CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2019-2121
https://notcve.org/view.php?id=CVE-2019-2121
20 Aug 2019 — In ActivityManagerService.attachApplication of ActivityManagerService, there is a possible race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. • https://source.android.com/security/bulletin/2019-08-01 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2019-2120
https://notcve.org/view.php?id=CVE-2019-2120
20 Aug 2019 — In OatFileAssistant::GenerateOatFile of oat_file_assistant.cc, there is a possible file corruption issue due to an insecure default value. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • https://source.android.com/security/bulletin/2019-08-01 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2019-14783 – Samsung Mobile Android FotaAgent Arbitrary File Creation
https://notcve.org/view.php?id=CVE-2019-14783
08 Aug 2019 — On Samsung mobile devices with N(7.x), and O(8.x), P(9.0) software, FotaAgent allows a malicious application to create privileged files. The Samsung ID is SVE-2019-14764. En dispositivos móviles Samsung con software N (7.x) y O (8.x), P (9.0), FotaAgent permite que una aplicación maliciosa cree archivos privilegiados. La identificación de Samsung es SVE-2019-14764. A vulnerability in Samsung Mobile Android FotaAgent allows creating privileged files without proper permission from an unprivileged process. • http://packetstormsecurity.com/files/154615/Samsung-Mobile-Android-FotaAgent-Arbitrary-File-Creation.html •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-2119
https://notcve.org/view.php?id=CVE-2019-2119
08 Jul 2019 — In multiple functions of key_store_service.cpp, there is a possible Information Disclosure due to improper locking. This could lead to local information disclosure of protected data with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. • https://source.android.com/security/bulletin/2019-07-01 • CWE-667: Improper Locking •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-2118
https://notcve.org/view.php?id=CVE-2019-2118
08 Jul 2019 — In various functions of Parcel.cpp, there are uninitialized or partially initialized stack variables. These could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. • https://source.android.com/security/bulletin/2019-07-01 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-2117
https://notcve.org/view.php?id=CVE-2019-2117
08 Jul 2019 — In checkQueryPermission of TelephonyProvider.java, there is a possible disclosure of secure data due to a missing permission check. This could lead to local information disclosure about carrier systems with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • https://source.android.com/security/bulletin/2019-07-01 • CWE-862: Missing Authorization •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-2116
https://notcve.org/view.php?id=CVE-2019-2116
08 Jul 2019 — In save_attr_seq of sdp_discovery.cc, there is a possible out-of-bound read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • https://source.android.com/security/bulletin/2019-07-01 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-2113
https://notcve.org/view.php?id=CVE-2019-2113
08 Jul 2019 — In setup wizard there is a bypass of some checks when wifi connection is skipped. This could lead to factory reset protection bypass with no additional privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. • https://source.android.com/security/bulletin/2019-07-01 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2019-2112
https://notcve.org/view.php?id=CVE-2019-2112
08 Jul 2019 — In several functions of alarm.cc, there is possible memory corruption due to a use after free. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. • https://source.android.com/security/bulletin/2019-07-01 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2019-2111
https://notcve.org/view.php?id=CVE-2019-2111
08 Jul 2019 — In loop of DnsTlsSocket.cpp, there is a possible heap memory corruption due to a use after free. This could lead to remote code execution in the netd server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. • https://source.android.com/security/bulletin/2019-07-01 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •