CVSS: 8.0EPSS: 0%CPEs: 9EXPL: 0CVE-2018-5383 – Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange
https://notcve.org/view.php?id=CVE-2018-5383
Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently validate elliptic curve parameters used to generate public keys during a Diffie-Hellman key exchange, which may allow a remote attacker to obtain the encryption key used by the device. El firmware bluetooth o los controladores de software del sistema operativo en versiones de macOS anteriores a la 10.13, versiones High Sierra e iOS anteriores a la 11.4 y versiones de Android anteriores al parche del 05/06/2018, podrían no validar lo suficiente parámetros de curva elíptica empleados para generar claves públicas durante un intercambio de claves Diffie-Hellman, lo que podría permitir que un atacante remoto obtenga la clave de cifrado empleada por el dispositivo. A vulnerability in Bluetooth pairing potentially allows an attacker with physical proximity (within 30 meters) to gain unauthorized access via an adjacent network, intercept traffic and send forged pairing messages between two vulnerable Bluetooth devices. This may result in information disclosure, elevation of privilege and/or denial of service. • http://www.cs.technion.ac.il/~biham/BT http://www.securityfocus.com/bid/104879 http://www.securitytracker.com/id/1041432 https://access.redhat.com/errata/RHSA-2019:2169 https://lists.debian.org/debian-lts-announce/2019/04/msg00005.html https://usn.ubuntu.com/4094-1 https://usn.ubuntu.com/4095-1 https://usn.ubuntu.com/4095-2 https://usn.ubuntu.com/4118-1 https://usn.ubuntu.com/4351-1 https://www.bluetooth.com/news/unknown/2018/07/bluetooth-sig- • CWE-325: Missing Cryptographic Step CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2018-14066
https://notcve.org/view.php?id=CVE-2018-14066
The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo. El proveedor de contenidos content://wappush en com.android.provider.telephony, tal y como se encuentra en algunas ROM personalizadas para teléfonos Android, permite la inyección SQL. Una consecuencia es que una aplicación sin el permiso READ_SMS puede leer mensajes SMS. • https://hacked0x90.wordpress.com/2018/07/12/lenovo-infinix-sql-injection-to-mobile-sms-leakage • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-5907
https://notcve.org/view.php?id=CVE-2018-5907
Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overflow in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. Posible desbordamiento de búfer en msm_adsp_stream_callback_put debido a la falta de validación de entradas de datos proporcionados por el usuario que conduce a un desbordamiento de enteros en todas las distribuciones de Android (Android for MSM, Firefox OS for MSM y QRD Android) desde CAF que emplean el kernel de Linux. • https://source.android.com/security/bulletin/pixel/2018-07-01#qualcomm-components https://www.vulnerabilitycenter.com/#%21vul=87341 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-11304
https://notcve.org/view.php?id=CVE-2018-11304
Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overflow in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. Posible desbordamiento de búfer en msm_adsp_stream_callback_put debido a la falta de validación de entradas de datos proporcionados por el usuario que conduce a un desbordamiento de enteros en todas las distribuciones de Android (Android for MSM, Firefox OS for MSM y QRD Android) desde CAF que emplean el kernel de Linux. • https://source.android.com/security/bulletin/pixel/2018-07-01#qualcomm-components https://www.vulnerabilitycenter.com/#%21vul=87338 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-5848 – kernel: buffer overflow in drivers/net/wireless/ath/wil6210/wmi.c:wmi_set_ie() may lead to memory corruption
https://notcve.org/view.php?id=CVE-2018-5848
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. En la función wmi_set_ie(), el código de validación de longitud no gestiona correctamente los desbordamientos de enteros sin firmar. Como resultado, un gran valor del argumento "ie_len" puede provocar un desbordamiento de búfer en todas las distribuciones de Android de CAF (Android for MSM, Firefox OS for MSM, QRD Android) que utilizan el kernel de Linux. In the function wmi_set_ie() in the Linux kernel the length validation code does not handle unsigned integer overflow properly. • https://access.redhat.com/errata/RHSA-2018:2948 https://access.redhat.com/errata/RHSA-2018:3083 https://access.redhat.com/errata/RHSA-2018:3096 https://lists.debian.org/debian-lts-announce/2019/03/msg00017.html https://lists.debian.org/debian-lts-announce/2019/03/msg00034.html https://lists.debian.org/debian-lts-announce/2019/04/msg00004.html https://source.android.com/security/bulletin/pixel/2018-05-01 https://www.codeaurora.org/security-bulletin/2018/05/11/may-2018-code- • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-190: Integer Overflow or Wraparound •