| Month | Quarter | Year |
|---|---|---|
| #14 | #14 | #7 |
| CVE-ID | CWE-ID | Type | Score |
|---|---|---|---|
| CVE-2018-9448 | CWE-125 | Out-of-bounds Read | 7.5 |
|
In avct_bcb_msg_ind of avct_bcb_act.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-8.0 Android-8.1 Android ID: A-79944113.
|
|||
| CVE-2018-9446 | CWE-787 | Out-of-bounds Write | 9.8 |
|
In smp_br_state_machine_event of smp_br_main.cc, there is a possible out of bounds write due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-80145946.
|
|||
| CVE-2018-9436 | CWE-125 | Out-of-bounds Read | 7.5 |
|
In bnep_data_ind of bnep_main.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android-6.0 Android-6.0.1 Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android ID: A-79164722.
|
|||
| CVE-2018-6158 | CWE-362 | Race Conditions | 7.5 |
|
A race condition in Oilpan in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||
| CVE-2018-6116 | CWE-476 | NULL Pointer Dereference | 6.5 |
|
A nullptr dereference in WebAssembly in Google Chrome prior to 66.0.3359.106 allowed a remote attacker to potentially perform out of bounds memory access via a crafted HTML page.
|
|||
| CVE-2018-3561 | CWE-416 | Use After Free | 7.0 |
|
In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a race condition in diag_ioctl_lsm_deinit() leads to a Use After Free condition.
|
|||
| CVE-2018-20066 | CWE-416 | Use After Free | 8.8 |
|
Incorrect object lifecycle in Extensions in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||
| CVE-2018-18338 | CWE-119 | Buffer Errors | 8.8 |
|
Incorrect, thread-unsafe use of SkImage in Canvas in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||
| CVE-2018-17474 | CWE-416 | Use After Free | 8.8 |
|
Use after free in HTMLImportsController in Blink in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
|
|||
| CVE-2018-17470 | CWE-119 | Buffer Errors | 7.4 |
|
A heap buffer overflow in GPU in Google Chrome prior to 70.0.3538.67 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
|
|||