Vulnerabilities (CVE)

Vendor filter

Google Subscribe

Product filter

Chrome Subscribe

Filter

2579 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-2215 1 Google 1 Android 2019-10-16 4.6
A use-after-free in binder.c allows an elevation of privilege from an application to the Linux Kernel. No user interaction is required to exploit this vulnerability, however exploitation does require either the installation of a malicious local...
CVE-2019-2173 1 Google 1 Android 2019-10-16 4.6
In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction...
CVE-2019-5040 2 Openweave, Google 2 Openweave-core, Nest Cam Iq Indoor Firmware 2019-10-09 5.0
An exploitable information disclosure vulnerability exists in the Weave MessageLayer parsing of Openweave-core version 4.0.2 and Nest Cam IQ Indoor version 4620002. A specially crafted weave packet can cause an integer overflow to occur,...
CVE-2019-10379 1 Google 1 Cloud Messaging Notification 2019-10-09 4.0
Jenkins Google Cloud Messaging Notification Plugin 1.0 and earlier stores credentials unencrypted in its global configuration file on the Jenkins master where they can be viewed by users with access to the master file system.
CVE-2019-10365 1 Google 1 Kubernetes Engine 2019-10-09 4.0
Jenkins Google Kubernetes Engine Plugin 0.6.2 and earlier created a temporary file containing a temporary access token in the project workspace, where it could be accessed by users with Job/Read permission.
CVE-2015-4000 12 Google, Openssl, Apple and 9 more 25 Safari, Network Security Services, Ie and 22 more 2019-10-09 4.3
The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a...
CVE-2019-9263 1 Google 1 Android 2019-10-07 4.6
In telephony, there is a possible bypass of user interaction requirements due to missing permission checks. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2019-9350 1 Google 1 Android 2019-10-04 4.6
In Keymaster, there is a possible EoP due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: AndroidVersions:...
CVE-2019-9306 1 Google 1 Android 2019-10-04 6.8
In libMpegTPDec, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions:...
CVE-2019-9232 1 Google 1 Android 2019-10-04 5.0
In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product:...
CVE-2019-9376 1 Google 1 Android 2019-10-04 4.9
In the Accounts package, there is a possible crash due to improper input validation. This could lead to permanent local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product:...
CVE-2019-9313 1 Google 1 Android 2019-10-04 4.3
In libstagefright, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions:...
CVE-2019-9233 1 Google 1 Android 2019-10-04 5.0
In wpa_supplicant_8, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation....
CVE-2019-9374 1 Google 1 Android 2019-10-04 4.6
In CompanionDeviceManager, there is a possible bypass of user interaction requirements due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...
CVE-2019-9238 1 Google 1 Android 2019-10-04 6.9
In the NFC stack, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Product:...
CVE-2019-2189 1 Google 1 Android 2019-10-04 6.9
In the Easel driver, there is possible memory corruption due to race conditions. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2019-2188 1 Google 1 Android 2019-10-04 6.9
In the Easel driver, there is possible memory corruption due to race conditions. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...
CVE-2019-9283 1 Google 1 Android 2019-10-04 4.3
In AAC Codec, there is a possible resource exhaustion due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product:...
CVE-2019-9320 1 Google 1 Android 2019-10-03 4.3
In libavc, there is a missing variable initialization. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID:...
CVE-2019-9423 1 Google 1 Android 2019-10-03 4.6
In opencv calls that use libpng, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges required. User interaction is not required for...