|
246631
|
8.0 |
HIGH
Adjacent
|
google
|
android
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WLAN handler indication from the firmware gets the information for 4 access categories. Whi…
|
CWE-20
Improper Input Validation
|
CVE-2018-11294
|
2024-11-21 12:43 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246632
|
5.7 |
MEDIUM
Adjacent
|
google
|
android
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in wma_ndp_confirm_event_handler and wma_ndp_indication_event_handler, ndp_cfg len and num_…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-11293
|
2024-11-21 12:43 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246633
|
7.8 |
HIGH
Local
|
google
|
android
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing global variable "debug_client" in multi-thread manner, Use after free issue…
|
CWE-416
Use After Free
|
CVE-2018-11286
|
2024-11-21 12:43 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246634
|
7.8 |
HIGH
Local
|
google
|
android
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while calling IPA_IOC_MDFY_RT_RULE IPA IOCTL, header entry is not checked before use. If IP…
|
CWE-416
Use After Free
|
CVE-2018-11281
|
2024-11-21 12:43 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246635
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing user-space there is no size validation of the NAT entry input. If the user…
|
CWE-20
Improper Input Validation
|
CVE-2018-11280
|
2024-11-21 12:43 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246636
|
7.1 |
HIGH
Local
|
google
|
android
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is n…
|
CWE-125
Out-of-bounds Read
|
CVE-2018-11278
|
2024-11-21 12:43 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246637
|
7.8 |
HIGH
Local
|
google
|
android
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, double free of memory allocation is possible in Kernel when it explicitly tries to free tha…
|
CWE-415
Double Free
|
CVE-2018-11276
|
2024-11-21 12:43 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246638
|
5.5 |
MEDIUM
Local
|
google
|
android
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when flashing image using FastbootLib if size is not divisible by block size, information l…
|
CWE-200
Information Exposure
|
CVE-2018-11275
|
2024-11-21 12:43 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246639
|
7.8 |
HIGH
Local
|
google
|
android
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow may occur when payload size is extremely large.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2018-11274
|
2024-11-21 12:43 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
246640
|
7.8 |
HIGH
Local
|
google
|
android
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, 'voice_svc_dev' is allocated as a device-managed resource. If error 'cdev_alloc_err' occurs…
|
CWE-415
Double Free
|
CVE-2018-11273
|
2024-11-21 12:43 |
2018-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
