Back to all categorys

Framework

CVE-2018-9433

(json)

• CVE numbers: CVE-2018-9433 [Bulletin-CVE-2018-9433]
• Coordinated disclosure?: unknown
• Categories: Framework
• Details:
• Discovered by: Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9433] on: Unknown
• Reported on: 2018-07-01 [Bulletin-CVE-2018-9433]
• Fixed on: Unknown
• Fix released on: 2018-07-05 [Bulletin-CVE-2018-9433]
• Affected versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2018-9433] regex: (6.0.[0-9])|(6.0.1)|(7.0.[0-9])|(7.1.1)|(7.1.2)
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2018-9433]
• Fixed versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2 [Bulletin-CVE-2018-9433]
• Submission: by: Daniel Carter, on: 2019-07-25

CVE-2018-9490

(json)

• CVE numbers: CVE-2018-9490 [Bulletin-CVE-2018-9490]
• Coordinated disclosure?: unknown
• Categories: Framework
• Details: In CollectValuesOrEntriesImpl of elements.cc, there is possible remote code execution due to type confusion. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9.0 Android ID: A-111274046 [NIST-CVE-2018-9490]
• Discovered by: Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. [Discovery-CVE-2018-9490] on: Unknown
• Reported on: 2018-10-01 [Bulletin-CVE-2018-9490]
• Fixed on: 2018-08-02 [A-111274046]
• Fix released on: 2018-10-05 [Bulletin-CVE-2018-9490]
• Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9490] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2018-9490]
• Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2018-9490]
• Submission: by: Daniel Carter, on: 2019-07-25

CVE-2019-1988

(json)

• CVE numbers: CVE-2019-1988 [Bulletin-CVE-2019-1988]
• Coordinated disclosure?: unknown
• Categories: Framework
• Details: In sample6 of SkSwizzler.cpp, there is a possible out of bounds write due to improper input validation. This could lead to remote code execution in system_server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-118372692. [NIST-CVE-2019-1988]
• Discovered by: on: Unknown
• Reported on: 2019-02-01 [Bulletin-CVE-2019-1988]
• Fixed on: 2018-10-24 [A-118372692]
• Fix released on: 2019-02-05 [Bulletin-CVE-2019-1988]
• Affected versions: 8.0, 8.1, 9 [Bulletin-CVE-2019-1988] regex: (8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2019-1988]
• Fixed versions: 8.0, 8.1, 9 [Bulletin-CVE-2019-1988]
• Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-1986

(json)

• CVE numbers: CVE-2019-1986 [Bulletin-CVE-2019-1986]
• Coordinated disclosure?: unknown
• Categories: Framework
• Details: In SkSwizzler::onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege in system_server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-117838472. [NIST-CVE-2019-1986]
• Discovered by: Leon Scroggins of Google [Discovery-CVE-2019-1986] on: Unknown
• Reported on: 2019-02-01 [Bulletin-CVE-2019-1986]
• Fixed on: 2018-11-08 [A-117838472]
• Fix released on: 2019-02-05 [Bulletin-CVE-2019-1986]
• Affected versions: 9 [Bulletin-CVE-2019-1986] regex: (9.[0-9].[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2019-1986]
• Fixed versions: 9 [Bulletin-CVE-2019-1986]
• Submission: by: Daniel Carter, on: 2019-07-24

CVE-2019-1987

(json)

• CVE numbers: CVE-2019-1987 [Bulletin-CVE-2019-1987]
• Coordinated disclosure?: unknown
• Categories: Framework
• Details: In onSetSampleX of SkSwizzler.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-118143775. [NIST-CVE-2019-1987]
• Discovered by: on: Unknown
• Reported on: 2019-02-01 [Bulletin-CVE-2019-1987]
• Fixed on: 2018-11-08 [A-118143775]
• Fix released on: 2019-02-05 [Bulletin-CVE-2019-1987]
• Affected versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-1987] regex: (7.0.[0-9])|(7.1.1)|(7.1.2)|(8.0.[0-9])|(8.1.[0-9])|(9.[0-9].[0-9])
• Affected devices:
• Affected manufacturers: all [Bulletin-CVE-2019-1987]
• Fixed versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1, 9 [Bulletin-CVE-2019-1987]
• Submission: by: Daniel Carter, on: 2019-07-24