CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9523
https://notcve.org/view.php?id=CVE-2018-9523
In Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/105847 https://source.android.com/security/bulletin/2018-11-01 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-9524
https://notcve.org/view.php?id=CVE-2018-9524
In functionality implemented in System UI, there are insufficient protections implemented around overlay windows. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. • http://www.securityfocus.com/bid/105848 https://source.android.com/security/bulletin/2018-11-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2018-15835 – Android 5.0 Battery Information Broadcast Information Disclosure
https://notcve.org/view.php?id=CVE-2018-15835
Android 1.0 through 9.0 has Insecure Permissions. The Android bug ID is 77286983. Android, desde la versión 1.0 hasta la 9.0, tiene permisos inseguros. El ID de error de Android es 77286983. Android OS version 5.0 suffers from a sensitive data exposure vulnerability in its battery information broadcasts. • http://packetstormsecurity.com/files/150284/Android-5.0-Battery-Information-Broadcast-Information-Disclosure.html http://seclists.org/fulldisclosure/2018/Nov/35 https://wwws.nightwatchcybersecurity.com/2018/11/11/cve-2018-15835 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-9360
https://notcve.org/view.php?id=CVE-2018-9360
In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74201143. En process_l2cap_cmd de l2c_main.cc, hay una posible lectura fuera de límites debido a la falta de una comprobación de límites. • http://www.securityfocus.com/bid/104461 https://source.android.com/security/bulletin/2018-06-01 • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2018-9356
https://notcve.org/view.php?id=CVE-2018-9356
In bnep_data_ind of bnep_main.c, there is a possible remote code execution due to a double free. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-74950468. En bnep_data_ind de bnep_main.c, hay una posible ejecución remota de código debido a una doble liberación (double free). • http://www.securityfocus.com/bid/104461 https://source.android.com/security/bulletin/2018-06-01 • CWE-415: Double Free •