Google: >> Android >> 9.0 Security Vulnerabilities
In ixheaacd_real_synth_fft_p3 of ixheaacd_esbr_fft.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-9.0 Android ID: A-110769924
CVSS Score
7.8
EPSS Score
0.012
Published
2018-10-02
In AMediaCodecCryptoInfo_new of NdkMediaCodec.cpp, there is a possible out-of-bounds write due to an integer overflow. This could lead to remote code execution in external apps with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111603051
CVSS Score
7.8
EPSS Score
0.003
Published
2018-10-02
In checkGrantUriPermissionLocked of ActivityManagerService.java, there is a possible permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android-9.0 Android ID: A-111934948
CVSS Score
7.8
EPSS Score
0.0
Published
2018-10-02
In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111274046
CVSS Score
7.8
EPSS Score
0.003
Published
2018-10-02
In getOffsetForHorizontal of Layout.java, there is a possible application hang due to a slow width calculation. This could lead to remote denial of service if a contact with many hidden unicode characters were sent to the device and used by a local app, with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-78464361
CVSS Score
5.5
EPSS Score
0.004
Published
2018-10-02
A spoofing vulnerability can occur when a page switches to fullscreen mode without user notification, allowing a fake address bar to be displayed. This allows an attacker to spoof which page is actually loaded and in use. Note: This attack only affects Firefox for Android. Other operating systems are not affected. This vulnerability affects Firefox < 56.
CVSS Score
5.3
EPSS Score
0.009
Published
2018-06-11
An elevation of privilege vulnerability in the Upstream kernel kernel. Product: Android. Versions: Android kernel. Android ID: A-36006779.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-11-16
An elevation of privilege vulnerability in the Upstream kernel video driver. Product: Android. Versions: Android kernel. Android ID: A-37950620.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-11-16
An elevation of privilege vulnerability in the MediaTek ioctl (flashlight). Product: Android. Versions: Android kernel. Android ID: A-37277147. References: M-ALPS03394571.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-11-16
An elevation of privilege vulnerability in the MediaTek soc driver. Product: Android. Versions: Android kernel. Android ID: A-65025090. References: M-ALPS02973195.
CVSS Score
7.8
EPSS Score
0.0
Published
2017-11-16