | 2024-11-21 | N/A |
| It is possible to overlay the VPN dialog by a malicious application. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130568701. | ||||
| CVE-2019-2124 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In ComposeActivityEmailExternal of ComposeActivityEmailExternal.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure. | ||||
| CVE-2019-2113 | 1 Google | 1 Android | 2024-11-21 | N/A |
| In setup wizard there is a bypass of some checks when wifi connection is skipped. This could lead to factory reset protection bypass with no additional privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-122597079. | ||||
| CVE-2019-2056 | 1 Google | 1 Android | 2024-11-21 | 5.5 Medium |
| There is a possible disclosure of RAM using a shared crypto key due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140879284 | ||||
| CVE-2019-2054 | 2 Canonical, Google | 2 Ubuntu Linux, Android | 2024-11-21 | 7.8 High |
| In the seccomp implementation prior to kernel version 4.8, there is a possible seccomp bypass due to seccomp policies that allow the use of ptrace. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-119769499 | ||||
| CVE-2019-2036 | 1 Google | 1 Android | 2024-11-21 | 9.8 Critical |
| In okToConnect of HidHostService.java, there is a possible permission bypass due to an incorrect state check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-79703832 | ||||
| CVE-2019-25076 | 1 Openvswitch | 1 Openvswitch | 2024-11-21 | 5.8 Medium |
| The TSS (Tuple Space Search) algorithm in Open vSwitch 2.x through 2.17.2 and 3.0.0 allows remote attackers to cause a denial of service (delays of legitimate traffic) via crafted packet data that requires excessive evaluation time within the packet classification algorithm for the MegaFlow cache, aka a Tuple Space Explosion (TSE) attack. | ||||
| CVE-2019-25067 | 2 Podman Project, Varlink | 2 Podman, Varlink | 2024-11-21 | 6.3 Medium |
| A vulnerability, which was classified as critical, was found in Podman and Varlink 1.5.1. This affects an unknown part of the component API. The manipulation leads to Remote Privilege Escalation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-143949 was assigned to this vulnerability. | ||||
| CVE-2019-25059 | 2 Artifex, Debian | 2 Ghostscript, Debian Linux | 2024-11-21 | 7.8 High |
| Artifex Ghostscript through 9.26 mishandles .completefont. NOTE: this issue exists because of an incomplete fix for CVE-2019-3839. | ||||
| CVE-2019-25057 | 1 R3 | 1 Corda | 2024-11-21 | 7.5 High |
| In Corda before 4.1, the meaning of serialized data can be modified via an attacker-controlled CustomSerializer. | ||||
| CVE-2019-25055 | 1 Libpulse-binding Project | 1 Libpulse-binding | 2024-11-21 | 7.5 High |
| An issue was discovered in the libpulse-binding crate before 2.6.0 for Rust. It mishandles a panic that crosses a Foreign Function Interface (FFI) boundary. | ||||
| CVE-2019-25026 | 2 Debian, Redmine | 2 Debian Linux, Redmine | 2024-11-21 | 5.3 Medium |
| Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting. | ||||
| CVE-2019-25018 | 1 Mit | 1 Krb5-appl | 2024-11-21 | 7.5 High |
| In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. | ||||