CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9428
https://notcve.org/view.php?id=CVE-2018-9428
In startDevice of AAudioServiceStreamBase.cpp there is a possible out of bounds write due to a use after free. This could lead to local arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. https://source.android.com/security/bulletin/2018-07-01 • https://source.android.com/security/bulletin/2018-07-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-9424
https://notcve.org/view.php?id=CVE-2018-9424
In CryptoPlugin::decrypt of CryptoPlugin.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2018-07-01 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-9421
https://notcve.org/view.php?id=CVE-2018-9421
In writeInplace of Parcel.cpp, there is a possible information leak across processes, using Binder, due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2018-07-01 • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2018-9420
https://notcve.org/view.php?id=CVE-2018-9420
In BnCameraService::onTransact of CameraService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2018-07-01 • CWE-908: Use of Uninitialized Resource •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-9419
https://notcve.org/view.php?id=CVE-2018-9419
In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2018-07-01 • CWE-787: Out-of-bounds Write •