Page 53 of 924 results (0.012 seconds)

CVSS: 9.3EPSS: 1%CPEs: 12EXPL: 0

In ParseContentEncodingEntry of mkvparser.cc, there is a possible double free due to a missing reset of a freed pointer. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00049.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQSTK442ATWJOR4TU3MR6C3N5A6NDFFN https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U2IIA3RSYABBUCFIHXIRVUT5CTJVWWZ6 https://source.android.com/security/bulletin/2019-08-01 https://usn.ubuntu.com/4199-1 https://access.redhat.com/security/cve/CVE-2019-2126 https://bugzilla.redhat.com/show_bug.cgi?id=1789008 • CWE-415: Double Free CWE-672: Operation on a Resource after Expiration or Release •

CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0

In ChangeDefaultDialerDialog.java, there is a possible escalation of privilege due to an overlay attack. This could lead to local escalation of privilege, granting privileges to a local app without the user's informed consent, with no additional privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • https://source.android.com/security/bulletin/2019-08-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •

CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0

In LockTaskController.lockKeyguardIfNeeded of the LockTaskController.java, there was a difference in the handling of the default case between the WindowManager and the Settings. This could lead to a local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • https://source.android.com/security/bulletin/2019-08-01 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

In OatFileAssistant::GenerateOatFile of oat_file_assistant.cc, there is a possible file corruption issue due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • https://source.android.com/security/bulletin/2019-08-01 • CWE-1188: Initialization of a Resource with an Insecure Default •

CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0

On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, FotaAgent allows a malicious application to create privileged files. The Samsung ID is SVE-2019-14764. En dispositivos móviles Samsung con software N (7.x) y O (8.x), P (9.0), FotaAgent permite que una aplicación maliciosa cree archivos privilegiados. La identificación de Samsung es SVE-2019-14764. • http://packetstormsecurity.com/files/154615/Samsung-Mobile-Android-FotaAgent-Arbitrary-File-Creation.html http://seclists.org/fulldisclosure/2019/Sep/33 https://security.samsungmobile.com/securityUpdate.smsb •