CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-2173
https://notcve.org/view.php?id=CVE-2019-2173
11 Oct 2019 — In startActivityMayWait of ActivityStarter.java, there is a possible incorrect Activity launch due to an incorrect permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9Android ID: A-123013720 En la función startActivityMayWait del archivo ActivityStarter.java, se presenta un posible Inicio de Actividad incorrecto ... • https://source.android.com/security/bulletin/2019-10-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-5699
https://notcve.org/view.php?id=CVE-2019-5699
09 Oct 2019 — NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra bootloader contains a vulnerability where the software performs an incorrect bounds check, which may lead to buffer overflow resulting in escalation of privileges and code execution. escalation of privileges, and information disclosure, code execution, denial of service, or escalation of privileges. NVIDIA Shield TV Experience versión anterior a v8.0.1, el cargador de arranque de NVIDIA Tegra contiene una vulnerabilidad en la que el software realiza ... • https://nvidia.custhelp.com/app/answers/detail/a_id/4875 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2019-5700
https://notcve.org/view.php?id=CVE-2019-5700
09 Oct 2019 — NVIDIA Shield TV Experience prior to v8.0.1, NVIDIA Tegra software contains a vulnerability in the bootloader, where it does not validate the fields of the boot image, which may lead to code execution, denial of service, escalation of privileges, and information disclosure. NVIDIA Shield TV Experience versiones anteriores a v8.0.1, el software NVIDIA Tegra contiene una vulnerabilidad en el cargador de arranque, donde no comprueba los campos de la imagen de arranque, lo que puede conllevar a la ejecución de ... • https://github.com/oscardagrach/CVE-2019-5700 • CWE-20: Improper Input Validation •
CVSS: 4.6EPSS: 0%CPEs: 2EXPL: 1CVE-2019-11341
https://notcve.org/view.php?id=CVE-2019-11341
09 Oct 2019 — On certain Samsung P(9.0) phones, an attacker with physical access can start a TCP Dump capture without the user's knowledge. This feature of the Service Mode application is available after entering the *#9900# check code, but is protected by an OTP password. However, this password is created locally and (due to mishandling of cryptography) can be obtained easily by reversing the password creation logic. En ciertos teléfonos Samsung P(9.0), un atacante con acceso físico puede iniciar una captura de volcado ... • https://drfone.wondershare.com/unlock/samsung-galaxy-secret-code-list.html • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-9376
https://notcve.org/view.php?id=CVE-2019-9376
27 Sep 2019 — In Account of Account.java, there is a possible boot loop due to improper input validation. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.Product: Android; Versions: Android-9, Android-8.0, Android-8.1; Android ID: A-129287265. En el paquete Accounts, se presenta un posible bloqueo debido a una comprobación de entrada inapropiada. Esto podría conllevar a una denegación de servicio local permanente sin ser necesarios... • https://source.android.com/security/bulletin/2021-01-01 • CWE-834: Excessive Iteration •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-2124
https://notcve.org/view.php?id=CVE-2019-2124
05 Sep 2019 — In ComposeActivityEmailExternal of ComposeActivityEmailExternal.java in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure. En la función ComposeActivityEmailExternal del archivo ComposeActivityEmailExternal.java en Android versiones 7.1.1, 7.1.2, 8.0, 8.1 y 9, existe una manera posible de adjuntar archivos a un correo electrónico silenciosamente debido a un problema de tipo confused dep... • https://source.android.com/security/bulletin/2019-09-01 •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-2180
https://notcve.org/view.php?id=CVE-2019-2180
05 Sep 2019 — In ippSetValueTag of ipp.c in Android 8.0, 8.1 and 9, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure from the printer service with no additional execution privileges needed. User interaction is not needed for exploitation. En la función ippSetValueTag del archivo ipp.c en Android versiones 8.0, 8.1 y 9, se presenta una posible lectura fuera de límites debido a una comprobación de entrada inapropiada. Esto podría conllevar a la divulga... • https://source.android.com/security/bulletin/2019-09-01 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-2179
https://notcve.org/view.php?id=CVE-2019-2179
05 Sep 2019 — In NDEF_MsgValidate of ndef_utils in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. En la función NDEF_MsgValidate de ndef_utils en Android versiones 7.1.1, 7.1.2, 8.0, 8.1 y 9, se presenta una posible lectura fuera de límites debido a un desbordamiento de enteros. Esto podría conllevar a la divulgación de infor... • https://source.android.com/security/bulletin/2019-09-01 • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2019-2178
https://notcve.org/view.php?id=CVE-2019-2178
05 Sep 2019 — In rw_t4t_sm_read_ndef of rw_t4t in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC service with no additional execution privileges needed. User interaction is not needed for exploitation. En la función rw_t4t_sm_read_ndef de rw_t4t en Android versiones 7.1.1, 7.1.2, 8.0, 8.1 y 9, se presenta una posible escritura fuera de límites debido a una falta de comprobación de límites. Esto podría... • https://source.android.com/security/bulletin/2019-09-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 1CVE-2019-2115
https://notcve.org/view.php?id=CVE-2019-2115
05 Sep 2019 — In GateKeeper::MintAuthToken of gatekeeper.cpp in Android 7.1.1, 7.1.2, 8.0, 8.1 and 9, there is possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. En la función GateKeeper::MintAuthToken del archivo gatekeeper.cpp en Android versiones 7.1.1, 7.1.2, 8.0, 8.1 y 9, se presenta una posible corrupción de memoria debido a una doble liberación. Esto podría conllevar a una escala... • https://github.com/Fred12301/CVE-2019-2115-Pixel-2-2-XL • CWE-415: Double Free CWE-787: Out-of-bounds Write •