Multiple Vulnerabilities in Google Android 10 OS Could Allow for Arbitrary Code Execution
MS-ISAC ADVISORY NUMBER:
2019-103
DATE(S) ISSUED:
10/01/2019
OVERVIEW:
Multiple vulnerabilities have been discovered in the Google Android 10 operating system (OS), the most severe of which could allow for arbitrary code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of a privileged process. These vulnerabilities could be exploited through multiple methods such as email, web browsing, and MMS when processing media files. Depending on the privileges associated with the application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.
THREAT INTELLIGENCE:
There are currently no reports of these vulnerabilities being exploited in the wild.
SYSTEMS AFFECTED:
- Android 10 OS builds utilizing Security Patch Levels issued prior to September 1, 2019.
RISK:
Government:
- Large and medium government entities: HIGH
- Small government entities: HIGH
Businesses:
- Large and medium business entities: HIGH
- Small business entities: HIGH
Home Users:
HIGH
TECHNICAL SUMMARY:
Multiple vulnerabilities have been discovered in the Google Android 10 OS, the most severe of which could allow for arbitrary code execution within the context of a privileged process. Details of these vulnerabilities are as follows:
- An elevation of privilege vulnerability in Media framework. (CVE-2019-9310)
- Multiple arbitrary code vulnerabilities in Framework. (CVE-2019-9256, CVE-2019-9262)
- Multiple arbitrary code vulnerabilities in Media framework. (CVE-2019-9278, CVE-2019-9297, CVE-2019-9298, CVE-2019-9299, CVE-2019-9300, CVE-2019-9301, CVE-2019-9302, CVE-2019-9303, CVE-2019-9304, CVE-2019-9305, CVE-2019-9306, CVE-2019-9307, CVE-2019-9308, CVE-2019-9346, CVE-2019-9357, CVE-2019-9382, CVE-2019-9405)
- Multiple arbitrary code vulnerabilities in System. (CVE-2019-9363, CVE-2019-9365)
- Multiple denial of service vulnerabilities in Framework. (CVE-2019-9372, CVE-2019-9373, CVE-2019-9376)
- Multiple denial of service vulnerabilities in Media framework. (CVE-2019-9268, CVE-2019-9283, CVE-2019-9348, CVE-2019-9349, CVE-2019-9352, CVE-2019-9371, CVE-2019-9379, CVE-2019-9418, CVE-2019-9420)
- Multiple denial of service vulnerabilities in System. (CVE-2019-9279, CVE-2019-9285, CVE-2019-9286, CVE-2019-9311, CVE-2019-9327, CVE-2019-9389, CVE-2019-9390, CVE-2019-9393, CVE-2019-9394, CVE-2019-9395, CVE-2019-9396, CVE-2019-9397, CVE-2019-9398, CVE-2019-9400, CVE-2019-9401, CVE-2019-9402, CVE-2019-9404, CVE-2019-9425, CVE-2019-9430, CVE-2019-9462)
- Multiple elevation of privilege vulnerabilities in Framework. (CVE-2019-9269, CVE-2019-9280, CVE-2019-9288, CVE-2019-9374, CVE-2019-9378, CVE-2019-9380, CVE-2019-9384, CVE-2019-9407, CVE-2019-9460)
- Multiple elevation of privilege vulnerabilities in Library. (CVE-2019-9423, CVE-2019-9459)
- Multiple elevation of privilege vulnerabilities in Android runtime. (CVE-2019-9290, CVE-2019-9429)
- Multiple elevation of privilege vulnerabilities in System. (CVE-2018-9425, CVE-2019-9238, CVE-2019-9257, CVE-2019-9258, CVE-2019-9259, CVE-2019-9263, CVE-2019-9266, CVE-2019-9291, CVE-2019-9295, CVE-2019-9309, CVE-2019-9350, CVE-2019-9358, CVE-2019-9375, CVE-2019-9386, CVE-2019-9463)
- Multiple information disclosure vulnerabilities in Framework. (CVE-2019-9281, CVE-2019-9292, CVE-2019-9323, CVE-2019-9351, CVE-2019-9377, CVE-2019-9399, CVE-2019-9421, CVE-2019-9424, CVE-2019-9428, CVE-2019-9438)
- Multiple information disclosure vulnerabilities in Media framework. (CVE-2019-9232, CVE-2019-9247, CVE-2019-9252, CVE-2019-9282, CVE-2019-9293, CVE-2019-9294, CVE-2019-9313, CVE-2019-9314, CVE-2019-9315, CVE-2019-9316, CVE-2019-9317, CVE-2019-9318, CVE-2019-9319, CVE-2019-9320, CVE-2019-9321, CVE-2019-9322, CVE-2019-9325, CVE-2019-9334, CVE-2019-9335, CVE-2019-9336, CVE-2019-9337, CVE-2019-9338, CVE-2019-9347, CVE-2019-9359, CVE-2019-9361, CVE-2019-9362, CVE-2019-9364, CVE-2019-9366, CVE-2019-9370, CVE-2019-9406, CVE-2019-9408, CVE-2019-9409, CVE-2019-9410, CVE-2019-9411, CVE-2019-9412, CVE-2019-9415, CVE-2019-9416, CVE-2019-9433)
- Multiple information disclosure vulnerabilities in System. (CVE-2018-9489, CVE-2018-9581, CVE-2019-9233, CVE-2019-9234, CVE-2019-9235, CVE-2019-9236, CVE-2019-9237, CVE-2019-9239, CVE-2019-9240, CVE-2019-9241, CVE-2019-9242, CVE-2019-9243, CVE-2019-9244, CVE-2019-9246, CVE-2019-9249, CVE-2019-9250, CVE-2019-9251, CVE-2019-9253, CVE-2019-9260, CVE-2019-9265, CVE-2019-9272, CVE-2019-9277, CVE-2019-9284, CVE-2019-9287, CVE-2019-9289, CVE-2019-9296, CVE-2019-9312, CVE-2019-9326, CVE-2019-9328, CVE-2019-9329, CVE-2019-9330, CVE-2019-9331, CVE-2019-9332, CVE-2019-9333, CVE-2019-9341, CVE-2019-9342, CVE-2019-9343, CVE-2019-9344, CVE-2019-9353, CVE-2019-9354, CVE-2019-9355, CVE-2019-9356, CVE-2019-9360, CVE-2019-9367, CVE-2019-9368, CVE-2019-9369, CVE-2019-9381, CVE-2019-9383, CVE-2019-9387, CVE-2019-9388, CVE-2019-9403, CVE-2019-9413, CVE-2019-9414, CVE-2019-9417, CVE-2019-9419, CVE-2019-9422, CVE-2019-9427, CVE-2019-9431, CVE-2019-9432, CVE-2019-9434, CVE-2019-9435, CVE-2019-9440)
Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution in the context of a privileged process. These vulnerabilities could be exploited through multiple methods such as email, web browsing, and MMS when processing media files. Depending on the privileges associated with the application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.
RECOMMENDATIONS:
We recommend the following actions be taken:
- Apply appropriate updates by Google Android or mobile carriers to vulnerable systems, immediately after appropriate testing.
- Remind users to only download applications from trusted vendors in the Play Store.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
- Inform and educate users regarding threats posed by hypertext links contained in emails or attachments, especially from un-trusted sources.
REFERENCES:
Google Android:
CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9489
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-9581
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9232
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9234
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9235
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9236
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9237
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9238
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9239
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9240
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9241
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9242
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9243
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9244
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9246
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9247
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9249
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9250
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9251
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9252
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9253
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9256
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9257
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9258
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9259
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9260
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9262
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9263
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9265
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9266
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9272
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9277
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9278
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9279
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9280
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9281
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9282
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9283
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9284
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9285
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9286
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9287
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9288
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9289
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9290
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9291
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9292
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9293
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9294
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9295
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9297
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9298
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9299
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9300
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9301
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9302
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9303
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9304
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9305
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9306
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9307
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9308
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9309
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9310
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9311
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9312
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9313
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9314
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9315
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9316
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9317
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9318
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9319
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9320
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9321
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9322
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9323
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9325
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9326
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9327
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9328
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9329
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9330
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9332
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9333
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9334
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9335
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9336
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9337
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9338
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9341
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9342
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9344
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9346
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9347
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9348
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9349
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9350
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9351
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9352
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9353
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9354
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9355
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9356
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9357
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9358
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9359
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9360
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9361
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9362
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9363
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9364
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9365
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9366
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9367
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9369
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9370
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9371
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9372
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9373
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9374
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9375
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9376
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9377
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9378
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9379
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9380
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9381
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9382
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9383
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9384
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9386
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9387
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9388
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9389
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9390
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9393
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9394
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9395
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9396
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9397
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9398
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9399
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9400
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9401
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9402
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9403
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9404
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9405
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9406
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9407
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9408
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9409
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9410
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9411
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9412
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9413
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9414
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9415
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9416
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9417
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9418
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9419
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9420
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9421
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9422
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9423
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9424
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9425
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9427
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9428
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9429
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9430
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9431
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9432
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9433
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9434
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9435
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9438
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9440
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9459
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9460
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9462
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9463