National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 127,311 matching records.
Displaying matches 1281 through 1300.
Vuln ID Summary CVSS Severity
CVE-2019-15433

The Samsung A3 Android device with a build fingerprint of samsung/a3y17ltedx/a3y17lte:8.0.0/R16NW/A320YDXU4CSB3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Published: November 14, 2019; 12:15:22 PM -05:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2019-15432

The Evercoss U6 Android device with a build fingerprint of EVERCOSS/U6/U6:7.0/NRD90M/1504236704:user/release-keys contains a pre-installed app with a package name of com.qiku.cleaner app (versionCode=2, versionName=2.0.0_VER_32516486284094) that allows other pre-installed apps to perform system properties modification via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Published: November 14, 2019; 12:15:21 PM -05:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2019-15431

The Evercoss U50A Android device with a build fingerprint of EVERCOSS/U50A./EVERCOSS:7.0/NRD90M/1499911028:eng/test-keys contains a pre-installed app with a package name of com.qiku.cleaner app (versionCode=2, versionName=2.0_VER_2017.04.21_17:55:55) that allows other pre-installed apps to perform system properties modification via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Published: November 14, 2019; 12:15:21 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2019-15430

The Bluboo D3 Pro Android device with a build fingerprint of BLUBOO/Bluboo_D2_Pro/Bluboo_D2_Pro:7.0/NRD90M/1510370501:user/release-keys contains a pre-installed app with a package name of com.qiku.cleaner app (versionCode=2, versionName=2.0.0_VER_32516508295515) that allows other pre-installed apps to perform system properties modification via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Published: November 14, 2019; 12:15:21 PM -05:00
V3.1: 5.5 MEDIUM
    V2: 2.1 LOW
CVE-2019-15429

The Panasonic ELUGA_I9 Android device with a build fingerprint of Panasonic/ELUGA_I9/ELUGA_I9:7.0/NRD90M/1501740649:user/release-keys contains a pre-installed app with a package name of com.ovvi.modem app (versionCode=1, versionName=1) that allows unauthorized attacker-controlled at command via a confused deputy attack. This capability can be accessed by any app co-located on the device.

Published: November 14, 2019; 12:15:21 PM -05:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-15428

The Xiaomi Mi Note 2 Android device with a build fingerprint of Xiaomi/scorpio/scorpio:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.

Published: November 14, 2019; 12:15:21 PM -05:00
V3.1: 3.3 LOW
    V2: 2.1 LOW
CVE-2019-15427

The Xiaomi Mi Mix Android device with a build fingerprint of Xiaomi/lithium/lithium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.

Published: November 14, 2019; 12:15:21 PM -05:00
V3.1: 3.3 LOW
    V2: 2.1 LOW
CVE-2019-15426

The Xiaomi 5S Plus Android device with a build fingerprint of Xiaomi/natrium/natrium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app (versionCode=40000, versionName=4.0.00) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.

Published: November 14, 2019; 12:15:21 PM -05:00
V3.1: 3.3 LOW
    V2: 2.1 LOW
CVE-2019-15425

The Kata M4s Android device with a build fingerprint of alps/full_hct6750_66_n/hct6750_66_n:7.0/NRD90M/1495624556:user/test-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.

Published: November 14, 2019; 12:15:21 PM -05:00
V3.1: 3.3 LOW
    V2: 2.1 LOW
CVE-2019-15424

The Doogee BL5000 Android device with a build fingerprint of DOOGEE/BL5000/BL5000:7.0/NRD90M/1497072355:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.

Published: November 14, 2019; 12:15:21 PM -05:00
V3.1: 3.3 LOW
    V2: 2.1 LOW
CVE-2019-15423

The Bluboo Bluboo_S1 Android device with a build fingerprint of BLUBOO/Bluboo_S1/Bluboo_S1:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.

Published: November 14, 2019; 12:15:21 PM -05:00
V3.1: 3.3 LOW
    V2: 2.1 LOW
CVE-2019-15422

The Doogee Mix Android device with a build fingerprint of DOOGEE/MIX/MIX:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.

Published: November 14, 2019; 12:15:21 PM -05:00
V3.1: 3.3 LOW
    V2: 2.1 LOW
CVE-2019-15421

The Blackview BV7000_Pro Android device with a build fingerprint of Blackview/BV7000_Pro/BV7000_Pro:7.0/NRD90M/1493011204:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.

Published: November 14, 2019; 12:15:21 PM -05:00
V3.1: 3.3 LOW
    V2: 2.1 LOW
CVE-2019-15420

The Blackview BV9000Pro-F Android device with a build fingerprint of Blackview/BV9000Pro-F/BV9000Pro-F:7.1.1/N4F26M/1514363110:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app (versionCode=1, versionName=1) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.

Published: November 14, 2019; 12:15:21 PM -05:00
V3.1: 3.3 LOW
    V2: 2.1 LOW
CVE-2019-15419

The Asus ASUS_X015_1 Android device with a build fingerprint of asus/CN_X015/ASUS_X015_1:7.0/NRD90M/CN_X015-14.00.1709.35-20171215:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack. This capability can be accessed by any app co-located on the device.

Published: November 14, 2019; 12:15:21 PM -05:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-15418

The Asus ASUS_X00K_1 Android device with a build fingerprint of asus/CN_X00K/ASUS_X00K_1:7.0/NRD90M/CN_X00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=5, versionName=5.0.1) that allows unauthorized command execution via a confused deputy attack. This capability can be accessed by any app co-located on the device.

Published: November 14, 2019; 12:15:21 PM -05:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-15417

The Tecno Spark Pro Android device with a build fingerprint of TECNO/H3722/TECNO-K8:7.0/NRD90M/K8-H3722ABCDE-N-171229V96:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app (versionCode=7, versionName=7.0.5) that allows unauthorized dynamic code loading via a confused deputy attack. This capability can be accessed by any app co-located on the device.

Published: November 14, 2019; 12:15:20 PM -05:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2019-15416

The Sony keyaki_kddi Android device with a build fingerprint of Sony/keyaki_kddi/keyaki_kddi:7.1.1/TONE3-3.0.0-KDDI-170517-0326/1:user/dev-keys contains a pre-installed app with a package name of com.kddi.android.packageinstaller app (versionCode=70008, versionName=08.10.03) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Published: November 14, 2019; 12:15:20 PM -05:00
V3.1: 7.8 HIGH
    V2: 4.6 MEDIUM
CVE-2019-15415

The Xiaomi Redmi 5 Android device with a build fingerprint of xiaomi/vince/vince:7.1.2/N2G47H/V9.5.4.0.NEGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app (versionCode=1, versionName=QL1711_201803291645) that allows unauthorized wireless settings modification via a confused deputy attack. This capability can be accessed by any app co-located on the device.

Published: November 14, 2019; 12:15:20 PM -05:00
V3.1: 3.3 LOW
    V2: 2.1 LOW
CVE-2019-15414

The Asus ZenFone AR Android device with a build fingerprint of asus/WW_ASUS_A002/ASUS_A002:7.0/NRD90M/14.1600.1805.51-20180626:user/release-keys contains a pre-installed app with a package name of com.asus.splendidcommandagent app (versionCode=1510200105, versionName=1.2.0.21_180605) that allows other pre-installed apps to perform command execution via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Published: November 14, 2019; 12:15:20 PM -05:00
V3.1: 7.8 HIGH
    V2: 7.2 HIGH