CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-2043
https://notcve.org/view.php?id=CVE-2019-2043
In SmsDefaultDialog.onStart of SmsDefaultDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9 Android ID: A-120484087 En SmsDefaultDialog.onStart de SmsDefaultDialog.java, hay una posible escalada de privilegios debido a un ataque de superposición. Esto podría llevar a una escalada local de privilegios, concediendo privilegios a una aplicación local sin el consentimiento informado del usuario, sin necesidad de privilegios adicionales. • http://www.securityfocus.com/bid/108240 https://source.android.com/security/bulletin/2019-05-01 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-2037
https://notcve.org/view.php?id=CVE-2019-2037
In l2cu_send_peer_config_rej of l2c_utils.cc, there is a possible out-of-bound read due to an incorrect bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • https://source.android.com/security/bulletin/2019-04-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-2041
https://notcve.org/view.php?id=CVE-2019-2041
In the configuration of NFC modules on certain devices, there is a possible failure to distinguish individual devices due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.1 Android-9. • https://source.android.com/security/bulletin/2019-04-01 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-2032
https://notcve.org/view.php?id=CVE-2019-2032
In SetScanResponseData of ble_advertiser_hci_interface.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. • https://source.android.com/security/bulletin/2019-04-01 • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-2029
https://notcve.org/view.php?id=CVE-2019-2029
In btm_proc_smp_cback of tm_ble.cc, there is a possible memory corruption due to a use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • https://source.android.com/security/bulletin/2019-04-01 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •