CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-2031
https://notcve.org/view.php?id=CVE-2019-2031
In rw_t3t_act_handle_check_ndef_rsp of rw_t3t.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • https://source.android.com/security/bulletin/2019-04-01 • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-2030
https://notcve.org/view.php?id=CVE-2019-2030
In removeInterfaceAddress of NetworkController.cpp, there is a possible use after free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. • https://source.android.com/security/bulletin/2019-04-01 • CWE-416: Use After Free •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-2028
https://notcve.org/view.php?id=CVE-2019-2028
In numerous hand-crafted functions in libmpeg2, NEON registers are not preserved. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • https://source.android.com/security/bulletin/2019-04-01 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-2027
https://notcve.org/view.php?id=CVE-2019-2027
In floor0_inverse1 of floor0.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • https://source.android.com/security/bulletin/2019-04-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-2026
https://notcve.org/view.php?id=CVE-2019-2026
In updateAssistMenuItems of Editor.java, there is a possible escape from the Setup Wizard due to a missing permission check. This could lead to local escalation of privilege and FRP bypass with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-8.0Android ID: A-120866126 Vulnerabilidad en la función updateAssistMenuItems del archivo editor.Java, hay un posible escape del asistente de instalación debido a una falta de comprobación de autorización. Esto podría conducir a la escalada local de privilegios y realizar una omisión de FRP sin necesidad de privilegios de ejecución adicionales. La interacción del usuario no es necesaria para la explotación. • https://source.android.com/security/bulletin/2019-04-01 • CWE-862: Missing Authorization •