CVSS: 10.0EPSS: 19%CPEs: 7EXPL: 0CVE-2018-9356
https://notcve.org/view.php?id=CVE-2018-9356
06 Nov 2018 — In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74950468. En bnep_data_ind de bnep_main.c, hay una posible ejecución remota de código debido a una doble liberación (double free). • http://www.securityfocus.com/bid/104461 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-9357
https://notcve.org/view.php?id=CVE-2018-9357
06 Nov 2018 — In BNEP_Write of bnep_api.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74947856. En BNEP_Write de bnep_api.cc, hay una posible escritura fuera de límites debido a una comprobación de límites incorrecta. • http://www.securityfocus.com/bid/104461 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 3%CPEs: 7EXPL: 0CVE-2018-9358
https://notcve.org/view.php?id=CVE-2018-9358
06 Nov 2018 — In gatts_process_attribute_req of gatt_sc.cc, there is a possible read of uninitialized data due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-73172115. En gatts_process_attribute_req de gatt_sc.cc, hay una posible lectura de dat... • http://www.securityfocus.com/bid/104461 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 3%CPEs: 7EXPL: 0CVE-2018-9360
https://notcve.org/view.php?id=CVE-2018-9360
06 Nov 2018 — In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74201143. En process_l2cap_cmd de l2c_main.cc, hay una posible lectura fuera de límites debido a la falta de una comprobación de... • http://www.securityfocus.com/bid/104461 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 4%CPEs: 7EXPL: 0CVE-2018-9362
https://notcve.org/view.php?id=CVE-2018-9362
06 Nov 2018 — In processMessagePart of InboundSmsHandler.java, there is a possible remote denial of service due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-72298611. En processMessagePart de InboundSmsHandler.java, hay una posible denegación de servicio (DoS) remota d... • http://www.securityfocus.com/bid/104461 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-9422
https://notcve.org/view.php?id=CVE-2018-9422
06 Nov 2018 — In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-74250718 References: Upstream kernel. En get_futex_key en futex.c, hay un uso de memoria previamente liberada debido a un bloqueo incorrecto. • https://bugzilla.suse.com/show_bug.cgi?id=1102001&_ga=2.244341506.661832603.1561012452-1774095668.1553066022 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9501
https://notcve.org/view.php?id=CVE-2018-9501
02 Oct 2018 — In the SetupWizard, there is a possible Factory Reset Protection bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110034419 En SetupWizard, hay una posible omisión de Factory Reset Protection debido a una omisión de permisos. Esto podría llevar a un escalado de ... • http://www.securityfocus.com/bid/105482 •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2018-9492
https://notcve.org/view.php?id=CVE-2018-9492
02 Oct 2018 — In checkGrantUriPermissionLocked of ActivityManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-111934948 En checkGrantUriPermissionLocked de ActivityManagerService.java, hay una posible omisión de permisos. Esto podría llevar a un escalado de privilegios local sin necesitar priv... • http://www.securityfocus.com/bid/105484 • CWE-863: Incorrect Authorization •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9473
https://notcve.org/view.php?id=CVE-2018-9473
02 Oct 2018 — In ihevcd_parse_sei_payload of ihevcd_parse_headers.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-65484460 En ihevcd_parse_sei_payload de ihevcd_parse_headers.c, hay una posible escritura fuera de límites debido a un desbordamiento de enteros. Esto podría llevar a la ejecución remota de código sin n... • http://www.securityfocus.com/bid/105481 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 8%CPEs: 2EXPL: 0CVE-2018-9476
https://notcve.org/view.php?id=CVE-2018-9476
02 Oct 2018 — In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible use-after-free due to improper locking. This could lead to remote escalation of privilege in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-109699112 En avrc_pars_browsing_cmd en avrc_pars_tg.cc, hay un posible uso de memoria previamente liberada debido a un bloqueo incorrecto. Esto podría llevar a un escala... • http://www.securityfocus.com/bid/105482 • CWE-416: Use After Free •