CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9540
https://notcve.org/view.php?id=CVE-2018-9540
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/105849 https://source.android.com/security/bulletin/2018-11-01 • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9347
https://notcve.org/view.php?id=CVE-2018-9347
In function SMF_ParseMetaEvent of file eas_smf.c there is incorrect input validation causing an infinite loop. This could lead to a remote temporary DoS with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/105844 https://source.android.com/security/bulletin/2018-06-01 https://source.android.com/security/bulletin/2018-11-01 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9542
https://notcve.org/view.php?id=CVE-2018-9542
In avrc_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/105849 https://source.android.com/security/bulletin/2018-11-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9523
https://notcve.org/view.php?id=CVE-2018-9523
In Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. • http://www.securityfocus.com/bid/105847 https://source.android.com/security/bulletin/2018-11-01 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-9524
https://notcve.org/view.php?id=CVE-2018-9524
In functionality implemented in System UI, there are insufficient protections implemented around overlay windows. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1. • http://www.securityfocus.com/bid/105848 https://source.android.com/security/bulletin/2018-11-01 • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •