Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2018-AVI-421
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Google Android. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Google Android toutes versions n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 du 04 septembre 2018",
"product": {
"name": "Android",
"vendor": {
"name": "Google",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2018-11295",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11295"
},
{
"name": "CVE-2018-9469",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9469"
},
{
"name": "CVE-2018-5866",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5866"
},
{
"name": "CVE-2018-9427",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9427"
},
{
"name": "CVE-2018-9470",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9470"
},
{
"name": "CVE-2018-9472",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9472"
},
{
"name": "CVE-2018-9456",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9456"
},
{
"name": "CVE-2018-11824",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11824"
},
{
"name": "CVE-2018-11816",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11816"
},
{
"name": "CVE-2018-11285",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11285"
},
{
"name": "CVE-2018-11836",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11836"
},
{
"name": "CVE-2018-9468",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9468"
},
{
"name": "CVE-2018-11298",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11298"
},
{
"name": "CVE-2018-11297",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11297"
},
{
"name": "CVE-2018-11951",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11951"
},
{
"name": "CVE-2017-15825",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15825"
},
{
"name": "CVE-2018-9519",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9519"
},
{
"name": "CVE-2018-9486",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9486"
},
{
"name": "CVE-2018-9471",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9471"
},
{
"name": "CVE-2018-3588",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-3588"
},
{
"name": "CVE-2018-9518",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9518"
},
{
"name": "CVE-2018-11293",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11293"
},
{
"name": "CVE-2018-9411",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9411"
},
{
"name": "CVE-2018-11290",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11290"
},
{
"name": "CVE-2017-18314",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18314"
},
{
"name": "CVE-2018-9487",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9487"
},
{
"name": "CVE-2018-11296",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11296"
},
{
"name": "CVE-2018-11288",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11288"
},
{
"name": "CVE-2018-9475",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9475"
},
{
"name": "CVE-2018-11270",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11270"
},
{
"name": "CVE-2017-5754",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5754"
},
{
"name": "CVE-2018-9488",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9488"
},
{
"name": "CVE-2017-18312",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18312"
},
{
"name": "CVE-2018-9478",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9478"
},
{
"name": "CVE-2018-11273",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11273"
},
{
"name": "CVE-2018-9474",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9474"
},
{
"name": "CVE-2018-11261",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11261"
},
{
"name": "CVE-2017-18311",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18311"
},
{
"name": "CVE-2018-9440",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9440"
},
{
"name": "CVE-2018-11301",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11301"
},
{
"name": "CVE-2017-18313",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18313"
},
{
"name": "CVE-2018-11287",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11287"
},
{
"name": "CVE-2018-11858",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11858"
},
{
"name": "CVE-2016-10394",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10394"
},
{
"name": "CVE-2018-9482",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9482"
},
{
"name": "CVE-2018-11855",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11855"
},
{
"name": "CVE-2018-11276",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11276"
},
{
"name": "CVE-2018-11898",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11898"
},
{
"name": "CVE-2016-10408",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-10408"
},
{
"name": "CVE-2018-9485",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9485"
},
{
"name": "CVE-2018-11857",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11857"
},
{
"name": "CVE-2018-11950",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11950"
},
{
"name": "CVE-2018-9481",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9481"
},
{
"name": "CVE-2018-5914",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5914"
},
{
"name": "CVE-2018-9483",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9483"
},
{
"name": "CVE-2018-11846",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11846"
},
{
"name": "CVE-2018-11292",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11292"
},
{
"name": "CVE-2018-9479",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9479"
},
{
"name": "CVE-2018-5871",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5871"
},
{
"name": "CVE-2018-9467",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9467"
},
{
"name": "CVE-2018-9516",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9516"
},
{
"name": "CVE-2017-18124",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18124"
},
{
"name": "CVE-2018-9477",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9477"
},
{
"name": "CVE-2018-9466",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9466"
},
{
"name": "CVE-2018-9480",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9480"
},
{
"name": "CVE-2018-9484",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9484"
},
{
"name": "CVE-2018-11281",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11281"
},
{
"name": "CVE-2018-11265",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11265"
},
{
"name": "CVE-2018-9517",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-9517"
},
{
"name": "CVE-2018-11300",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11300"
},
{
"name": "CVE-2018-11866",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11866"
},
{
"name": "CVE-2018-11865",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11865"
},
{
"name": "CVE-2018-11952",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11952"
},
{
"name": "CVE-2018-11842",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-11842"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-421",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-09-05T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Google Android.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer un\nprobl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code\narbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Pixel/Nexus du 04 septembre 2018",
"url": "https://source.android.com/security/bulletin/pixel/2018-09-01"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Android du 04 septembre 2018",
"url": "https://source.android.com/security/bulletin/2018-09-01"
}
]
}
CVE-2018-9467 (GCVE-0-2018-9467)
Vulnerability from cvelistv5 – Published: 2024-11-19 23:57 – Updated: 2024-11-21 15:33
VLAI
EPSS
Summary
In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
9.8 (Critical)
CWE
- CWE-276 - Incorrect Default Permissions
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:-:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "7"
},
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "9"
},
{
"status": "affected",
"version": "nyc-mr1-dev"
},
{
"status": "affected",
"version": "nyc-mr2-dev"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-9467",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-21T15:30:52.397441Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-276",
"description": "CWE-276 Incorrect Default Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-21T15:33:34.617Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "7"
},
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "9"
},
{
"status": "affected",
"version": "nyc-mr1-dev"
},
{
"status": "affected",
"version": "nyc-mr2-dev"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-19T23:57:44.584Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-09-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2018-9467",
"datePublished": "2024-11-19T23:57:44.584Z",
"dateReserved": "2018-04-05T00:00:00.000Z",
"dateUpdated": "2024-11-21T15:33:34.617Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9468 (GCVE-0-2018-9468)
Vulnerability from cvelistv5 – Published: 2024-11-20 16:51 – Updated: 2024-11-20 19:04
VLAI
EPSS
Summary
In query of DownloadManager.java, there is a possible read/write of arbitrary files due to a permissions bypass. This could lead to local information disclosure and file rewriting with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
7.7 (High)
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-9468",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T19:04:30.967252Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T19:04:34.956Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "7"
},
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "9"
},
{
"status": "affected",
"version": "nyc-mr1-dev"
},
{
"status": "affected",
"version": "nyc-mr2-dev"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn query of DownloadManager.java, there is a possible read/write of arbitrary files due to a permissions bypass. This could lead to local information disclosure and file rewriting with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In query of DownloadManager.java, there is a possible read/write of arbitrary files due to a permissions bypass. This could lead to local information disclosure and file rewriting with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T16:51:52.139Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-09-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2018-9468",
"datePublished": "2024-11-20T16:51:52.139Z",
"dateReserved": "2018-04-05T00:00:00.000Z",
"dateUpdated": "2024-11-20T19:04:34.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9469 (GCVE-0-2018-9469)
Vulnerability from cvelistv5 – Published: 2024-11-20 16:53 – Updated: 2024-11-20 19:08
VLAI
EPSS
Summary
In multiple functions of ShortcutService.java, there is a possible creation of a spoofed shortcut due to a missing permission check. This could lead to local escalation of privilege in a privileged app with no additional execution privileges needed. User interaction is needed for exploitation.
Severity
8.4 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-9469",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T19:07:00.839692Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T19:08:05.439Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "9"
},
{
"status": "affected",
"version": "nyc-mr1-dev"
},
{
"status": "affected",
"version": "nyc-mr2-dev"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn multiple functions of ShortcutService.java, there is a possible creation of a spoofed shortcut due to a missing permission check. This could lead to local escalation of privilege in a privileged app with no additional execution privileges needed. User interaction is needed for exploitation.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In multiple functions of ShortcutService.java, there is a possible creation of a spoofed shortcut due to a missing permission check. This could lead to local escalation of privilege in a privileged app with no additional execution privileges needed. User interaction is needed for exploitation."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T16:53:36.233Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-09-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2018-9469",
"datePublished": "2024-11-20T16:53:36.233Z",
"dateReserved": "2018-04-05T00:00:00.000Z",
"dateUpdated": "2024-11-20T19:08:05.439Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9470 (GCVE-0-2018-9470)
Vulnerability from cvelistv5 – Published: 2024-11-20 17:15 – Updated: 2024-11-20 19:00
VLAI
EPSS
Summary
In bff_Scanner_addOutPos of Scanner.c, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation.
Severity
8.8 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-9470",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T19:00:11.341319Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T19:00:33.228Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "7"
},
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "9"
},
{
"status": "affected",
"version": "nyc-mr1-dev"
},
{
"status": "affected",
"version": "nyc-mr2-dev"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn bff_Scanner_addOutPos of Scanner.c, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In bff_Scanner_addOutPos of Scanner.c, there is a possible out-of-bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege in an unprivileged app with no additional execution privileges needed. User interaction is needed for exploitation."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T17:15:09.674Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-09-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2018-9470",
"datePublished": "2024-11-20T17:15:09.674Z",
"dateReserved": "2018-04-05T00:00:00.000Z",
"dateUpdated": "2024-11-20T19:00:33.228Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9471 (GCVE-0-2018-9471)
Vulnerability from cvelistv5 – Published: 2024-11-20 17:16 – Updated: 2024-11-20 18:38
VLAI
EPSS
Summary
In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to type confusion. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
9.8 (Critical)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-9471",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T18:36:34.923448Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T18:38:12.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "7"
},
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "9"
},
{
"status": "affected",
"version": "nyc-mr1-dev"
},
{
"status": "affected",
"version": "nyc-mr2-dev"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to type confusion. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In the deserialization constructor of NanoAppFilter.java, there is a possible loss of data due to type confusion. This could lead to local escalation of privilege in the system server with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T17:16:53.353Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-09-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2018-9471",
"datePublished": "2024-11-20T17:16:53.353Z",
"dateReserved": "2018-04-05T00:00:00.000Z",
"dateUpdated": "2024-11-20T18:38:12.566Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9472 (GCVE-0-2018-9472)
Vulnerability from cvelistv5 – Published: 2024-11-20 17:24 – Updated: 2024-11-20 19:08
VLAI
EPSS
Summary
In xmlMemStrdupLoc of xmlmemory.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.
Severity
8.8 (High)
CWE
- CWE-190 - Integer Overflow or Wraparound
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-9472",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T18:30:13.609478Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-190",
"description": "CWE-190 Integer Overflow or Wraparound",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T19:08:31.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "7"
},
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "nyc-mr1-dev"
},
{
"status": "affected",
"version": "nyc-mr2-dev"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn xmlMemStrdupLoc of xmlmemory.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In xmlMemStrdupLoc of xmlmemory.c, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is needed for exploitation."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T17:24:01.971Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-09-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2018-9472",
"datePublished": "2024-11-20T17:24:01.971Z",
"dateReserved": "2018-04-05T00:00:00.000Z",
"dateUpdated": "2024-11-20T19:08:31.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9474 (GCVE-0-2018-9474)
Vulnerability from cvelistv5 – Published: 2024-11-20 17:25 – Updated: 2024-11-20 18:29
VLAI
EPSS
Summary
In writeToParcel of MediaPlayer.java, there is a possible serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
8.4 (High)
CWE
- CWE-502 - Deserialization of Untrusted Data
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-9474",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T18:29:20.950984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-502",
"description": "CWE-502 Deserialization of Untrusted Data",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T18:29:24.620Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "7"
},
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "9"
},
{
"status": "affected",
"version": "nyc-mr1-dev"
},
{
"status": "affected",
"version": "nyc-mr2-dev"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn writeToParcel of MediaPlayer.java, there is a possible serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In writeToParcel of MediaPlayer.java, there is a possible serialization/deserialization mismatch due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T17:25:46.569Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-09-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2018-9474",
"datePublished": "2024-11-20T17:25:46.569Z",
"dateReserved": "2018-04-05T00:00:00.000Z",
"dateUpdated": "2024-11-20T18:29:24.620Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9475 (GCVE-0-2018-9475)
Vulnerability from cvelistv5 – Published: 2024-11-20 17:27 – Updated: 2024-11-20 18:28
VLAI
EPSS
Summary
In HeadsetInterface::ClccResponse of btif_hf.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote escalation of privilege via Bluetooth, if the recipient has enabled SIP calls with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
7.5 (High)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-9475",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T18:28:17.891834Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T18:28:21.519Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "7"
},
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "9"
},
{
"status": "affected",
"version": "nyc-mr1-dev"
},
{
"status": "affected",
"version": "nyc-mr2-dev"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn HeadsetInterface::ClccResponse of btif_hf.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote escalation of privilege via Bluetooth, if the recipient has enabled SIP calls with no additional execution privileges needed. User interaction is not needed for exploitation.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In HeadsetInterface::ClccResponse of btif_hf.cc, there is a possible out of bounds stack write due to a missing bounds check. This could lead to remote escalation of privilege via Bluetooth, if the recipient has enabled SIP calls with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T17:27:37.227Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-09-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2018-9475",
"datePublished": "2024-11-20T17:27:37.227Z",
"dateReserved": "2018-04-05T00:00:00.000Z",
"dateUpdated": "2024-11-20T18:28:21.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9477 (GCVE-0-2018-9477)
Vulnerability from cvelistv5 – Published: 2024-11-20 17:28 – Updated: 2024-11-20 19:02
VLAI
EPSS
Summary
In the development options section of the Settings app, there is a possible authentication bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
Severity
7.8 (High)
CWE
- CWE-294 - Authentication Bypass by Capture-replay
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-9477",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T19:02:09.666948Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294 Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T19:02:26.920Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "8.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn the development options section of the Settings app, there is a possible authentication bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In the development options section of the Settings app, there is a possible authentication bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T17:28:44.954Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-09-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2018-9477",
"datePublished": "2024-11-20T17:28:44.954Z",
"dateReserved": "2018-04-05T00:00:00.000Z",
"dateUpdated": "2024-11-20T19:02:26.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-9478 (GCVE-0-2018-9478)
Vulnerability from cvelistv5 – Published: 2024-11-20 17:30 – Updated: 2024-11-20 18:27
VLAI
EPSS
Summary
In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
Severity
9.8 (Critical)
CWE
- CWE-787 - Out-of-bounds Write
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:8.1:*:*:*:*:*:*:*",
"cpe:2.3:o:google:android:9.0:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "android",
"vendor": "google",
"versions": [
{
"status": "affected",
"version": "7.0"
},
{
"status": "affected",
"version": "8.0"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "9.0"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2018-9478",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-20T18:27:08.231317Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T18:27:16.585Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "7"
},
{
"status": "affected",
"version": "8"
},
{
"status": "affected",
"version": "8.1"
},
{
"status": "affected",
"version": "9"
},
{
"status": "affected",
"version": "nyc-mr1-dev"
},
{
"status": "affected",
"version": "nyc-mr2-dev"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eIn process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. \u0026nbsp;User interaction is not needed for exploitation.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "In process_service_attr_req and process_service_search_attr_req of sdp_server.cc, there is an out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. \u00a0User interaction is not needed for exploitation."
}
],
"providerMetadata": {
"dateUpdated": "2024-11-20T17:30:49.093Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/2018-09-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2018-9478",
"datePublished": "2024-11-20T17:30:49.093Z",
"dateReserved": "2018-04-05T00:00:00.000Z",
"dateUpdated": "2024-11-20T18:27:16.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…