CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-2122
https://notcve.org/view.php?id=CVE-2019-2122
In LockTaskController.lockKeyguardIfNeeded of the LockTaskController.java, there was a difference in the handling of the default case between the WindowManager and the Settings. This could lead to a local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • https://source.android.com/security/bulletin/2019-08-01 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-2120
https://notcve.org/view.php?id=CVE-2019-2120
In OatFileAssistant::GenerateOatFile of oat_file_assistant.cc, there is a possible file corruption issue due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • https://source.android.com/security/bulletin/2019-08-01 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 8.1EPSS: 0%CPEs: 371EXPL: 0CVE-2019-9506 – Blutooth BR/EDR specification does not specify sufficient encryption key length and allows an attacker to influence key length negotiation
https://notcve.org/view.php?id=CVE-2019-9506
The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary ciphertext without the victim noticing. La especificación de Bluetooth BR/EDR incluyendo versión 5.1, permite una longitud de clave de cifrado suficientemente baja y no impide que un atacante influya en la negociación de longitud de clave. Esto permite ataques prácticos de fuerza bruta (también se conoce como "KNOB") que pueden descifrar el tráfico e inyectar texto cifrado arbitrario sin que la víctima se dé cuenta. A flaw was discovered in the Bluetooth protocol. • http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00036.html http://lists.opensuse.org/opensuse-security-announce/2019-10/msg00037.html http://seclists.org/fulldisclosure/2019/Aug/11 http://seclists.org/fulldisclosure/2019/Aug/13 http://seclists.org/fulldisclosure/2019/Aug/14 http://seclists.org/fulldisclosure/2019/Aug/15 http://www.cs.ox.ac.uk/publications/publication12404-abstract.html http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190828-01-knob-en https: • CWE-310: Cryptographic Issues CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-14783
https://notcve.org/view.php?id=CVE-2019-14783
On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, FotaAgent allows a malicious application to create privileged files. The Samsung ID is SVE-2019-14764. En dispositivos móviles Samsung con software N (7.x) y O (8.x), P (9.0), FotaAgent permite que una aplicación maliciosa cree archivos privilegiados. La identificación de Samsung es SVE-2019-14764. • http://packetstormsecurity.com/files/154615/Samsung-Mobile-Android-FotaAgent-Arbitrary-File-Creation.html http://seclists.org/fulldisclosure/2019/Sep/33 https://security.samsungmobile.com/securityUpdate.smsb •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-5682
https://notcve.org/view.php?id=CVE-2019-5682
NVIDIA Shield TV Experience prior to v8.0, contains a vulnerability in the NVIDIA Games App where it improperly exports an Activity but does not properly restrict which applications can launch the Activity, which may lead to code execution or denial of service. Shield TV Experience de NVIDIA anterior a versión v8.0, contiene una vulnerabilidad en la aplicación NVIDIA Games donde exporta inapropiadamente una Actividad pero no restringe apropiadamente qué aplicaciones pueden activar la Actividad, lo que puede conllevar a la ejecución del código o la denegación de servicio. • https://nvidia.custhelp.com/app/answers/detail/a_id/4804 •