CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9447
https://notcve.org/view.php?id=CVE-2018-9447
17 Jan 2025 — In onCreate of EmergencyCallbackModeExitDialog.java, there is a possible way to crash the emergency callback mode due to a missing null check. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/pixel/2018-08-01 • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9434
https://notcve.org/view.php?id=CVE-2018-9434
17 Jan 2025 — In multiple functions of Parcel.cpp, there is a possible way to bypass address space layout randomization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/pixel/2018-07-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9382
https://notcve.org/view.php?id=CVE-2018-9382
17 Jan 2025 — In multiple functions of WifiServiceImpl.java, there is a possible way to activate Wi-Fi hotspot from a non-owner profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/pixel/2018-06-01 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9379
https://notcve.org/view.php?id=CVE-2018-9379
17 Jan 2025 — In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of deleted photos due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/pixel/2018-06-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-9375
https://notcve.org/view.php?id=CVE-2018-9375
17 Jan 2025 — In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://github.com/IOActive/AOSP-ExploitUserDictionary • CWE-269: Improper Privilege Management •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13322
https://notcve.org/view.php?id=CVE-2017-13322
17 Jan 2025 — In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/pixel/2018-05-01 • CWE-783: Operator Precedence Logic Error •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9384
https://notcve.org/view.php?id=CVE-2018-9384
17 Jan 2025 — In multiple locations, there is a possible way to bypass KASLR due to an unusual root cause. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/pixel/2018-06-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-9383
https://notcve.org/view.php?id=CVE-2018-9383
17 Jan 2025 — In asn1_ber_decoder of asn1_decoder.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/pixel/2018-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53842
https://notcve.org/view.php?id=CVE-2024-53842
03 Jan 2025 — In cc_SendCcImsInfoIndMsg of cc_MmConManagement.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/pixel/2024-12-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-53841
https://notcve.org/view.php?id=CVE-2024-53841
03 Jan 2025 — In startListeningForDeviceStateChanges, there is a possible Permission Bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/pixel/2024-12-01 • CWE-276: Incorrect Default Permissions •