CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-1987
https://notcve.org/view.php?id=CVE-2019-1987
In onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/106842 https://source.android.com/security/bulletin/2019-02-01 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1998
https://notcve.org/view.php?id=CVE-2019-1998
In event_handler of keymaster_app.c, there is possible resource exhaustion due to a table being lost on reboot. This could lead to local denial of service that is not fixed by a factory reset, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. • http://www.securityfocus.com/bid/106946 https://source.android.com/security/bulletin/2019-02-01 •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-1988
https://notcve.org/view.php?id=CVE-2019-1988
In sample6 of SkSwizzler.cpp, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution in system_server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/106842 https://source.android.com/security/bulletin/2019-02-01 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2019-1994
https://notcve.org/view.php?id=CVE-2019-1994
In refresh of DevelopmentTiles.java, there is the possibility of leaving development settings accessible due to an insecure default value. This could lead to unwanted access to development settings, with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/106946 https://source.android.com/security/bulletin/2019-02-01 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 7.6EPSS: 0%CPEs: 6EXPL: 0CVE-2019-1992
https://notcve.org/view.php?id=CVE-2019-1992
In bta_hl_sdp_query_results of bta_hl_main.cc, there is a possible use-after-free due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/106946 https://source.android.com/security/bulletin/2019-02-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •