CVSS: 10.0EPSS: 0%CPEs: 42EXPL: 0CVE-2018-3594
https://notcve.org/view.php?id=CVE-2018-3594
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 820, SD 820A, SD 835, SD 845, while parsing a private frame in an ID3 tag, a buffer over-read can occur when comparing frame data with predefined owner identifier strings. En Android antes del nivel de parcheo de seguridad del 2018-04-05 en Qualcomm Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 820, SD 820A, SD 835 y SD 845, cuando se analiza una trama privada en una etiqueta ID3, puede ocurrir una sobrelectura de búfer al comparar los datos de la trama con las cadenas de identificación de propietario predefinidas. • http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 56EXPL: 0CVE-2017-18138
https://notcve.org/view.php?id=CVE-2017-18138
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, in GERAN, a buffer overflow may potentially occur. En Android, antes del nivel de parche de seguridad del 2018-04-05 en Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845 y SD 850 podría ocurrir un desbordamiento de búfer en GERAN. • http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 60EXPL: 0CVE-2017-18139
https://notcve.org/view.php?id=CVE-2017-18139
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, a buffer overflow vulnerability may potentially exist while making an IMS call. En Android, antes del nivel de parche de seguridad del 2018-04-05 en Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845 y SD 850 podría existir una vulnerabilidad de desbordamiento de búfer al realizar una llamada IMS. • http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 70EXPL: 0CVE-2017-18126
https://notcve.org/view.php?id=CVE-2017-18126
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the original mac spoofing feature does not use the following in probe request frames: (a) randomized sequence numbers and (b) randomized source address for cfg80211 scan, vendor scan and pno scan which may affect user privacy. En Android, antes del nivel de parche de seguridad del 2018-04-05 en Qualcomm Snapdragon Mobile y Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660 y Snapdragon_High_Med_2016, la característica original de suplantación de mac no emplea lo siguiente en los frames de petición de sondeo: (a) números de secuencia aleatorizados y (b) una dirección de origen aleatorizada para cfg80211 scan, vendor scan y pno scan, lo que podría afectar a la privacidad del usuario. • http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 •
CVSS: 10.0EPSS: 0%CPEs: 52EXPL: 0CVE-2017-18136
https://notcve.org/view.php?id=CVE-2017-18136
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 820, SD 820A, SD 835, SD 845, in the omx aac component, a Use After Free condition may potentially occur. En Android, antes del nivel de parche de seguridad del 2018-04-05 en Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 820, SD 820A, SD 835 y SD 845 podría ocurrir una condición de uso de memoria previamente liberada en el componente omx aac. • http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 • CWE-416: Use After Free •