CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15388
https://notcve.org/view.php?id=CVE-2019-15388
14 Nov 2019 — The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer (versionCode=7, versionName=7.1.13). This app contains an exported service named com.lovelyfont.manager.FontCoverService that allows any app co-located on the device to supply arbitrary commands to be executed as the system user. This app cannot be disabled by the user and the attack can be ... • https://www.kryptowire.com/android-firmware-2019 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15368
https://notcve.org/view.php?id=CVE-2019-15368
14 Nov 2019 — The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. El dispositivo Coolpad 1851 Android con una huella digital de compilación de Coolpad/android/android:8.1.0/O11019/1534834761:userdebug... • https://www.kryptowire.com/android-firmware-2019 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15353
https://notcve.org/view.php?id=CVE-2019-15353
14 Nov 2019 — The Coolpad N3C Android device with a build fingerprint of Coolpad/N3C/N3C:8.1.0/O11019/1538236809:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. El dispositivo Coolpad N3C Android con una huella digital de compilación de Coolpad/N3C/N3C:8.1.0/O11019/1538236809:user/release-keys, contiene una ... • https://www.kryptowire.com/android-firmware-2019 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-15352
https://notcve.org/view.php?id=CVE-2019-15352
14 Nov 2019 — The Coolpad 1851 Android device with a build fingerprint of Coolpad/android/android:8.1.0/O11019/1534834761:userdebug/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app (versionCode=27, versionName=8.1.0) that allows any app co-located on the device to modify a system property through an exported interface without proper authorization. El dispositivo Coolpad 1851 Android con una huella digital de compilación de Coolpad/android/android:8.1.0/O11019/1534834761:userdebug... • https://www.kryptowire.com/android-firmware-2019 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2018-15003
https://notcve.org/view.php?id=CVE-2018-15003
25 Apr 2019 — The Coolpad Defiant (Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys) and the T-Mobile Revvl Plus (Coolpad/alchemy/alchemy:7.1.1/143.14.171129.3701A-TMO/buildf_nj_02-206:user/release-keys) Android devices contain a pre-installed platform app with a package name of com.qualcomm.qti.telephony.extcarrierpack (versionCode=25, versionName=7.1.1) containing an exported broadcast receiver app component named com.qualcomm.qti.telephony.extcarrierpack.UiccReceiver that allows any app co-located on t... • https://www.kryptowire.com • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 1CVE-2018-14991
https://notcve.org/view.php?id=CVE-2018-14991
25 Apr 2019 — The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys, the ZTE ZMAX Pro with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the T-Mobile Revvl Plus with a build fingerprint of Coolpad/alchemy/alchemy:7.1.1/143.14.171129.3701A-TMO/buildf_nj_02-206:user/release-keys all contain a vulnerable, pre-installed Rich Communication Services (RCS) app. These devices contain an that app has a package name of co... • https://www.kryptowire.com • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-14990
https://notcve.org/view.php?id=CVE-2018-14990
25 Apr 2019 — The Coolpad Defiant device with a build fingerprint of Coolpad/cp3632a/cp3632a:7.1.1/NMF26F/099480857:user/release-keys, the ZTE ZMAX Pro with a build fingerprint of ZTE/P895T20/urd:6.0.1/MMB29M/20170418.114928:user/release-keys, and the T-Mobile Revvl Plus with a build fingerprint of Coolpad/alchemy/alchemy:7.1.1/143.14.171129.3701A-TMO/buildf_nj_02-206:user/release-keys all contain a vulnerable, pre-installed Rich Communication Services (RCS) app. These devices contain an that app has a package name of co... • https://www.kryptowire.com • CWE-20: Improper Input Validation •
CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 2CVE-2018-15004
https://notcve.org/view.php?id=CVE-2018-15004
28 Dec 2018 — The Coolpad Canvas device with a build fingerprint of Coolpad/cp3636a/cp3636a:7.0/NRD90M/093031423:user/release-keys contains a platform app with a package name of com.qualcomm.qti.modemtestmode (versionCode=24, versionName=7.0) that contains an exported service app component named com.qualcomm.qti.modemtestmode.MbnTestService that allows any app on the device to set certain system properties as the com.android.phone user. When an app sets the persist.service.logr.enable system property to a value of 1, an ... • https://www.kryptowire.com/portal/android-firmware-defcon-2018 • CWE-532: Insertion of Sensitive Information into Log File •