CVE-2015-9156
https://notcve.org/view.php?id=CVE-2015-9156
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 800, SD 808, and SD 810, when making a high speed Dual Carrier Downlink Data call in a multicell environment, a buffer overflow may occur. En Android antes del nivel de parcheo de seguridad del 2018-04-05 o antes en Qualcomm Snapdragon Mobile y Snapdragon Wear MDM9206, MDM9607, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 800, SD 808 y SD 810, al realizar una llamada de alta velocidad Dual Carrier Downlink Data en un entorno multillamada, podría ocurrir un desbordamiento de búfer. • http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-9213
https://notcve.org/view.php?id=CVE-2015-9213
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, the DIAG-EFS command EFS2_DIAG_DELTREE, which is handled by the function fs_diag_deltree_handler(), is used to delete files and directories only inside the /public folder. En Android, antes del nivel de parche de seguridad del 2018-04-05 o antes en Qualcomm Snapdragon Mobile y Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850 y SDX20, el comando de DIAG-EFS EFS2_DIAG_DELTREE, que está gestionado por la función fs_diag_deltree_handler(), se emplea para eliminar archivos y directorios solo dentro de la carpeta /public. • http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 • CWE-17: DEPRECATED: Code •
CVE-2015-9209
https://notcve.org/view.php?id=CVE-2015-9209
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, there is improper access control in a file storage API. En Android, antes del nivel de parche de seguridad del 2018-04-05 o antes en Qualcomm Snapdragon Mobile y Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850 y SDX20, hay un control de acceso incorrecto en una API de almacenamiento de archivos. • http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 • CWE-284: Improper Access Control •
CVE-2015-9139
https://notcve.org/view.php?id=CVE-2015-9139
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 810, and SD 820, improper input validation can occur while negotiating an SSL handshake. En Android, antes del nivel de parche de seguridad del 2018-04-05 o antes en Qualcomm Snapdragon Mobile y Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 810 y SD 820, la validación de entradas incorrecta puede ocurrir mientras se negocia un handshake SSL. • http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 • CWE-20: Improper Input Validation •
CVE-2016-10448
https://notcve.org/view.php?id=CVE-2016-10448
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, a simultaneous command post for addSA or updateSA on same SA leads to memory corruption. APIs addSA and updateSA APIs access the global variable ipsec_sa_list[] outside of mutex protection. En Android, antes del nivel de parche de seguridad del 2018-04-05 o antes en Qualcomm Snapdragon Mobile y Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850 y SDX20, un envío simultáneo de comandos para addSA o updateSA en el mismo SA conduce a una corrupción de memoria. Las API de addSA y updateSA acceden a la variable global ipsec_sa_list[] fuera de la protección mutex. • http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •