CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9583
https://notcve.org/view.php?id=CVE-2018-9583
In bta_ag_parse_cmer of bta_ag_cmd.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-112860487. En bta_ag_parse_cmer de bta_ag_cmd.cc en Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 y Android-9, existe una posible escritura fuera de límites debido a la falta de comprobación de límites. • http://www.securityfocus.com/bid/106495 https://source.android.com/security/bulletin/2019-01-01.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-9582
https://notcve.org/view.php?id=CVE-2018-9582
In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the unknown source warning due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-112031362. En el instalador de paquetes en Android-8.0, Android-8.1 y Android-9, existe una posible omisión de la advertencia de fuente desconocida debido a un escenario de "agente confuso" (confused deputy). • http://www.securityfocus.com/bid/106474 https://source.android.com/security/bulletin/2019-01-01.html • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •
CVSS: 5.7EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9566
https://notcve.org/view.php?id=CVE-2018-9566
In process_service_search_rsp of sdp_discovery.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure when connecting to a malicious Bluetooth device with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/106147 https://source.android.com/security/bulletin/2018-12-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-9557
https://notcve.org/view.php?id=CVE-2018-9557
In really_install_package of install.cpp, there is a possible free of arbitrary memory due to uninitialized data. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2. • http://www.securityfocus.com/bid/106147 https://source.android.com/security/bulletin/2018-12-01 • CWE-763: Release of Invalid Pointer or Reference CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9548
https://notcve.org/view.php?id=CVE-2018-9548
In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/106067 https://source.android.com/security/bulletin/2018-12-01 • CWE-862: Missing Authorization •