CVE-2018-9400

The CVE-2018-9400 issue affects Mediatek GT1151 touchscreen drivers (GT1151/gt1x_generic.c and gt1x_tools.c). Root cause: missing bounds check enabling an out-of-bounds write in gt1x_debug_write_proc and gt1x_tool_write. Impact: local escalation of privilege with System execution privileges requi...

CVE-2018-9399

CVE-2018-9399 affects the /proc/driver/wmt_dbg driver. The issue is multiple possible out-of-bounds writes in this driver, enabling local escalation of privilege with SYSTEM privileges and no user interaction required. Reported impact is local (attack vector: LOCAL) with the potential for total c...

CVE-2018-9396

CVE-2018-9396 affects the Mediatek port_rpc.c code path (drivers/misc/mediatek/eccci/port_rpc.c) where an incorrect bounds check enables an out-of-bounds write. This can lead to local escalation of privilege with SYSTEM execution privileges needed, and exploitation does not require user interacti...

CVE-2018-9395

The CVE-2018-9395 issue affects the Mediatek WLAN driver (mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config) in drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_vendor.c. It describes a possible out-of-bounds write due to a missing bounds check, enabling local...

CVE-2018-9394

The CVE-2018-9394 entry concerns the MediaTek MTK P2P driver: mtk_p2p_wext_set_key in drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_p2p.c. The vulnerability is an out-of-bounds (OOB) write caused by improper input validation, enabling local privilege escalation with System execution pr...

CVE-2018-9393

CVE-2018-9393 affects the MTK WLAN driver: a possible out-of-bounds write in procfile_write() of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_proc.c due to a missing bounds check. This can lead to local privilege escalation with System execution privileges; exploitation reportedly doe...

CVE-2018-9392

CVE-2018-9392 affects the Mediatek GPS HAL: in get_binary() of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c there is a possible out-of-bounds write due to a missing bounds check. This could enable local elevation of privilege with System execution privileges, and...

Important: postgresql:16 security update

PostgreSQL is an advanced object-relational database management system DBMS. Security Fixes: postgresql: PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID CVE-2024-10978 postgresql: PostgreSQL PL/Perl environment variable changes execute arbitrary code CVE-2024-10979 postgresq...

CVE-2018-9430

CVE-2018-9430 is an out-of-bounds write in btif_storage.cc (prop2cfg) that can lead to remote code execution without user interaction. Affected: Android Pixel/Nexus devices; root cause described as incorrect bounds check triggering a write beyond limits. Impact: high (RCE), network attack vector ...

CVE-2018-9426

CVE-2018-9426 summary (concrete details from connected docs) Root cause: In RSAKeyPairGenerator.getNumberOfIterations (RSAKeyPairGenerator.java), an incorrect implementation can produce weak RSA key pairs. Impact: Crypto vulnerability with no additional execution privileges; no user interaction r...

CVE-2018-9423

CVE-2018-9423 affects the Media framework component (ihevcd_parse_slice_header.c) where a missing bounds check allows an out-of-bounds read, leading to DoS. Exploitation requires user interaction. Several connected sources (NVD/Red Hat/Android bulletin) confirm the issue and cite the root cause. ...

CVE-2018-9418

CVE-2018-9418 involves a possible stack buffer overflow in the Android kernel/user-space component described as dtif_rc.cc:handle_app_cur_val_response, caused by a missing bounds check. The Red Hat/NVD/CVE records align with the Android Pixel/Nexus security bulletin noting this issue as a Remote ...

CVE-2018-9381

CVE-2018-9381 affects the gatt_sr.c component, specifically the gatts_process_read_by_type_req path, where uninitialized data can cause information disclosure. The issue enables remote information disclosure without additional execution privileges and requires no user interaction. Publicly disclo...

CVE-2018-9374

CVE-2018-9374 affects Android’s PackageManagerService.java, specifically installPackageLI, enabling a possible permissions bypass that could lead to local elevation of privilege. Exploitation would require local user privileges with no user interaction, per the CVE description. The issue is liste...

CVE-2018-9352

CVE-2018-9352 affects the ihevcd_allocate_dynamic_bufs function in ihevcd_api.c. The vulnerability is a resource exhaustion due to an integer overflow, potentially enabling remote denial of service with no code execution required. Exploitation requires user interaction. Connected sources (Red Hat...

CVE-2018-9351

The CVE-2018-9351 issue affects the ih264e_fmt_conv_420p_to_420sp function in ih264e_fmt_conv.c, where a missing bounds check allows an out-of-bounds read. This can lead to a remote denial of service with no extra privileges required, and user interaction is needed to exploit. Connected records (...

CVE-2018-9350

CVE-2018-9350 describes a vulnerability in ih264d_assign_pic_num (ih264d_utils.c) where a missing bounds check can cause an out-of-bounds read, resulting in a denial of service. The issue is triggered by user interaction and would be exploitable remotely via the affected component, as indicated b...

CVE-2017-13321

The CVE-2017-13321 issue affects Android’s SensorService::isDataInjectionEnabled in frameworks/native/services/sensorservice/SensorService.cpp, where a missing bounds check can cause an out-of-bounds read. This leads to local information disclosure with no user interaction and without additional ...

CVE-2018-5852

CVE-2018-5852 describes an unsigned integer underflow in the Qualcomm IPA driver that results in a buffer over-read when reading NAT entries via the debugfs path /sys/kernel/debug/ipa/ip4_nat. The vulnerability is tied to the IPA driver component and affects Qualcomm chipsets; the underlying issu...

CVE-2018-11816

CVE-2018-11816 is a Qualcomm MediaServer issue where a crafted Binder request can trigger a heap use-after-free in the Video path. The CVSS 3.1 vector indicates Local attack, low privileges required, no user interaction, with High impact on confidentiality, integrity, and availability. Public det...