CVE-2019-2123
https://notcve.org/view.php?id=CVE-2019-2123
In execTransact of Binder.java in Android 7.1.1, 7.1.2, 8.0, 8.1, and 9, there is a possible local execution of arbitrary code in a privileged process due to a memory overwrite. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. En la función execTransact del archivo Binder.java en Android versiones 7.1.1, 7.1.2, 8.0, 8.1 y 9, se presenta una posible ejecución local de código arbitrario en un proceso privilegiado debido a una sobrescritura de memoria. Esto podría conllevar a una escalada local de privilegios sin necesitar privilegios de ejecución adicionales. • https://source.android.com/security/bulletin/2019-09-01 • CWE-787: Out-of-bounds Write •
CVE-2019-2127
https://notcve.org/view.php?id=CVE-2019-2127
In AudioInputDescriptor::setClientActive of AudioInputDescriptor.cpp, there is possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • https://source.android.com/security/bulletin/2019-08-01 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVE-2019-2137
https://notcve.org/view.php?id=CVE-2019-2137
In the endCall() function of TelecomManager.java, there is a possible Denial of Service due to a missing permission check. This could lead to local denial of access to Emergency Services with User execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. • https://source.android.com/security/bulletin/2019-08-01 • CWE-862: Missing Authorization •
CVE-2019-2136
https://notcve.org/view.php?id=CVE-2019-2136
In Status::readFromParcel of Status.cpp, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • https://source.android.com/security/bulletin/2019-08-01 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVE-2019-2135
https://notcve.org/view.php?id=CVE-2019-2135
In Mfc_Transceive of phNxpExtns_MifareStd.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • https://source.android.com/security/bulletin/2019-08-01 • CWE-125: Out-of-bounds Read •