Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2018-AVI-421
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Android toutes versions n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 du 04 septembre 2018",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-11295",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11295"
},
{
"name": "CVE-2018-9469",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9469"
},
{
"name": "CVE-2018-5866",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5866"
},
{
"name": "CVE-2018-9427",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9427"
},
{
"name": "CVE-2018-9470",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9470"
},
{
"name": "CVE-2018-9472",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9472"
},
{
"name": "CVE-2018-9456",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9456"
},
{
"name": "CVE-2018-11824",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11824"
},
{
"name": "CVE-2018-11816",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11816"
},
{
"name": "CVE-2018-11285",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11285"
},
{
"name": "CVE-2018-11836",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11836"
},
{
"name": "CVE-2018-9468",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9468"
},
{
"name": "CVE-2018-11298",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11298"
},
{
"name": "CVE-2018-11297",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11297"
},
{
"name": "CVE-2018-11951",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11951"
},
{
"name": "CVE-2017-15825",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15825"
},
{
"name": "CVE-2018-9519",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9519"
},
{
"name": "CVE-2018-9486",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9486"
},
{
"name": "CVE-2018-9471",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9471"
},
{
"name": "CVE-2018-3588",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3588"
},
{
"name": "CVE-2018-9518",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9518"
},
{
"name": "CVE-2018-11293",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11293"
},
{
"name": "CVE-2018-9411",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9411"
},
{
"name": "CVE-2018-11290",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11290"
},
{
"name": "CVE-2017-18314",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18314"
},
{
"name": "CVE-2018-9487",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9487"
},
{
"name": "CVE-2018-11296",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11296"
},
{
"name": "CVE-2018-11288",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11288"
},
{
"name": "CVE-2018-9475",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9475"
},
{
"name": "CVE-2018-11270",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11270"
},
{
"name": "CVE-2017-5754",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5754"
},
{
"name": "CVE-2018-9488",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9488"
},
{
"name": "CVE-2017-18312",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18312"
},
{
"name": "CVE-2018-9478",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9478"
},
{
"name": "CVE-2018-11273",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11273"
},
{
"name": "CVE-2018-9474",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9474"
},
{
"name": "CVE-2018-11261",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11261"
},
{
"name": "CVE-2017-18311",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18311"
},
{
"name": "CVE-2018-9440",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9440"
},
{
"name": "CVE-2018-11301",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11301"
},
{
"name": "CVE-2017-18313",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18313"
},
{
"name": "CVE-2018-11287",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11287"
},
{
"name": "CVE-2018-11858",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11858"
},
{
"name": "CVE-2016-10394",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10394"
},
{
"name": "CVE-2018-9482",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9482"
},
{
"name": "CVE-2018-11855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11855"
},
{
"name": "CVE-2018-11276",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11276"
},
{
"name": "CVE-2018-11898",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11898"
},
{
"name": "CVE-2016-10408",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10408"
},
{
"name": "CVE-2018-9485",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9485"
},
{
"name": "CVE-2018-11857",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11857"
},
{
"name": "CVE-2018-11950",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11950"
},
{
"name": "CVE-2018-9481",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9481"
},
{
"name": "CVE-2018-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5914"
},
{
"name": "CVE-2018-9483",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9483"
},
{
"name": "CVE-2018-11846",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11846"
},
{
"name": "CVE-2018-11292",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11292"
},
{
"name": "CVE-2018-9479",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9479"
},
{
"name": "CVE-2018-5871",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5871"
},
{
"name": "CVE-2018-9467",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9467"
},
{
"name": "CVE-2018-9516",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9516"
},
{
"name": "CVE-2017-18124",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18124"
},
{
"name": "CVE-2018-9477",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9477"
},
{
"name": "CVE-2018-9466",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9466"
},
{
"name": "CVE-2018-9480",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9480"
},
{
"name": "CVE-2018-9484",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9484"
},
{
"name": "CVE-2018-11281",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11281"
},
{
"name": "CVE-2018-11265",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11265"
},
{
"name": "CVE-2018-9517",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9517"
},
{
"name": "CVE-2018-11300",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11300"
},
{
"name": "CVE-2018-11866",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11866"
},
{
"name": "CVE-2018-11865",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11865"
},
{
"name": "CVE-2018-11952",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11952"
},
{
"name": "CVE-2018-11842",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11842"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-421",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-09-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Pixel/Nexus du 04 septembre 2018",
"url": "https://source.android.com/security/bulletin/pixel/2018-09-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Android du 04 septembre 2018",
"url": "https://source.android.com/security/bulletin/2018-09-01"
}
]
}
CVE-2018-11952 (GCVE-0-2018-11952)
Vulnerability from cvelistv5 – Published: 2024-11-26 08:55 – Updated: 2024-11-26 14:09
VLAI
EPSS
Title
Improper Authentication in TrustZone
Summary
An image with a version lower than the fuse version may potentially be booted lead to improper authentication.
Severity
7.8 (High)
CWE
- CWE-287 - Improper Authentication
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Affected:
MDM9206
Affected: MDM9607 Affected: MDM9640 Affected: MDM9650 Affected: MSM8909W Affected: SD 210/SD 212/SD 205 Affected: SD 425 Affected: SD 430 Affected: SD 450 Affected: SD 615/16/SD 415 Affected: SD 617 Affected: SD 625 Affected: SD 650/52 Affected: SD 810 Affected: SD 820 Affected: SD 820A Affected: SD 835 Affected: SD 845 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-11952",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T14:02:10.500974Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T14:09:22.979Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"Snapdragon Wired Infrastructure and Networking"
],
"product": "Snapdragon",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "MDM9206"
},
{
"status": "affected",
"version": "MDM9607"
},
{
"status": "affected",
"version": "MDM9640"
},
{
"status": "affected",
"version": "MDM9650"
},
{
"status": "affected",
"version": "MSM8909W"
},
{
"status": "affected",
"version": "SD 210/SD 212/SD 205"
},
{
"status": "affected",
"version": "SD 425"
},
{
"status": "affected",
"version": "SD 430"
},
{
"status": "affected",
"version": "SD 450"
},
{
"status": "affected",
"version": "SD 615/16/SD 415"
},
{
"status": "affected",
"version": "SD 617"
},
{
"status": "affected",
"version": "SD 625"
},
{
"status": "affected",
"version": "SD 650/52"
},
{
"status": "affected",
"version": "SD 810"
},
{
"status": "affected",
"version": "SD 820"
},
{
"status": "affected",
"version": "SD 820A"
},
{
"status": "affected",
"version": "SD 835"
},
{
"status": "affected",
"version": "SD 845"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An image with a version lower than the fuse version may potentially be booted lead to improper authentication."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T08:55:24.910Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"url": "https://docs.qualcomm.com/product/publicresources/securitybulletin/may-2018-bulletin.html"
}
],
"title": "Improper Authentication in TrustZone"
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2018-11952",
"datePublished": "2024-11-26T08:55:24.910Z",
"dateReserved": "2018-06-07T00:00:00.000Z",
"dateUpdated": "2024-11-26T14:09:22.979Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-3588 (GCVE-0-2018-3588)
Vulnerability from cvelistv5 – Published: 2018-10-26 13:00 – Updated: 2024-08-05 04:50
VLAI
EPSS
Summary
There is improper access control of the SSC and GPU mapped regions which lead to inject code from HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660.
Severity
No CVSS data available.
CWE
- Improper Access Control in Core.
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear |
Affected:
MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660
|
Date Public
2018-10-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T04:50:29.077Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660"
}
]
}
],
"datePublic": "2018-10-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There is improper access control of the SSC and GPU mapped regions which lead to inject code from HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Access Control in Core.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-26T12:57:01.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-3588",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is improper access control of the SSC and GPU mapped regions which lead to inject code from HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Access Control in Core."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2018-3588",
"datePublished": "2018-10-26T13:00:00.000Z",
"dateReserved": "2017-12-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T04:50:29.077Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5866 (GCVE-0-2018-5866)
Vulnerability from cvelistv5 – Published: 2018-10-26 13:00 – Updated: 2024-08-05 05:47
VLAI
EPSS
Summary
While processing logs, data is copied into a buffer pointed to by an untrusted pointer in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660.
Severity
No CVSS data available.
CWE
- Untrusted Pointer Dereference in TrustZone
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Mobile, Snapdragon Wear |
Affected:
MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660
|
Date Public
2018-10-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:47:55.889Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Mobile, Snapdragon Wear",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660"
}
]
}
],
"datePublic": "2018-10-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "While processing logs, data is copied into a buffer pointed to by an untrusted pointer in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Untrusted Pointer Dereference in TrustZone",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-26T12:57:01.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-5866",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "While processing logs, data is copied into a buffer pointed to by an untrusted pointer in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Pointer Dereference in TrustZone"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2018-5866",
"datePublished": "2018-10-26T13:00:00.000Z",
"dateReserved": "2018-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:47:55.889Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5871 (GCVE-0-2018-5871)
Vulnerability from cvelistv5 – Published: 2018-09-20 13:00 – Updated: 2024-08-05 05:47
VLAI
EPSS
Summary
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests (for privacy reasons) is not done properly due to a flawed RNG which produces repeating output much earlier than expected.
Severity
No CVSS data available.
CWE
- Cryptographic Issues in WLAN
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2018… | x_refsource_CONFIRM |
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear |
Affected:
MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016
|
Date Public
2018-09-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:47:55.965Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016"
}
]
}
],
"datePublic": "2018-09-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests (for privacy reasons) is not done properly due to a flawed RNG which produces repeating output much earlier than expected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cryptographic Issues in WLAN",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-20T12:57:01.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-5871",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests (for privacy reasons) is not done properly due to a flawed RNG which produces repeating output much earlier than expected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cryptographic Issues in WLAN"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components"
},
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2018-5871",
"datePublished": "2018-09-20T13:00:00.000Z",
"dateReserved": "2018-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:47:55.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-5914 (GCVE-0-2018-5914)
Vulnerability from cvelistv5 – Published: 2018-10-26 13:00 – Updated: 2024-08-05 05:47
VLAI
EPSS
Summary
Improper input validation in TZ led to array out of bound in TZ function while accessing the peripheral details using the incoming data in Snapdragon Mobile, Snapdragon Wear version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660.
Severity
No CVSS data available.
CWE
- Improper Validation of Array Index in TZ CORE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://www.qualcomm.com/company/product-security… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Qualcomm, Inc. | Snapdragon Mobile, Snapdragon Wear |
Affected:
MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660
|
Date Public
2018-10-26 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T05:47:56.099Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Snapdragon Mobile, Snapdragon Wear",
"vendor": "Qualcomm, Inc.",
"versions": [
{
"status": "affected",
"version": "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660"
}
]
}
],
"datePublic": "2018-10-26T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Improper input validation in TZ led to array out of bound in TZ function while accessing the peripheral details using the incoming data in Snapdragon Mobile, Snapdragon Wear version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Improper Validation of Array Index in TZ CORE",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-26T12:57:01.000Z",
"orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"shortName": "qualcomm"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2018-5914",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Mobile, Snapdragon Wear",
"version": {
"version_data": [
{
"version_value": "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper input validation in TZ led to array out of bound in TZ function while accessing the peripheral details using the incoming data in Snapdragon Mobile, Snapdragon Wear version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Validation of Array Index in TZ CORE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f",
"assignerShortName": "qualcomm",
"cveId": "CVE-2018-5914",
"datePublished": "2018-10-26T13:00:00.000Z",
"dateReserved": "2018-01-19T00:00:00.000Z",
"dateUpdated": "2024-08-05T05:47:56.099Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9411 (GCVE-0-2018-9411)
Vulnerability from cvelistv5 – Published: 2024-11-19 21:06 – Updated: 2024-11-20 15:55
VLAI
EPSS
Summary
In decrypt of ClearKeyCasPlugin.cpp there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation.
Severity
8.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "9"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-9411",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T15:52:11.948180Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T15:55:45.282Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn decrypt of ClearKeyCasPlugin.cpp there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In decrypt of ClearKeyCasPlugin.cpp there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T21:06:22.949Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-07-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2018-9411",
"datePublished": "2024-11-19T21:06:22.949Z",
"dateReserved": "2018-04-05T00:00:00.000Z",
"dateUpdated": "2024-11-20T15:55:45.282Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9427 (GCVE-0-2018-9427)
Vulnerability from cvelistv5 – Published: 2018-11-06 17:00 – Updated: 2024-09-16 16:28
VLAI
EPSS
Summary
In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-77486542.
Severity
No CVSS data available.
CWE
- Remote code execution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2018-08-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1041432 | vdb-entryx_refsource_SECTRACK |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
Android-8.0 Android-8.1
|
Date Public
2018-10-31 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T07:17:52.269Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2018-08-01"
},
{
"name": "1041432",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041432"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "Android-8.0 Android-8.1"
}
]
}
],
"datePublic": "2018-10-31T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-77486542."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote code execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-11-07T10:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2018-08-01"
},
{
"name": "1041432",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041432"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"DATE_PUBLIC": "2018-10-31T00:00:00",
"ID": "CVE-2018-9427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-8.0 Android-8.1"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In CopyToOMX of OMXNodeInstance.cpp there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote arbitrary code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-77486542."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote code execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2018-08-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2018-08-01"
},
{
"name": "1041432",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041432"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2018-9427",
"datePublished": "2018-11-06T17:00:00.000Z",
"dateReserved": "2018-04-05T00:00:00.000Z",
"dateUpdated": "2024-09-16T16:28:04.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9440 (GCVE-0-2018-9440)
Vulnerability from cvelistv5 – Published: 2024-11-19 22:18 – Updated: 2024-11-20 20:33
VLAI
EPSS
Summary
In parse of M3UParser.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.
Severity
6.5 (Medium)
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-9440",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T20:32:42.806272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T20:33:44.390Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "7"
},
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "9"
},
{
"status": "affected",
"version": "nyc-mr1-dev"
},
{
"status": "affected",
"version": "nyc-mr2-dev"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn parse of M3UParser.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In parse of M3UParser.cpp there is a possible resource exhaustion due to improper input validation. This could lead to denial of service with no additional execution privileges needed. User interaction is needed for exploitation."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T22:18:01.261Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-09-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2018-9440",
"datePublished": "2024-11-19T22:18:01.261Z",
"dateReserved": "2018-04-05T00:00:00.000Z",
"dateUpdated": "2024-11-20T20:33:44.390Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9456 (GCVE-0-2018-9456)
Vulnerability from cvelistv5 – Published: 2024-11-19 22:19 – Updated: 2024-11-21 15:00
VLAI
EPSS
Summary
In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
7.5 (High)
CWE
- CWE-125 - Out-of-bounds Read
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "7"
},
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "nyc-mr1-dev"
},
{
"status": "affected",
"version": "nyc-mr2-dev"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-9456",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T14:57:12.215589Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T15:00:42.618Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "7"
},
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "nyc-mr1-dev"
},
{
"status": "affected",
"version": "nyc-mr2-dev"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In sdpu_extract_attr_seq of sdp_utils.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T22:19:46.371Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-09-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2018-9456",
"datePublished": "2024-11-19T22:19:46.371Z",
"dateReserved": "2018-04-05T00:00:00.000Z",
"dateUpdated": "2024-11-21T15:00:42.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9466 (GCVE-0-2018-9466)
Vulnerability from cvelistv5 – Published: 2024-11-19 22:21 – Updated: 2025-11-03 21:44
VLAI
EPSS
Summary
In the xmlSnprintfElementContent function of valid.c, there is a possible out of bounds write. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation.
Severity
8.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "7.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-9466",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T15:24:13.635955Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T15:25:03.308Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:44:11.695Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20241108-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "7"
},
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "nyc-mr1-dev"
},
{
"status": "affected",
"version": "nyc-mr2-dev"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn the xmlSnprintfElementContent function of valid.c, there is a possible out of bounds write. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In the xmlSnprintfElementContent function of valid.c, there is a possible out of bounds write. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T22:21:20.706Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-09-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2018-9466",
"datePublished": "2024-11-19T22:21:20.706Z",
"dateReserved": "2018-04-05T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:44:11.695Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…