CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9586
https://notcve.org/view.php?id=CVE-2018-9586
In run of InstallPackageTask.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, it is possible that package verification is turned off and remains off due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116754444. Al ejecutar InstallPackageTask.java en Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 y Android-9, es posible desactivar la verificación de paquetes y dejarla así debido a una condición de carrera. • http://www.securityfocus.com/bid/106495 https://source.android.com/security/bulletin/2019-01-01.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9585
https://notcve.org/view.php?id=CVE-2018-9585
In nfc_ncif_proc_get_routing of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-117554809. En nfc_ncif_proc_get_routing de nfc_ncif.cc en Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 y Android-9, existe una posible escritura fuera de límites debido a la falta de comprobación de límites. • http://www.securityfocus.com/bid/106495 https://source.android.com/security/bulletin/2019-01-01.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9584
https://notcve.org/view.php?id=CVE-2018-9584
In nfc_ncif_set_config_status of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-114047681. En nfc_ncif_set_config_status de nfc_ncif.cc en Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 y Android-9, existe una posible escritura fuera de límites debido a la falta de comprobación de límites. • http://www.securityfocus.com/bid/106495 https://source.android.com/security/bulletin/2019-01-01.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9583
https://notcve.org/view.php?id=CVE-2018-9583
In bta_ag_parse_cmer of bta_ag_cmd.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-112860487. En bta_ag_parse_cmer de bta_ag_cmd.cc en Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 y Android-9, existe una posible escritura fuera de límites debido a la falta de comprobación de límites. • http://www.securityfocus.com/bid/106495 https://source.android.com/security/bulletin/2019-01-01.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-9582
https://notcve.org/view.php?id=CVE-2018-9582
In package installer in Android-8.0, Android-8.1 and Android-9, there is a possible bypass of the unknown source warning due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-112031362. En el instalador de paquetes en Android-8.0, Android-8.1 y Android-9, existe una posible omisión de la advertencia de fuente desconocida debido a un escenario de "agente confuso" (confused deputy). • http://www.securityfocus.com/bid/106474 https://source.android.com/security/bulletin/2019-01-01.html • CWE-610: Externally Controlled Reference to a Resource in Another Sphere •