android vulnerabilities and exploits

NA
CVE-2019-7646

CentOS Web Panel version 0.9.8.763 suffers from a cross site scripting vulnerability....

4.3
MEDIUM
CVE-2019-5767

Insufficient protection of permission UI in WebAPKs in Google Chrome on Android prior to 72.0.3626.81 allowed an attacker who convinced the user to install a malicious application to access privacy/security sensitive web APIs via a crafted APK....

6.8
MEDIUM
CVE-2019-5759

Incorrect lifetime handling in HTML select elements in Google Chrome on Android and Mac prior to 72.0.3626.81 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page....

4.3
MEDIUM
CVE-2019-5765

An exposed debugging endpoint in the browser in Google Chrome on Android prior to 72.0.3626.81 allowed a local attacker to obtain potentially sensitive information from process memory via a crafted Intent....

5
MEDIUM
CVE-2019-8919

The seadroid (aka Seafile Android Client) application through 2.2.13 for Android always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks....

NA
CVE-2014-7224

CompatWebView CompatWebView是为了解决WebView的JavaScriptInterface注入漏洞 漏洞介绍:CVE-2012-6636 CVE-2013-4710 官方说明:addJavaScriptInterface This method can be used to allow JavaScript to control the host application. This is a powerful feature, but a...

2.1
LOW
CVE-2019-0256

Under certain conditions SAP Business One Mobile Android App, version 1.2.12, allows an attacker to access information which would otherwise be restricted....

4.3
MEDIUM
CVE-2019-8345

The Help feature in the ES File Explorer File Manager application 4.1.9.7.4 for Android allows session hijacking by a Man-in-the-middle attacker on the local network because HTTPS is not used, and an attacker's web site is displayed in a WebView with no information about the...

NA
CVE-2018-17937

gpsd Open Source Project gpsd and microjson are vulnerable to a stack-based buffer overflow, caused by improper bounds checking. By sending specially-crafted JSON inputs, a remote attacker could overflow a buffer and execute arbitrary code on the system....

9.3
HIGH
CVE-2018-6267

NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software does not validate or incorrectly validates input that can affect the control flow or data flow of a program, which may lead to denial of service or escalation of privileges. Android ID: A-708579...

GoogleAndroid
9.3
HIGH
CVE-2018-6271

NVIDIA Tegra OpenMax driver (libnvomx) contains a vulnerability in which the software delivers extra data with the buffer and does not properly validated the extra data, which may lead to denial of service or escalation of privileges. Android ID: A-80198474....

GoogleAndroid