Android@7.1.2 Security Vulnerabilities and Issues — Android@7.1.2 CVE List

Lucene search

GoogleAndroid7.1.2

7 matches found

CVE•added 2025/01/17 11:15 p.m.•772 views

CVE-2018-9434

In multiple functions of Parcel.cpp, there is a possible way to bypass address space layout randomization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.9AI score0.00006EPSS

CVE•added 2025/01/18 12:15 a.m.•641 views

CVE-2018-9461

In onAttachFragment of ShareIntentActivity.java, there is a possible way for an app to read files in the messages app due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7CVSS8.1AI score0.00012EPSS

CVE•added 2025/01/17 11:15 p.m.•544 views

CVE-2018-9379

In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of deleted photos due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

5.5CVSS5.9AI score0.00018EPSS

CVE•added 2025/01/17 11:15 p.m.•516 views

CVE-2018-9382

In multiple functions of WifiServiceImpl.java, there is a possible way to activate Wi-Fi hotspot from a non-owner profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitati...

7.8CVSS6.8AI score0.00019EPSS

CVE•added 2025/01/17 11:15 p.m.•506 views

CVE-2018-9375

In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

7.8CVSS6.8AI score0.00031EPSS

CVE•added 2025/01/17 11:15 p.m.•130 views

CVE-2017-13322

In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

10CVSS6.3AI score0.00029EPSS

CVE•added 2025/01/28 5:15 p.m.•51 views

CVE-2018-9378

In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

6.2CVSS6AI score0.00019EPSS