CVE-2019-15472

The Xiaomi Mi A2 Lite Android device with a build fingerprint of xiaomi/daisy/daisysprout:9/PKQ1.180917.001/V10.0.3.0.PDLMIXM:user/release-keys contains a pre-installed app with a package name of com.qualcomm.qti.callenhancement app versionCode=28, versionName=9 that allows unauthorized microphon...

CVE-2019-15467

The Xiaomi Mi Mix 2S Android device with a build fingerprint of Xiaomi/polaris/polaris:8.0.0/OPR1.170623.032/V9.5.19.0.ODGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app versionCode=1, versionName=A2060201801032053 that allows unauthorized wireles...

CVE-2019-15466

The Xiaomi Redmi 6 Pro Android device with a build fingerprint of xiaomi/sakuraindia/sakuraindia:8.1.0/OPM1.171019.019/V10.2.6.0.ODMMIXM:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app versionCode=1, versionName=QL1715201812191721 that allows...

CVE-2019-15466

CVE-2019-15466 concerns a vulnerability on the Xiaomi Redmi 6 Pro (build fingerprint: xiaomi/sakura_india/sakura_india:8.1.0/OPM1.171019.019/V10.2.6.0.ODMMIXM:user/release-keys). The issue arises from a pre-installed app with package name com.huaqin.factory app that allows unauthorized wireless s...

CVE-2019-15465

The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteubm/j7y17lte:8.1.0/M1AJQ/J730GMUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app versionCode=7000100, versionName=7.0.1.0 that allows other pre-installed...

CVE-2019-15459

The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app versionCode=7000100, versionName=7.0.1.0 that allows other pre-installed apps...

CVE-2019-15457

The CVE-2019-15457 entry describes a vulnerability in the Samsung J6 (j6ltexx/j6lte:8.0.0) where the pre-installed com.samsung.android.themecenter app exposes a component that permits other pre-installed apps to perform app installations. This capability can be accessed by any pre-installed app t...

CVE-2019-15453

The CVE-2019-15453 entry describes a vulnerability in the Samsung J4 with build Samsung/j4lteub/j4lte:8.0.0/R16NW/J400MUBS2ASC2:user/release-keys, where a pre-installed app (com.samsung.android.themecenter, v7.0.0.0) exposes an accessible component that allows other pre-installed apps to install ...

CVE-2019-15452

The Samsung J3 Android device with a build fingerprint of samsung/j3y17ltedx/j3y17lte:8.0.0/R16NW/J330GDXS3BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app versionCode=6010000, versionName=6.1.0.0 that allows other pre-installed apps t...

CVE-2019-15449

The Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app versionCode=7000000, versionName=7.0.0.0 that allows other pre-installed...

CVE-2019-15444

The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app versionCode=7000000, versionName=7.0.0.0 that allows other pre-installed apps to...

CVE-2019-15430

The Bluboo D3 Pro Android device with a build fingerprint of BLUBOO/BlubooD2Pro/BlubooD2Pro:7.0/NRD90M/1510370501:user/release-keys contains a pre-installed app with a package name of com.qiku.cleaner app versionCode=2, versionName=2.0.0VER32516508295515 that allows other pre-installed apps to...

CVE-2019-15430

The CVE-2019-15430 entry concerns the Bluboo D3 Pro Android device. A pre-installed app (package: com.qiku.cleaner, versionCode=2, versionName=2.0.0_VER_32516508295515) exposes functionality that lets other pre-installed apps modify system properties through an accessible component. This can be e...

CVE-2019-15426

The Xiaomi 5S Plus Android device with a build fingerprint of Xiaomi/natrium/natrium:6.0.1/MXB48T/7.1.5:user/release-keys contains a pre-installed app with a package name of com.miui.powerkeeper app versionCode=40000, versionName=4.0.00 that allows unauthorized wireless settings modification via ...

CVE-2019-15425

The Kata M4s Android device with a build fingerprint of alps/fullhct675066n/hct675066n:7.0/NRD90M/1495624556:user/test-keys contains a pre-installed app with a package name of com.mediatek.factorymode app versionCode=1, versionName=1 that allows unauthorized wireless settings modification via a...

CVE-2019-15423

The Bluboo BlubooS1 Android device with a build fingerprint of BLUBOO/BlubooS1/BlubooS1:7.0/NRD90M/1495809471:user/release-keys contains a pre-installed app with a package name of com.mediatek.factorymode app versionCode=1, versionName=1 that allows unauthorized wireless settings modification via...

CVE-2019-15422

The CVE concerns the Doogee Mix Android device (DOOGEE/MIX/MIX:7.0/NRD90M/1495809471:user/release-keys) which ships a pre-installed app with package name com.mediatek.factorymode (versionCode=1, versionName=1). The vulnerability allows unauthorized wireless settings modification via a confused de...

CVE-2019-15418

The Asus ASUSX00K1 Android device with a build fingerprint of asus/CNX00K/ASUSX00K1:7.0/NRD90M/CNX00K-14.01.1711.27-20180420:user/release-keys contains a pre-installed app with a package name of com.lovelyfont.defcontainer app versionCode=5, versionName=5.0.1 that allows unauthorized command...

CVE-2019-15418

The CVE-2019-15418 entry concerns the ASUS_X00K_1 device running Android 7.0 with a pre-installed app (package com.lovelyfont.defcontainer, versionCode 5, versionName 5.0.1) that enables unauthorized command execution via a confused deputy attack. Affected component is the defcontainer app on the...

CVE-2019-15415

The Xiaomi Redmi 5 Android device with a build fingerprint of xiaomi/vince/vince:7.1.2/N2G47H/V9.5.4.0.NEGMIFA:user/release-keys contains a pre-installed app with a package name of com.huaqin.factory app versionCode=1, versionName=QL1711201803291645 that allows unauthorized wireless settings...