Android
by Google
CVEs (4,041)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-9531 | 0.00 | — | 0.01 | Nov 14, 2018 | In AudioSpecificConfig_Parse of tpdec_asc.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:… | |||
| CVE-2018-9526 | 0.00 | — | 0.01 | Nov 14, 2018 | In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112159033 | |||
| CVE-2018-9539 | 0.00 | — | 0.00 | Nov 14, 2018 | In the ClearKey CAS descrambler, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0… | |||
| CVE-2018-9536 | 0.00 | — | 0.01 | Nov 14, 2018 | In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9.… | |||
| CVE-2018-9537 | 0.00 | — | 0.02 | Nov 14, 2018 | In CAacDecoder_DecodeFrame of aacdecode.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product:… | |||
| CVE-2018-9534 | 0.00 | — | 0.01 | Nov 14, 2018 | In ixheaacd_mps_getstridemap of ixheaacd_mps_parse.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.… | |||
| CVE-2018-9347 | 0.00 | — | 0.01 | Nov 14, 2018 | In function SMF_ParseMetaEvent of file eas_smf.c there is incorrect input validation causing an infinite loop. This could lead to a remote temporary DoS with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:… | |||
| CVE-2018-9580 | 0.00 | — | 0.00 | Nov 14, 2018 | A Elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-76222002. | |||
| CVE-2018-9528 | 0.00 | — | 0.01 | Nov 14, 2018 | In ixheaacd_over_lap_add1_armv8 of ixheaacd_overlap_add1.s there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product:… | |||
| CVE-2018-9530 | 0.00 | — | 0.01 | Nov 14, 2018 | In ixheaacd_tns_ar_filter_dec of ixheaacd_aac_tns.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.… | |||
| CVE-2018-9543 | 0.00 | — | 0.00 | Nov 14, 2018 | In trim_device of f2fs_format_utils.c, it is possible that the data partition is not wiped during a factory reset. This could lead to local information disclosure after factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.… | |||
| CVE-2018-9535 | 0.00 | — | 0.01 | Nov 14, 2018 | In ixheaacd_reset_acelp_data_fix of ixheaacd_lpc.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.… | |||
| CVE-2018-9527 | 0.00 | — | 0.01 | Nov 14, 2018 | In vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:… | |||
| CVE-2018-9529 | 0.00 | — | 0.01 | Nov 14, 2018 | In ixheaacd_individual_ch_stream of ixheaacd_channel.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.… | |||
| CVE-2018-9524 | 0.00 | — | 0.00 | Nov 14, 2018 | In functionality implemented in System UI, there are insufficient protections implemented around overlay windows. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.… | |||
| CVE-2018-9521 | 0.00 | — | 0.02 | Nov 14, 2018 | In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for… | |||
| CVE-2018-9532 | 0.00 | — | 0.01 | Nov 14, 2018 | In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.… | |||
| CVE-2018-9542 | 0.00 | — | 0.01 | Nov 14, 2018 | In avrc_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.… | |||
| CVE-2018-9525 | 0.00 | — | 0.00 | Nov 14, 2018 | In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFI_CHANGED, there is a possible permissions bypass due to a confused deputy. This could lead to local escalation of privilege, allowing a local attacker to change… | |||
| CVE-2018-9523 | 0.00 | — | 0.00 | Nov 14, 2018 | In Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for… |
- CVE-2018-9531Nov 14, 2018risk 0.00cvss —epss 0.01
In AudioSpecificConfig_Parse of tpdec_asc.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:…
- CVE-2018-9526Nov 14, 2018risk 0.00cvss —epss 0.01
In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112159033
- CVE-2018-9539Nov 14, 2018risk 0.00cvss —epss 0.00
In the ClearKey CAS descrambler, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0…
- CVE-2018-9536Nov 14, 2018risk 0.00cvss —epss 0.01
In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9.…
- CVE-2018-9537Nov 14, 2018risk 0.00cvss —epss 0.02
In CAacDecoder_DecodeFrame of aacdecode.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product:…
- CVE-2018-9534Nov 14, 2018risk 0.00cvss —epss 0.01
In ixheaacd_mps_getstridemap of ixheaacd_mps_parse.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…
- CVE-2018-9347Nov 14, 2018risk 0.00cvss —epss 0.01
In function SMF_ParseMetaEvent of file eas_smf.c there is incorrect input validation causing an infinite loop. This could lead to a remote temporary DoS with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:…
- CVE-2018-9580Nov 14, 2018risk 0.00cvss —epss 0.00
A Elevation of privilege vulnerability in the HTC bootloader. Product: Android. Versions: Android kernel. Android ID: A-76222002.
- CVE-2018-9528Nov 14, 2018risk 0.00cvss —epss 0.01
In ixheaacd_over_lap_add1_armv8 of ixheaacd_overlap_add1.s there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product:…
- CVE-2018-9530Nov 14, 2018risk 0.00cvss —epss 0.01
In ixheaacd_tns_ar_filter_dec of ixheaacd_aac_tns.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…
- CVE-2018-9543Nov 14, 2018risk 0.00cvss —epss 0.00
In trim_device of f2fs_format_utils.c, it is possible that the data partition is not wiped during a factory reset. This could lead to local information disclosure after factory reset with no additional execution privileges needed. User interaction is not needed for exploitation.…
- CVE-2018-9535Nov 14, 2018risk 0.00cvss —epss 0.01
In ixheaacd_reset_acelp_data_fix of ixheaacd_lpc.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…
- CVE-2018-9527Nov 14, 2018risk 0.00cvss —epss 0.01
In vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:…
- CVE-2018-9529Nov 14, 2018risk 0.00cvss —epss 0.01
In ixheaacd_individual_ch_stream of ixheaacd_channel.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…
- CVE-2018-9524Nov 14, 2018risk 0.00cvss —epss 0.00
In functionality implemented in System UI, there are insufficient protections implemented around overlay windows. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…
- CVE-2018-9521Nov 14, 2018risk 0.00cvss —epss 0.02
In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for…
- CVE-2018-9532Nov 14, 2018risk 0.00cvss —epss 0.01
In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android.…
- CVE-2018-9542Nov 14, 2018risk 0.00cvss —epss 0.01
In avrc_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.…
- CVE-2018-9525Nov 14, 2018risk 0.00cvss —epss 0.00
In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFI_CHANGED, there is a possible permissions bypass due to a confused deputy. This could lead to local escalation of privilege, allowing a local attacker to change…
- CVE-2018-9523Nov 14, 2018risk 0.00cvss —epss 0.00
In Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for…
Page 193 of 203