CVSS: 10.0EPSS: 0%CPEs: 54EXPL: 0CVE-2018-3591
https://notcve.org/view.php?id=CVE-2018-3591
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the default build configuration of deviceprogrammer in BOOT.BF.3.0 enables the flag SKIP_SECBOOT_CHECK_NOT_RECOMMENDED_BY_QUALCOMM which will open up the peek and poke commands to any memory location on the target. En Android antes del nivel de parcheo de seguridad del 2018-04-05 en Qualcomm Snapdragon Mobile y Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660 y Snapdragon_High_Med_2016, la configuración de la build por defecto de deviceprogrammer en BOOT.BF.3.0 habilita la marca SKIP_SECBOOT_CHECK_NOT_RECOMMENDED_BY_QUALCOMM, la cual abre los comandos peek y pole en cualquier ubicación de la memoria en el objetivo. • http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 • CWE-1188: Initialization of a Resource with an Insecure Default •
CVSS: 10.0EPSS: 0%CPEs: 44EXPL: 0CVE-2017-18130
https://notcve.org/view.php?id=CVE-2017-18130
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 820, SD 820A, SD 835, SD 845, while playing an ASF file, a buffer over-read can potentially occur. En Android, antes del nivel de parche de seguridad del 2018-04-05 en Qualcomm Snapdragon Automobile, Snapdragon Mobile, y Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 820, SD 820A, SD 835 y SD 845, al reproducir un archivo ASF, podría ocurrir una sobrelectura de búfer. • http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 0CVE-2017-18145
https://notcve.org/view.php?id=CVE-2017-18145
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, while the DPM native process is processing framework events, the iterator pointer is deleted after processing an event. When processing subsequent events, a Use After Condition will occur. En Android, antes del nivel de parche de seguridad del 2018-04-05 en Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835 y SD 845 mientras el proceso nativo DPM procesa eventos del framework, el puntero de iteración se elimina tras procesar un evento. Al procesar otros eventos, ocurrirá una condición de uso de memoria previamente liberada. • http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 48EXPL: 0CVE-2017-18140
https://notcve.org/view.php?id=CVE-2017-18140
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, when processing a call disconnection, there is an attempt to print the RIL token-id to the debug log. If eMBMS service is enabled while processing the call disconnect, a Use After Free condition may potentially occur. En Android, antes del nivel de parche de seguridad del 2018-04-05 en Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835 y SD 845, al procesar una desconexión de llamada, hay un intento de impresión del token-id RIL en el log de depuración. Si el servicio eMBMS está habilitado mientras se procesa la desconexión de llamada, podría ocurrir una condición de uso de memoria previamente liberada. • http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 76EXPL: 0CVE-2017-18072
https://notcve.org/view.php?id=CVE-2017-18072
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the probe requests originated from user's phone contains the information elements which specifies the supported wifi features. This shall impact the user's privacy if someone sniffs the probe requests originated by this DUT. Hence, control the presence of which information elements is supported. En Android, antes del nivel de parche de seguridad del 2018-04-05 en Qualcomm Snapdragon Mobile y Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660 y Snapdragon_High_Med_2016, la petición de sondeo originada en el teléfono del usuario contiene los elementos de información que especifican las características Wi-Fi soportadas. Esto impactaría en la privacidad del usuario si alguien rastrease las peticiones de sondeo originadas por esta DUT. • http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •