CVSS: 8.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9504
https://notcve.org/view.php?id=CVE-2018-9504
In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution over bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110216176 En sdp_copy_raw_data de sdp_discovery.cc, hay una posible escritura fuera de límites debido a una comprobación de límites incorrecta. Esto podría llevar a la ejecución remota de código por Bluetooth sin necesitar privilegios de ejecución adicionales. • http://www.securityfocus.com/bid/105482 https://android.googlesource.com/platform/system/bt/+/11fb7aa03437eccac98d90ca2de1730a02a515e2 https://source.android.com/security/bulletin/2018-10-01 https://source.android.com/security/bulletin/2018-10-01%2C • CWE-787: Out-of-bounds Write •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2018-9498
https://notcve.org/view.php?id=CVE-2018-9498
In SkSampler::Fill of SkSampler.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-78354855 En SkSampler::Fill de SkSampler.cpp, hay una posible escritura fuera de límites debido a un búfer no inicializado. Esto podría llevar a la ejecución remota de código sin necesitar privilegios de ejecución adicionales. • http://www.securityfocus.com/bid/105481 https://android.googlesource.com/platform/external/skia/+/77c955200ddd1761d6ed7a6c1578349fedbb55e4 https://source.android.com/security/bulletin/2018-10-01 https://source.android.com/security/bulletin/2018-10-01%2C • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9501
https://notcve.org/view.php?id=CVE-2018-9501
In the SetupWizard, there is a possible Factory Reset Protection bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110034419 En SetupWizard, hay una posible omisión de Factory Reset Protection debido a una omisión de permisos. Esto podría llevar a un escalado de privilegios local sin necesitar privilegios de ejecución adicionales. • http://www.securityfocus.com/bid/105482 https://android.googlesource.com/platform/packages/apps/Settings/+/5e43341b8c7eddce88f79c9a5068362927c05b54 https://source.android.com/security/bulletin/2018-10-01 https://source.android.com/security/bulletin/2018-10-01%2C •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9505
https://notcve.org/view.php?id=CVE-2018-9505
In mca_ccb_hdl_req of mca_cact.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-110791536 En mca_ccb_hdl_req de mca_cact.cc, hay una posible lectura fuera de límites debido a la falta de una comprobación de límites. Esto podría llevar a una divulgación remota de información por Buetooth sin necesitar privilegios de ejecución adicionales. • http://www.securityfocus.com/bid/105482 https://android.googlesource.com/platform/system/bt/+/5216e6120160b28d76e9ee4dff9995e772647511 https://source.android.com/security/bulletin/2018-10-01 https://source.android.com/security/bulletin/2018-10-01%2C • CWE-125: Out-of-bounds Read •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2018-9490
https://notcve.org/view.php?id=CVE-2018-9490
In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111274046 En CollectValuesOrEntriesImpl de elements.cc, hay uan posible ejecución remota de código debido a una confusión de tipos. • http://www.securityfocus.com/bid/105484 https://android.googlesource.com/platform/external/chromium-libpac/+/948d4753664cc4e6b33cc3de634ac8fd5f781382%2C https://android.googlesource.com/platform/external/v8/+/a24543157ae2cdd25da43e20f4e48a07481e6ceb https://source.android.com/security/bulletin/2018-10-01%2C • CWE-704: Incorrect Type Conversion or Cast •