CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9544
https://notcve.org/view.php?id=CVE-2018-9544
In register_app of btif_hd.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. • http://www.securityfocus.com/bid/105849 https://source.android.com/security/bulletin/2018-11-01 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9347
https://notcve.org/view.php?id=CVE-2018-9347
In function SMF_ParseMetaEvent of file eas_smf.c there is incorrect input validation causing an infinite loop. This could lead to a remote temporary DoS with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/105844 https://source.android.com/security/bulletin/2018-06-01 https://source.android.com/security/bulletin/2018-11-01 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9523
https://notcve.org/view.php?id=CVE-2018-9523
In Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/105847 https://source.android.com/security/bulletin/2018-11-01 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9522
https://notcve.org/view.php?id=CVE-2018-9522
In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. This could lead to local escalation of privilege in the system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. • http://www.securityfocus.com/bid/105848 https://source.android.com/security/bulletin/2018-11-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9526
https://notcve.org/view.php?id=CVE-2018-9526
In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. • http://www.securityfocus.com/bid/105847 https://source.android.com/security/bulletin/pixel/2018-11-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •