CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9493
https://notcve.org/view.php?id=CVE-2018-9493
In the content provider of the download manager, there is a possible SQL injection due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111085900 En el proveedor de contenidos del gestor de descargas, hay una posible inyección SQL debido a una validación de entradas incorrecta. Esto podría llevar a una divulgación de información local sin necesitar privilegios de ejecución adicionales. • http://www.securityfocus.com/bid/105484 https://android.googlesource.com/platform/frameworks/base/+/462aaeaa616e0bb1342e8ef7b472acc0cbc93deb%2C https://android.googlesource.com/platform/frameworks/base/+/ebc250d16c747f4161167b5ff58b3aea88b37acf https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/e7364907439578ce5334bce20bb03fef2e88b107%2C https://source.android.com/security/bulletin/2018-10-01%2C • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9497
https://notcve.org/view.php?id=CVE-2018-9497
In impeg2_fmt_conv_yuv420p_to_yuv420sp_uv_av8 of impeg2_format_conv.s there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-74078669 En impeg2_fmt_conv_yuv420p_to_yuv420sp_uv_av8 de impeg2_format_conv.s, hay una posible escritura fuera de límites debido a la falta de una comprobación de límites. Esto podría llevar a la ejecución remota de código sin necesitar privilegios de ejecución adicionales. • http://www.securityfocus.com/bid/105481 https://android.googlesource.com/platform/external/libmpeg2/+/bef16671c891e16f25a7b174bc528eea109357be https://source.android.com/security/bulletin/2018-10-01 https://source.android.com/security/bulletin/2018-10-01%2C • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9501
https://notcve.org/view.php?id=CVE-2018-9501
In the SetupWizard, there is a possible Factory Reset Protection bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110034419 En SetupWizard, hay una posible omisión de Factory Reset Protection debido a una omisión de permisos. Esto podría llevar a un escalado de privilegios local sin necesitar privilegios de ejecución adicionales. • http://www.securityfocus.com/bid/105482 https://android.googlesource.com/platform/packages/apps/Settings/+/5e43341b8c7eddce88f79c9a5068362927c05b54 https://source.android.com/security/bulletin/2018-10-01 https://source.android.com/security/bulletin/2018-10-01%2C •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9505
https://notcve.org/view.php?id=CVE-2018-9505
In mca_ccb_hdl_req of mca_cact.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110791536 En mca_ccb_hdl_req de mca_cact.cc, hay una posible lectura fuera de límites debido a la falta de una comprobación de límites. Esto podría llevar a una divulgación remota de información por Buetooth sin necesitar privilegios de ejecución adicionales. • http://www.securityfocus.com/bid/105482 https://android.googlesource.com/platform/system/bt/+/5216e6120160b28d76e9ee4dff9995e772647511 https://source.android.com/security/bulletin/2018-10-01 https://source.android.com/security/bulletin/2018-10-01%2C • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2018-9498
https://notcve.org/view.php?id=CVE-2018-9498
In SkSampler::Fill of SkSampler.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78354855 En SkSampler::Fill de SkSampler.cpp, hay una posible escritura fuera de límites debido a un búfer no inicializado. Esto podría llevar a la ejecución remota de código sin necesitar privilegios de ejecución adicionales. • http://www.securityfocus.com/bid/105481 https://android.googlesource.com/platform/external/skia/+/77c955200ddd1761d6ed7a6c1578349fedbb55e4 https://source.android.com/security/bulletin/2018-10-01 https://source.android.com/security/bulletin/2018-10-01%2C • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •