Android
by Google
CVEs (4,041)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-9541 | 0.00 | — | 0.01 | Nov 14, 2018 | In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for… | |||
| CVE-2018-9545 | 0.00 | — | 0.00 | Nov 14, 2018 | In BTA_HdRegisterApp of bta_hd_api.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.… | |||
| CVE-2018-9540 | 0.00 | — | 0.01 | Nov 14, 2018 | In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.… | |||
| CVE-2018-9457 | 0.00 | — | 0.00 | Nov 14, 2018 | In onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve contact information due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for… | |||
| CVE-2018-9522 | 0.00 | — | 0.00 | Nov 14, 2018 | In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. This could lead to local escalation of privilege in the system process with no additional execution privileges needed. User… | |||
| CVE-2018-9544 | 0.00 | — | 0.00 | Nov 14, 2018 | In register_app of btif_hd.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product:… | |||
| CVE-2018-9533 | 0.00 | — | 0.01 | Nov 14, 2018 | In ixheaacd_dec_data_init of ixheaacd_create.c there is a possible out of write read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:… | |||
| CVE-2018-9357 | 0.00 | — | 0.00 | Nov 6, 2018 | In BNEP_Write of bnep_api.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0… | |||
| CVE-2018-9516 | 0.00 | — | 0.00 | Nov 6, 2018 | In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android… | |||
| CVE-2018-9446 | 0.00 | — | 0.02 | Nov 6, 2018 | In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:… | |||
| CVE-2018-9448 | 0.00 | — | 0.02 | Nov 6, 2018 | In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android… | |||
| CVE-2018-9422 | 0.00 | — | 0.00 | Nov 6, 2018 | In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID:… | |||
| CVE-2018-9465 | 0.00 | — | 0.00 | Nov 6, 2018 | In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:… | |||
| CVE-2018-9385 | 0.00 | — | 0.00 | Nov 6, 2018 | In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:… | |||
| CVE-2018-9437 | 0.00 | — | 0.01 | Nov 6, 2018 | In getstring of ID3.cpp there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0… | |||
| CVE-2018-9436 | 0.00 | — | 0.02 | Nov 6, 2018 | In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:… | |||
| CVE-2018-9362 | 0.00 | — | 0.02 | Nov 6, 2018 | In processMessagePart of InboundSmsHandler.java, there is a possible remote denial of service due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product:… | |||
| CVE-2018-9363 | 0.00 | — | 0.00 | Nov 6, 2018 | In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588… | |||
| CVE-2018-9359 | 0.00 | — | 0.02 | Nov 6, 2018 | In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:… | |||
| CVE-2018-9444 | 0.00 | — | 0.01 | Nov 6, 2018 | In ih264d_video_decode of ih264d_api.c there is a possible resource exhaustion due to an infinite loop. This could lead to remote temporary device denial of service (remote hang or reboot) with no additional execution privileges needed. User interaction is needed for… |
- CVE-2018-9541Nov 14, 2018risk 0.00cvss —epss 0.01
In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for…
- CVE-2018-9545Nov 14, 2018risk 0.00cvss —epss 0.00
In BTA_HdRegisterApp of bta_hd_api.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android.…
- CVE-2018-9540Nov 14, 2018risk 0.00cvss —epss 0.01
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.…
- CVE-2018-9457Nov 14, 2018risk 0.00cvss —epss 0.00
In onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve contact information due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for…
- CVE-2018-9522Nov 14, 2018risk 0.00cvss —epss 0.00
In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. This could lead to local escalation of privilege in the system process with no additional execution privileges needed. User…
- CVE-2018-9544Nov 14, 2018risk 0.00cvss —epss 0.00
In register_app of btif_hd.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…
- CVE-2018-9533Nov 14, 2018risk 0.00cvss —epss 0.01
In ixheaacd_dec_data_init of ixheaacd_create.c there is a possible out of write read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions:…
- CVE-2018-9357Nov 6, 2018risk 0.00cvss —epss 0.00
In BNEP_Write of bnep_api.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0…
- CVE-2018-9516Nov 6, 2018risk 0.00cvss —epss 0.00
In hid_debug_events_read of drivers/hid/hid-debug.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android…
- CVE-2018-9446Nov 6, 2018risk 0.00cvss —epss 0.02
In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:…
- CVE-2018-9448Nov 6, 2018risk 0.00cvss —epss 0.02
In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android…
- CVE-2018-9422Nov 6, 2018risk 0.00cvss —epss 0.00
In get_futex_key of futex.c, there is a use-after-free due to improper locking. This could lead to local escalation of privilege with no additional privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID:…
- CVE-2018-9465Nov 6, 2018risk 0.00cvss —epss 0.00
In task_get_unused_fd_flags of binder.c, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:…
- CVE-2018-9385Nov 6, 2018risk 0.00cvss —epss 0.00
In driver_override_store of bus.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:…
- CVE-2018-9437Nov 6, 2018risk 0.00cvss —epss 0.01
In getstring of ID3.cpp there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-6.0…
- CVE-2018-9436Nov 6, 2018risk 0.00cvss —epss 0.02
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:…
- CVE-2018-9362Nov 6, 2018risk 0.00cvss —epss 0.02
In processMessagePart of InboundSmsHandler.java, there is a possible remote denial of service due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product:…
- CVE-2018-9363Nov 6, 2018risk 0.00cvss —epss 0.00
In the hidp_process_report in bluetooth, there is an integer overflow. This could lead to an out of bounds write with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-65853588…
- CVE-2018-9359Nov 6, 2018risk 0.00cvss —epss 0.02
In process_l2cap_cmd of l2c_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions:…
- CVE-2018-9444Nov 6, 2018risk 0.00cvss —epss 0.01
In ih264d_video_decode of ih264d_api.c there is a possible resource exhaustion due to an infinite loop. This could lead to remote temporary device denial of service (remote hang or reboot) with no additional execution privileges needed. User interaction is needed for…
Page 194 of 203