CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-1995
https://notcve.org/view.php?id=CVE-2019-1995
In ComposeActivityEmail of ComposeActivityEmail.java, there is a possible way to silently attach files to an email due to a confused deputy. This could lead to local information disclosure, sending files accessible to AOSP Mail to a remote email recipient, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/106946 https://source.android.com/security/bulletin/2019-02-01 •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-1991
https://notcve.org/view.php?id=CVE-2019-1991
In btif_dm_data_copy of btif_core.cc, there is a possible out of bounds write due to a buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/106946 https://source.android.com/security/bulletin/2019-02-01 • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2019-1987
https://notcve.org/view.php?id=CVE-2019-1987
In onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/106842 https://source.android.com/security/bulletin/2019-02-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-1997
https://notcve.org/view.php?id=CVE-2019-1997
In random_get_bytes of random.c, there is a possible degradation of randomness due to an insecure default value. This could lead to local information disclosure via an insecure wireless connection with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-117508900. • http://www.securityfocus.com/bid/106946 https://source.android.com/security/bulletin/2019-02-01 • CWE-330: Use of Insufficiently Random Values •
CVSS: 7.6EPSS: 0%CPEs: 6EXPL: 0CVE-2019-1992
https://notcve.org/view.php?id=CVE-2019-1992
In bta_hl_sdp_query_results of bta_hl_main.cc, there is a possible use-after-free due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/106946 https://source.android.com/security/bulletin/2019-02-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-416: Use After Free •