CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-2122
https://notcve.org/view.php?id=CVE-2019-2122
In LockTaskController.lockKeyguardIfNeeded of the LockTaskController.java, there was a difference in the handling of the default case between the WindowManager and the Settings. This could lead to a local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • https://source.android.com/security/bulletin/2019-08-01 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-2120
https://notcve.org/view.php?id=CVE-2019-2120
In OatFileAssistant::GenerateOatFile of oat_file_assistant.cc, there is a possible file corruption issue due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • https://source.android.com/security/bulletin/2019-08-01 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-14783
https://notcve.org/view.php?id=CVE-2019-14783
On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, FotaAgent allows a malicious application to create privileged files. The Samsung ID is SVE-2019-14764. En dispositivos móviles Samsung con software N (7.x) y O (8.x), P (9.0), FotaAgent permite que una aplicación maliciosa cree archivos privilegiados. La identificación de Samsung es SVE-2019-14764. • http://packetstormsecurity.com/files/154615/Samsung-Mobile-Android-FotaAgent-Arbitrary-File-Creation.html http://seclists.org/fulldisclosure/2019/Sep/33 https://security.samsungmobile.com/securityUpdate.smsb •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-2117
https://notcve.org/view.php?id=CVE-2019-2117
In checkQueryPermission of TelephonyProvider.java, there is a possible disclosure of secure data due to a missing permission check. This could lead to local information disclosure about carrier systems with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • https://source.android.com/security/bulletin/2019-07-01 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-2116
https://notcve.org/view.php?id=CVE-2019-2116
In save_attr_seq of sdp_discovery.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • https://source.android.com/security/bulletin/2019-07-01 • CWE-125: Out-of-bounds Read •