CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9507
https://notcve.org/view.php?id=CVE-2018-9507
In bta_av_proc_meta_cmd of bta_av_act.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111893951 En bta_av_proc_meta_cmd de bta_av_act.cc, hay una posible lectura fuera de límites debido a una comprobación de límites incorrecta. Esto podría llevar a una divulgación remota de información por Buetooth sin necesitar privilegios de ejecución adicionales. • http://www.securityfocus.com/bid/105482 https://android.googlesource.com/platform/system/bt/+/30cec963095366536ca0b1306089154e09bfe1a9 https://source.android.com/security/bulletin/2018-10-01 https://source.android.com/security/bulletin/2018-10-01%2C • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-9499
https://notcve.org/view.php?id=CVE-2018-9499
In readVector of iCrypto.cpp, there is a possible invalid read due to uninitialized data. This could lead to local information disclosure from the DRM server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-79218474 En readVector de iCrypto.cpp, hay una posible lectura no válida debido a datos no inicializados. Esto podría llevar a una divulgación de información local del servidor DRM sin necesitar privilegios de ejecución adicionales. • http://www.securityfocus.com/bid/105481 https://android.googlesource.com/platform/frameworks/av/+/bf7a67c33c0f044abeef3b9746f434b7f3295bb1 https://source.android.com/security/bulletin/2018-10-01 https://source.android.com/security/bulletin/2018-10-01%2C • CWE-908: Use of Uninitialized Resource •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9493
https://notcve.org/view.php?id=CVE-2018-9493
In the content provider of the download manager, there is a possible SQL injection due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111085900 En el proveedor de contenidos del gestor de descargas, hay una posible inyección SQL debido a una validación de entradas incorrecta. Esto podría llevar a una divulgación de información local sin necesitar privilegios de ejecución adicionales. • http://www.securityfocus.com/bid/105484 https://android.googlesource.com/platform/frameworks/base/+/462aaeaa616e0bb1342e8ef7b472acc0cbc93deb%2C https://android.googlesource.com/platform/frameworks/base/+/ebc250d16c747f4161167b5ff58b3aea88b37acf https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/e7364907439578ce5334bce20bb03fef2e88b107%2C https://source.android.com/security/bulletin/2018-10-01%2C • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9491
https://notcve.org/view.php?id=CVE-2018-9491
In AMediaCodecCryptoInfo_new of NdkMediaCodec.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution in external apps with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111603051 En AMediaCodecCryptoInfo_new de NdkMediaCodec.cpp, hay una posible escritura fuera de límites debido a un desbordamiento de enteros. Esto podría llevar a una ejecución remota de código en aplicaciones externas sin necesitar privilegios de ejecución adicionales. • http://www.securityfocus.com/bid/105484 https://android.googlesource.com/platform/frameworks/av/+/2b4667baa5a2badbdfec1794156ee17d4afef37c https://source.android.com/security/bulletin/2018-10-01%2C • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9510
https://notcve.org/view.php?id=CVE-2018-9510
In smp_proc_enc_info of smp_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111937065 En smp_proc_enc_info de smp_act.cc, hay una posible lectura fuera de límites debido a la falta de una comprobación de límites. Esto podría llevar a una divulgación remota de información por Bluetooth sin necesitar privilegios de ejecución adicionales. • http://www.securityfocus.com/bid/105482 https://android.googlesource.com/platform/system/bt/+/6e4b8e505173f803a5fc05abc09f64eef89dc308 https://source.android.com/security/bulletin/2018-10-01 https://source.android.com/security/bulletin/2018-10-01%2C • CWE-125: Out-of-bounds Read •