Month | Quarter | Year |
---|---|---|
#N/A | #N/A | #N/A |
CVE-ID | CWE-ID | Type | Score |
---|---|---|---|
CVE-2018-9568 | CWE-704 | Incorrect Type Conversion or Cast | 7.8 |
In sk_clone_lock of sock.c, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android kernel. Android ID: A-113509306. References: Upstream kernel.
|
|||
CVE-2018-4322 | CWE-20 | Input Validation | 3.3 |
This issue was addressed with improved entitlements. This issue affected versions prior to iOS 12.
|
|||
CVE-2018-4321 | CWE-20 | Input Validation | 5.3 |
A validation issue existed in the entitlement verification. This issue was addressed with improved validation of the process entitlement. This issue affected versions prior to iOS 12, macOS Mojave 10.14, tvOS 12.
|
|||
CVE-2018-4135 | CWE-119 | Buffer Errors | 7.8 |
An issue was discovered in certain Apple products. macOS before 10.13.4 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
|||
CVE-2017-9708 | CWE-362 | Race Conditions | 7.0 |
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the camera driver, the function "msm_ois_power_down" is called without a mutex and a race condition can occur in variable "*reg_ptr" of sub function "msm_camera_config_single_vreg".
|
|||
CVE-2017-7119 | CWE-20 | Input Validation | 5.5 |
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "IOFireWireFamily" component. It allows attackers to bypass intended memory-read restrictions via a crafted app.
|
|||
CVE-2017-7050 | CWE-119 | Buffer Errors | 8.0 |
An issue was discovered in certain Apple products. macOS before 10.12.6 is affected. The issue involves the "Bluetooth" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
|
|||
CVE-2017-13170 | CWE-264 | Permissions, Privileges, and Access Control | 7.8 |
An elevation of privilege vulnerability in the MediaTek display driver. Product: Android. Versions: Android kernel. Android ID A-36102397. References: M-ALPS03359280.
|
|||
CVE-2017-13164 | CWE-200 | Information Leak / Disclosure | 7.5 |
An information disclosure vulnerability in the kernel binder driver. Product: Android. Versions: Android kernel. Android ID A-36007193.
|
|||
CVE-2017-0842 | CWE-264 | Permissions, Privileges, and Access Control | 7.8 |
An elevation of privilege vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-37502513.
|