CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9589
https://notcve.org/view.php?id=CVE-2018-9589
In ieee802_11_rx_wnmsleep_req of wnm_ap.c in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure in the wifi driver with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-111893132. En ieee802_11_rx_wnmsleep_req de wnm_ap.c en Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 y Android-9, existe una posible lectura fuera de límites debido a la falta de comprobación de límites. • http://www.securityfocus.com/bid/106495 https://source.android.com/security/bulletin/2019-01-01.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9588
https://notcve.org/view.php?id=CVE-2018-9588
In avdt_scb_hdl_report of avdt_scb_act.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-111450156. En avdt_scb_hdl_report de avdt_scb_act.cc en Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 y Android-9, existe una posible lectura fuera de límites debido a la falta de comprobación de límites. • http://www.securityfocus.com/bid/106495 https://source.android.com/security/bulletin/2019-01-01.html • CWE-125: Out-of-bounds Read •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9587
https://notcve.org/view.php?id=CVE-2018-9587
In savePhotoFromUriToUri of ContactPhotoUtils.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is possible unauthorized access to files within the contact app due to a confused deputy scenario. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Android ID: A-113597344. En savePhotoFromUriToUri de ContactPhotoUtils.java en Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 y Android-9, existe un posible acceso no autorizado a archivos de la aplicación de contactos debido a un escenario de "agente confuso" (confused deputy). • http://www.securityfocus.com/bid/106495 https://source.android.com/security/bulletin/2019-01-01.html • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 7.0EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9586
https://notcve.org/view.php?id=CVE-2018-9586
In run of InstallPackageTask.java in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, it is possible that package verification is turned off and remains off due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-116754444. Al ejecutar InstallPackageTask.java en Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 y Android-9, es posible desactivar la verificación de paquetes y dejarla así debido a una condición de carrera. • http://www.securityfocus.com/bid/106495 https://source.android.com/security/bulletin/2019-01-01.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9585
https://notcve.org/view.php?id=CVE-2018-9585
In nfc_ncif_proc_get_routing of nfc_ncif.cc in Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 and Android-9, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Android ID: A-117554809. En nfc_ncif_proc_get_routing de nfc_ncif.cc en Android-7.0, Android-7.1.1, Android-7.1.2, Android-8.0, Android-8.1 y Android-9, existe una posible escritura fuera de límites debido a la falta de comprobación de límites. • http://www.securityfocus.com/bid/106495 https://source.android.com/security/bulletin/2019-01-01.html • CWE-787: Out-of-bounds Write •