CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9543
https://notcve.org/view.php?id=CVE-2018-9543
In trim_device of f2fs_format_utils.c, it is possible that the data partition is not wiped during a factory reset. This could lead to local information disclosure after factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/105849 https://source.android.com/security/bulletin/2018-11-01 https://source.android.com/security/bulletin/2018-12-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9347
https://notcve.org/view.php?id=CVE-2018-9347
In function SMF_ParseMetaEvent of file eas_smf.c there is incorrect input validation causing an infinite loop. This could lead to a remote temporary DoS with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/105844 https://source.android.com/security/bulletin/2018-06-01 https://source.android.com/security/bulletin/2018-11-01 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9523
https://notcve.org/view.php?id=CVE-2018-9523
In Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/105847 https://source.android.com/security/bulletin/2018-11-01 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9527
https://notcve.org/view.php?id=CVE-2018-9527
In vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/105865 https://source.android.com/security/bulletin/2018-11-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9540
https://notcve.org/view.php?id=CVE-2018-9540
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/105849 https://source.android.com/security/bulletin/2018-11-01 • CWE-125: Out-of-bounds Read •