| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2018-14066 |
89 |
|
Sql |
2018-07-15 |
2018-09-21 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
The content://wappush content provider in com.android.provider.telephony, as found in some custom ROMs for Android phones, allows SQL injection. One consequence is that an application without the READ_SMS permission can read SMS messages. This affects Infinix X571 phones, as well as various Lenovo phones (such as the A7020) that have since been fixed by Lenovo. |
|
2 |
CVE-2018-12716 |
200 |
|
+Info |
2018-06-24 |
2018-08-24 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
The API service on Google Home and Chromecast devices before mid-July 2018 does not prevent DNS rebinding attacks from reading the scan_results JSON data, which allows remote attackers to determine the physical location of most web browsers by leveraging the presence of one of these devices on its local network, extracting the scan_results bssid fields, and sending these fields in a geolocation/v1/geolocate Google Maps Geolocation API request. |
|
3 |
CVE-2018-12440 |
200 |
|
+Info |
2018-06-14 |
2018-08-06 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
BoringSSL through 2018-06-14 allows a memory-cache side-channel attack on DSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a DSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. |
|
4 |
CVE-2018-12438 |
320 |
|
|
2018-06-14 |
2018-08-09 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
The Elliptic Curve Cryptography library (aka sunec or libsunec) allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. |
|
5 |
CVE-2018-12437 |
320 |
|
|
2018-06-14 |
2018-08-09 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
LibTomCrypt through 1.18.1 allows a memory-cache side-channel attack on ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover an ECDSA key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. |
|
6 |
CVE-2018-12433 |
320 |
|
|
2018-06-14 |
2018-08-09 |
1.9 |
None |
Local |
Medium |
Not required |
Partial |
None |
None |
|
** DISPUTED ** cryptlib through 3.4.4 allows a memory-cache side-channel attack on DSA and ECDSA signatures, aka the Return Of the Hidden Number Problem or ROHNP. To discover a key, the attacker needs access to either the local machine or a different virtual machine on the same physical host. NOTE: the vendor does not include side-channel attacks within its threat model. |
|
7 |
CVE-2018-11304 |
190 |
|
Overflow |
2018-07-06 |
2018-09-07 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overflow in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. |
|
8 |
CVE-2018-10405 |
254 |
|
Exec Code |
2018-06-13 |
2018-08-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An issue was discovered in Google Santa and molcodesignchecker. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. |
|
9 |
CVE-2018-10229 |
254 |
|
|
2018-05-04 |
2018-06-13 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
None |
|
A hardware vulnerability in GPU memory modules allows attackers to accelerate micro-architectural attacks through the use of the JavaScript WebGL API. |
|
10 |
CVE-2018-6254 |
125 |
|
|
2018-05-10 |
2018-06-14 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In Android before the 2018-05-05 security patch level, NVIDIA Media Server contains an out-of-bounds read (due to improper input validation) vulnerability which could lead to local information disclosure. This issue is rated as moderate. Android: A-64340684. Reference: N-CVE-2018-6254. |
|
11 |
CVE-2018-6246 |
200 |
|
+Info |
2018-05-10 |
2018-06-14 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
In Android before the 2018-05-05 security patch level, NVIDIA Widevine Trustlet contains a vulnerability in Widevine TA where the software reads data past the end, or before the beginning, of the intended buffer, which may lead to Information Disclosure. This issue is rated as moderate. Android: A-69383916. Reference: N-CVE-2018-6246. |
|
12 |
CVE-2018-5907 |
20 |
|
Overflow |
2018-07-06 |
2018-08-29 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Possible buffer overflow in msm_adsp_stream_callback_put due to lack of input validation of user-provided data that leads to integer overflow in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. |
|
13 |
CVE-2018-5899 |
416 |
|
|
2018-07-06 |
2018-08-27 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, whenever TDLS connection is setup, we are freeing the netbuf in ol_tx_completion_handler and after that, we are accessing it in NBUF_UPDATE_TX_PKT_COUNT causing a use after free. |
|
14 |
CVE-2018-5898 |
190 |
|
Overflow |
2018-07-06 |
2018-08-27 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow can occur in msm_pcm_adsp_stream_cmd_put() function if the user supplied data "param_length" goes beyond certain limit in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. |
|
15 |
CVE-2018-5897 |
119 |
|
Overflow |
2018-07-06 |
2018-08-27 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
While reading the data from buffer in dci_process_ctrl_status() there can be buffer over-read problem if the len is not checked correctly in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. |
|
16 |
CVE-2018-5896 |
125 |
|
|
2018-07-06 |
2018-08-27 |
6.6 |
None |
Local |
Low |
Not required |
Complete |
None |
Complete |
|
In Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, kernel panic may happen due to out-of-bound read, caused by not checking source buffer length against length of packet stream to be copied. |
|
17 |
CVE-2018-5895 |
125 |
|
|
2018-07-06 |
2018-08-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Buffer over-read may happen in wma_process_utf_event() due to improper buffer length validation before writing into param_buf->num_wow_packet_buffer in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. |
|
18 |
CVE-2018-5893 |
119 |
|
Overflow |
2018-07-06 |
2018-08-27 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
While processing a message from firmware in htt_t2h_msg_handler_fast() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a buffer overwrite can occur. |
|
19 |
CVE-2018-5890 |
264 |
|
Bypass |
2018-07-06 |
2018-08-27 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
If the fdt_totalsize is reported as 0 for the current device tree, it bypasses an error check for a valid device tree in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. |
|
20 |
CVE-2018-5889 |
119 |
|
Overflow |
2018-07-06 |
2018-08-27 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
While processing a compressed kernel image, a buffer overflow can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. |
|
21 |
CVE-2018-5888 |
125 |
|
|
2018-07-06 |
2018-08-27 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
While processing the system path, an out of bounds access can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. |
|
22 |
CVE-2018-5887 |
125 |
|
|
2018-07-06 |
2018-08-27 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
While processing the USB StrSerialDescriptor array, an array index out of bounds can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. |
|
23 |
CVE-2018-5886 |
125 |
|
|
2018-07-06 |
2018-08-29 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A pointer in an ADSPRPC command is not properly validated in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android), which can lead to kernel memory being accessed. |
|
24 |
CVE-2018-5873 |
416 |
|
|
2018-07-06 |
2018-08-29 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An issue was discovered in the __ns_get_path function in fs/nsfs.c in the Linux kernel before 4.11. Due to a race condition when accessing files, a Use After Free condition can occur. This also affects all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05. |
|
25 |
CVE-2018-5872 |
119 |
|
Overflow |
2018-07-06 |
2018-08-27 |
8.3 |
None |
Local Network |
Low |
Not required |
Complete |
Complete |
Complete |
|
While parsing over-the-air information elements in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, the use of an out-of-range pointer offset can occur. |
|
26 |
CVE-2018-5865 |
191 |
|
|
2018-07-06 |
2018-08-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
While processing a debug log event from firmware in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, an integer underflow and/or buffer over-read can occur. |
|
27 |
CVE-2018-5864 |
119 |
|
Overflow +Info |
2018-07-06 |
2018-08-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
While processing a WMI_APFIND event in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read and information leak can potentially occur. |
|
28 |
CVE-2018-5863 |
119 |
|
Overflow |
2018-06-15 |
2018-08-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
If userspace provides a too-large WPA RSN IE length in wlan_hdd_cfg80211_set_ie(), a buffer overflow occurs in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. |
|
29 |
CVE-2018-5862 |
119 |
|
Overflow |
2018-07-06 |
2018-09-04 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In __wlan_hdd_cfg80211_vendor_scan() in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, when SCAN_SSIDS and QCA_WLAN_VENDOR_ATTR_SCAN_FREQUENCIES are parsed, a buffer overwrite can potentially occur. |
|
30 |
CVE-2018-5860 |
824 |
|
|
2018-06-15 |
2018-08-06 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
In the MDSS driver in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, a data structure may be used without being initialized correctly. |
|
31 |
CVE-2018-5859 |
416 |
|
|
2018-07-06 |
2018-08-27 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Due to a race condition in the MDSS MDP driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a Use After Free condition can occur. |
|
32 |
CVE-2018-5858 |
119 |
|
Overflow |
2018-07-06 |
2018-08-29 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the audio debugfs in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, out of bounds access can occur. |
|
33 |
CVE-2018-5857 |
416 |
|
|
2018-06-15 |
2018-08-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the WCD CPE codec, a Use After Free condition can occur in all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. |
|
34 |
CVE-2018-5855 |
119 |
|
Overflow |
2018-07-06 |
2018-08-29 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
While padding or shrinking a nested wmi packet in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, a buffer over-read can potentially occur. |
|
35 |
CVE-2018-5854 |
119 |
|
Overflow |
2018-06-15 |
2018-08-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
A stack-based buffer overflow can occur in fastboot from all Android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel. |
|
36 |
CVE-2018-5853 |
416 |
|
|
2018-07-06 |
2018-08-29 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A race condition exists in a driver in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-05-05 potentially leading to a use-after-free condition. |
|
37 |
CVE-2018-5851 |
129 |
|
|
2018-06-12 |
2018-08-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer over flow can occur while processing a HTT_T2H_MSG_TYPE_TX_COMPL_IND message with an out-of-range num_msdus value in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. |
|
38 |
CVE-2018-5850 |
191 |
|
Overflow |
2018-06-06 |
2018-07-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
In the function csr_update_fils_params_rso(), insufficient validation on a key length can result in an integer underflow leading to a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. |
|
39 |
CVE-2018-5849 |
416 |
|
|
2018-06-12 |
2018-08-03 |
4.4 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
Partial |
|
Due to a race condition in the QTEECOM driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, when more than one HLOS client loads the same TA, a Use After Free condition can occur. |
|
40 |
CVE-2018-5848 |
190 |
|
Overflow |
2018-06-12 |
2018-08-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of the 'ie_len' argument can cause a buffer overflow in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. |
|
41 |
CVE-2018-5847 |
416 |
|
|
2018-06-12 |
2018-08-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Early or late retirement of rotation requests can result in a Use After Free condition in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. |
|
42 |
CVE-2018-5846 |
416 |
|
|
2018-06-06 |
2018-07-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A Use After Free condition can occur in the IPA driver whenever the IPA IOCTLs IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_ADD/IPA_IOC_NOTIFY_WAN_UPSTREAM_ROUTE_DEL/IPA_IOC_NOTIFY_WAN_EMBMS_CONNECTED are called in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. |
|
43 |
CVE-2018-5845 |
416 |
|
|
2018-06-06 |
2018-07-17 |
7.6 |
None |
Remote |
High |
Not required |
Complete |
Complete |
Complete |
|
A race condition in drm_atomic_nonblocking_commit() in the display driver can potentially lead to a Use After Free scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. |
|
44 |
CVE-2018-5844 |
416 |
|
|
2018-06-12 |
2018-08-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the video driver function set_output_buffers(), binfo can be accessed after being freed in a failure scenario in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. |
|
45 |
CVE-2018-5843 |
119 |
|
Overflow |
2018-06-12 |
2018-08-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
In the function wma_pdev_div_info_evt_handler() in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel, there is no upper bound check on the value event->num_chains_valid received from firmware which can lead to a buffer overwrite of the fixed size chain_rssi_result structure. |
|
46 |
CVE-2018-5842 |
119 |
|
Overflow |
2018-06-12 |
2018-08-03 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
An arbitrary address write can occur if a compromised WLAN firmware sends incorrect data to WLAN driver in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. |
|
47 |
CVE-2018-5841 |
19 |
|
|
2018-06-06 |
2018-07-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
dcc_curr_list is initialized with a default invalid value that is expected to be programmed by the user through a sysfs node which could lead to an invalid access in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. |
|
48 |
CVE-2018-5840 |
264 |
|
|
2018-06-06 |
2018-07-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Buffer Copy without Checking Size of Input can occur during the DRM SDE driver initialization sequence in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. |
|
49 |
CVE-2018-5836 |
125 |
|
|
2018-07-06 |
2018-08-27 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
In wma_nan_rsp_event_handler() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, the data_len value is received from firmware and not properly validated which could potentially lead to an out-of-bounds access. |
|
50 |
CVE-2018-5835 |
119 |
|
Overflow |
2018-07-06 |
2018-08-28 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
If the seq_len is greater then CSR_MAX_RSC_LEN, a buffer overflow in __wlan_hdd_cfg80211_add_key() may occur when copying keyRSC in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05. |
