CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9586
https://notcve.org/view.php?id=CVE-2018-9586
In run of InstallPackageTask.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, it is possible that package verification is turned off and remains off due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116754444. Al ejecutar InstallPackageTask.java en Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 y Android-9, es posible desactivar la verificación de paquetes y dejarla así debido a una condición de carrera. • http://www.securityfocus.com/bid/106495 https://source.android.com/security/bulletin/2019-01-01.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9585
https://notcve.org/view.php?id=CVE-2018-9585
In nfc_ncif_proc_get_routing of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-117554809. En nfc_ncif_proc_get_routing de nfc_ncif.cc en Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 y Android-9, existe una posible escritura fuera de límites debido a la falta de comprobación de límites. • http://www.securityfocus.com/bid/106495 https://source.android.com/security/bulletin/2019-01-01.html • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9584
https://notcve.org/view.php?id=CVE-2018-9584
In nfc_ncif_set_config_status of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-114047681. En nfc_ncif_set_config_status de nfc_ncif.cc en Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 y Android-9, existe una posible escritura fuera de límites debido a la falta de comprobación de límites. • http://www.securityfocus.com/bid/106495 https://source.android.com/security/bulletin/2019-01-01.html • CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9583
https://notcve.org/view.php?id=CVE-2018-9583
In bta_ag_parse_cmer of bta_ag_cmd.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the bluetooth server with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-112860487. En bta_ag_parse_cmer de bta_ag_cmd.cc en Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 y Android-9, existe una posible escritura fuera de límites debido a la falta de comprobación de límites. • http://www.securityfocus.com/bid/106495 https://source.android.com/security/bulletin/2019-01-01.html • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9555
https://notcve.org/view.php?id=CVE-2018-9555
In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/106147 https://source.android.com/security/bulletin/2018-12-01 • CWE-787: Out-of-bounds Write •