Lucene search

K

49 matches found

CVE
CVE
added 2018/12/06 2:29 p.m.49 views

CVE-2018-9549

In lppTransposer of lpp_tran.cpp there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7...

9.3CVSS7.9AI score0.00253EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.48 views

CVE-2018-9558

In rw_t2t_handle_tlv_detect of rw_t2t_ndef.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege in the NFC kernel with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Ver...

7.8CVSS7.6AI score0.00022EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.47 views

CVE-2018-9550

In CAacDecoder_Init of aacdecoder.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-11...

9.3CVSS7.9AI score0.00253EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.45 views

CVE-2018-9551

In CAacDecoder_Init of aacdecoder.cpp, there is a possible out-of-bound write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-...

9.3CVSS7.8AI score0.00253EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.44 views

CVE-2018-9527

In vorbis_book_decodev_set of codebook.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 A...

9.3CVSS8.1AI score0.00212EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.43 views

CVE-2018-9555

In l2c_lcc_proc_pdu of l2c_fcr.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: And...

8.8CVSS8.4AI score0.0036EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.42 views

CVE-2018-9545

In BTA_HdRegisterApp of bta_hd_api.cc, there is a possible out-of-bound write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Andro...

7.8CVSS8.1AI score0.00022EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.42 views

CVE-2018-9552

In ihevcd_sao_shift_ctb of ihevcd_sao.c there is a possible out of bounds write due to missing bounds check. This could lead to information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 A...

5.5CVSS5.4AI score0.00116EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.40 views

CVE-2018-9539

In the ClearKey CAS descrambler, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-...

7CVSS7.5AI score0.00173EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.38 views

CVE-2018-9526

In device configuration data, there is an improperly configured setting. This could lead to remote disclosure of device location. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112159033

7.5CVSS7.2AI score0.0029EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.38 views

CVE-2018-9547

In unflatten of GraphicBuffer.cpp, there is a possible bad fd close due to improper input validation. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: An...

7.8CVSS7.6AI score0.00022EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.37 views

CVE-2018-9532

In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9...

8.8CVSS9AI score0.00409EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.37 views

CVE-2018-9538

In V4L2SliceVideoDecodeAccelerator::Dequeue of v4l2_slice_video_decode_accelerator.cc, there is a possible out of bounds read of a function pointer due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is ...

7.8CVSS7.6AI score0.00022EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.37 views

CVE-2018-9560

In HID_DevAddRecord of hidd_api.cc, there is a possible out-of-bounds write due to a missing bounds check. This could lead to local escalation of privilege in the Bluetooth service with User execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: An...

7.8CVSS7.7AI score0.00026EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.37 views

CVE-2018-9566

In process_service_search_rsp of sdp_discovery.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure when connecting to a malicious Bluetooth device with no additional execution privileges needed. User interaction is needed for exp...

5.7CVSS5.6AI score0.003EPSS
CVE
CVE
added 2018/12/07 11:29 p.m.37 views

CVE-2018-9573

In impd_parse_filt_block of impd_drc_dynamic_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. An...

9.3CVSS8.5AI score0.00177EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.36 views

CVE-2018-9525

In the AndroidManifest.xml file defining the SliceBroadcastReceiver handler for com.android.settings.slice.action.WIFI_CHANGED, there is a possible permissions bypass due to a confused deputy. This could lead to local escalation of privilege, allowing a local attacker to change device settings, wit...

7.8CVSS8AI score0.00016EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.36 views

CVE-2018-9528

In ixheaacd_over_lap_add1_armv8 of ixheaacd_overlap_add1.s there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android...

8.8CVSS9AI score0.00409EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.36 views

CVE-2018-9541

In avrc_pars_vendor_rsp of avcr_pars_ct.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Andro...

7.5CVSS7.2AI score0.00386EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.36 views

CVE-2018-9542

In avrc_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0...

7.5CVSS7.2AI score0.00386EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.36 views

CVE-2018-9543

In trim_device of f2fs_format_utils.c, it is possible that the data partition is not wiped during a factory reset. This could lead to local information disclosure after factory reset with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. V...

5.5CVSS5.6AI score0.0004EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.35 views

CVE-2018-9522

In the serialization functions of StatsLogEventWrapper.java, there is a possible out-of-bounds write due to unnecessary functionality which may be abused. This could lead to local escalation of privilege in the system process with no additional execution privileges needed. User interaction is not n...

7.8CVSS8.2AI score0.00018EPSS
CVE
CVE
added 2018/12/07 11:29 p.m.35 views

CVE-2018-9570

In impd_parse_drc_ext_v1 of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. And...

9.3CVSS8.4AI score0.00177EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.34 views

CVE-2018-9523

In Parcel.writeMapInternal of Parcel.java, there is a possible parcel serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: A...

7.8CVSS8.1AI score0.00017EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.34 views

CVE-2018-9562

In bta_ag_do_disc of bta_ag_sdp.cc, there is a possible out-of-bound read due to an incorrect parameter size. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9. Andr...

7.5CVSS6.9AI score0.00587EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.33 views

CVE-2018-9457

In onCheckedChanged of BluetoothPairingController.java, there is a possible way to retrieve contact information due to a permissions bypass. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Andr...

5.5CVSS5.1AI score0.00019EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.33 views

CVE-2018-9530

In ixheaacd_tns_ar_filter_dec of ixheaacd_aac_tns.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. And...

8.8CVSS9AI score0.00409EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.33 views

CVE-2018-9544

In register_app of btif_hd.cc, there is a possible out-of-bounds read due to a missing bounds check. This could lead to local information disclosure in the Bluetooth service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: ...

5.5CVSS5.6AI score0.00024EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.33 views

CVE-2018-9553

In MasteringMetadata::Parse of mkvparser.cc there is a possible double free due to an insecure default value. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 A...

9.3CVSS7.9AI score0.00253EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.33 views

CVE-2018-9556

In ParsePayloadHeader of payload_metadata.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-9....

10CVSS8.7AI score0.01165EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.32 views

CVE-2018-9535

In ixheaacd_reset_acelp_data_fix of ixheaacd_lpc.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Andr...

8.8CVSS9AI score0.00409EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.32 views

CVE-2018-9536

In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-1126621...

9.3CVSS8.1AI score0.00212EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.32 views

CVE-2018-9537

In CAacDecoder_DecodeFrame of aacdecode.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: A...

9.3CVSS8.7AI score0.00481EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.32 views

CVE-2018-9540

In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Ve...

7.5CVSS7.2AI score0.00386EPSS
CVE
CVE
added 2018/12/07 11:29 p.m.32 views

CVE-2018-9569

In impd_init_drc_decode_post_config of impd_drc_gain_decoder.c there is a possible out-of-bound write due to incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Andr...

9.3CVSS8.9AI score0.0037EPSS
CVE
CVE
added 2018/12/07 11:29 p.m.32 views

CVE-2018-9575

In impd_parse_dwnmix_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Andro...

9.3CVSS8.5AI score0.00177EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.31 views

CVE-2018-9529

In ixheaacd_individual_ch_stream of ixheaacd_channel.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. ...

8.8CVSS9AI score0.00409EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.31 views

CVE-2018-9559

In persist_set_key and other functions of cryptfs.cpp, there is a possible out-of-bounds write due to an uncaught error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Andr...

7.8CVSS7.8AI score0.00022EPSS
CVE
CVE
added 2018/12/07 11:29 p.m.31 views

CVE-2018-9571

In impd_parse_loud_eq_instructions of impd_drc_dynamic_payload.c there is a possible out-of-bound write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Andr...

9.3CVSS8.9AI score0.0037EPSS
CVE
CVE
added 2018/12/07 11:29 p.m.31 views

CVE-2018-9576

In impd_parse_parametric_drc_instructions of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Version...

9.3CVSS8.5AI score0.00177EPSS
CVE
CVE
added 2018/12/07 11:29 p.m.31 views

CVE-2018-9577

In impd_parametric_drc_parse_gain_set_params of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Vers...

9.3CVSS8.5AI score0.00177EPSS
CVE
CVE
added 2018/12/07 11:29 p.m.31 views

CVE-2018-9578

In ixheaacd_adts_crc_start_reg of ixheaacd_adts_crc_check.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Ve...

9.8CVSS9AI score0.00646EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.30 views

CVE-2018-9521

In parseMPEGCCData of NuPlayer2CCDecoder.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. ...

9.3CVSS8.9AI score0.00481EPSS
CVE
CVE
added 2018/12/06 2:29 p.m.30 views

CVE-2018-9548

In multiple functions of ContentProvider.java, there is a possible permission bypass due to a missing URI validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-...

5.5CVSS5.4AI score0.00027EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.29 views

CVE-2018-9531

In AudioSpecificConfig_Parse of tpdec_asc.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ...

9.3CVSS8.1AI score0.00212EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.28 views

CVE-2018-9533

In ixheaacd_dec_data_init of ixheaacd_create.c there is a possible out of write read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID...

8.8CVSS8.8AI score0.00409EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.25 views

CVE-2018-9347

In function SMF_ParseMetaEvent of file eas_smf.c there is incorrect input validation causing an infinite loop. This could lead to a remote temporary DoS with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1...

6.5CVSS6.6AI score0.00209EPSS
CVE
CVE
added 2018/11/14 6:29 p.m.25 views

CVE-2018-9534

In ixheaacd_mps_getstridemap of ixheaacd_mps_parse.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. An...

8.8CVSS9AI score0.00409EPSS
CVE
CVE
added 2018/12/07 11:29 p.m.25 views

CVE-2018-9574

In impd_parse_split_drc_characteristic of impd_drc_static_payload.c there is a possible out of bounds write due to missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: ...

9.3CVSS8.5AI score0.00177EPSS