Security
Headlines
HeadlinesLatestCVEs

Tag

#android

CVE-2019-17124: GitHub - hessandrew/CVE-2019-17124: KRAMER VIAware 2.5.0719.1034 - Remote Code Execution

Kramer VIAware 2.5.0719.1034 has Incorrect Access Control.

CVE
Open in Source
#vulnerability#web#ios#android#mac#windows#apache#git#php#rce#auth#chrome#ssl
CVE-2019-17192: Signal: Incoming call can be connected without user interaction

** DISPUTED ** The WebRTC component in the Signal Private Messenger application through 4.47.7 for Android processes videoconferencing RTP packets before a callee chooses to answer a call, which might make it easier for remote attackers to cause a denial of service or possibly have unspecified other impact via malformed packets. NOTE: the vendor plans to continue this behavior for performance reasons unless a WebRTC design change occurs.

CVE-2019-9325: Android 10 Security Release Notes  |  Android Open Source Project

In libvpx, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: AndroidVersions: Android-10Android ID: A-112001302

CVE-2019-9376: Android Security Bulletin—January 2021  |  Android Open Source Project

In Account of Account.java, there is a possible boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Android; Versions: Android-9, Android-8.0, Android-8.1; Android ID: A-129287265.

CVE-2019-16710: memory leaks · Issue #1528 · ImageMagick/ImageMagick

ImageMagick 7.0.8-35 has a memory leak in coders/dot.c, as demonstrated by AcquireMagickMemory in MagickCore/memory.c.

CVE-2019-9456: Pixel Update Bulletin—September 2019  |  Android Open Source Project

In the Android kernel in Pixel C USB monitor driver there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.

CVE-2019-9461: Pixel Update Bulletin—September 2019  |  Android Open Source Project

In the Android kernel in VPN routing there is a possible information disclosure. This could lead to remote information disclosure by an adjacent network attacker with no additional execution privileges needed. User interaction is not needed for exploitation.

CVE-2019-2126: Android Security Bulletin—August 2019

In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-127702368.