Security News

CVE-2018-9530

National Vulnerability Database - Wed, 11/14/2018 - 13:29
In ixheaacd_tns_ar_filter_dec of ixheaacd_aac_tns.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112609715
Categories: Security News

CVE-2018-9531

National Vulnerability Database - Wed, 11/14/2018 - 13:29
In AudioSpecificConfig_Parse of tpdec_asc.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112661641
Categories: Security News

CVE-2018-9532

National Vulnerability Database - Wed, 11/14/2018 - 13:29
In ixheaacd_extract_frame_info_ld of ixheaacd_env_extr.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112765917
Categories: Security News

CVE-2018-9533

National Vulnerability Database - Wed, 11/14/2018 - 13:29
In ixheaacd_dec_data_init of ixheaacd_create.c there is a possible out of write read due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112766520
Categories: Security News

CVE-2018-9534

National Vulnerability Database - Wed, 11/14/2018 - 13:29
In ixheaacd_mps_getstridemap of ixheaacd_mps_parse.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112857941
Categories: Security News

CVE-2018-9535

National Vulnerability Database - Wed, 11/14/2018 - 13:29
In ixheaacd_reset_acelp_data_fix of ixheaacd_lpc.c there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112858010
Categories: Security News

CVE-2018-9536

National Vulnerability Database - Wed, 11/14/2018 - 13:29
In numerous functions of libFDK, there are possible out of bounds writes due to incorrect bounds checks. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112662184
Categories: Security News

CVE-2018-9537

National Vulnerability Database - Wed, 11/14/2018 - 13:29
In CAacDecoder_DecodeFrame of aacdecode.cpp, there is a possible out-of-bounds write due to a missing bounds check. This could lead to remote code execution in the media server with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-9. Android ID: A-112891564
Categories: Security News

CVE-2018-9539

National Vulnerability Database - Wed, 11/14/2018 - 13:29
In the ClearKey CAS descrambler, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-113027383
Categories: Security News

CVE-2018-9540

National Vulnerability Database - Wed, 11/14/2018 - 13:29
In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.c, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-111450417
Categories: Security News

CVE-2018-6081

National Vulnerability Database - Wed, 11/14/2018 - 10:29
XSS vulnerabilities in Interstitials in Google Chrome prior to 65.0.3325.146 allowed an attacker who convinced a user to install a malicious extension or open Developer Console to inject arbitrary scripts or HTML via a crafted HTML page.
Categories: Security News

CVE-2018-6082

National Vulnerability Database - Wed, 11/14/2018 - 10:29
Including port 22 in the list of allowed FTP ports in Networking in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially enumerate internal host services via a crafted HTML page.
Categories: Security News

CVE-2018-6083

National Vulnerability Database - Wed, 11/14/2018 - 10:29
Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.
Categories: Security News

CVE-2018-7357

National Vulnerability Database - Wed, 11/14/2018 - 10:29
ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access.
Categories: Security News

CVE-2018-7358

National Vulnerability Database - Wed, 11/14/2018 - 10:29
ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations.
Categories: Security News

CVE-2018-6060

National Vulnerability Database - Wed, 11/14/2018 - 10:29
Use after free in WebAudio in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Categories: Security News

CVE-2018-6061

National Vulnerability Database - Wed, 11/14/2018 - 10:29
A race in the handling of SharedArrayBuffers in WebAssembly in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Categories: Security News

CVE-2018-6062

National Vulnerability Database - Wed, 11/14/2018 - 10:29
Heap overflow write in Skia in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
Categories: Security News

CVE-2018-6063

National Vulnerability Database - Wed, 11/14/2018 - 10:29
Incorrect use of mojo::WrapSharedMemoryHandle in Mojo in Google Chrome prior to 65.0.3325.146 allowed a remote attacker who had compromised the renderer process to perform an out of bounds memory write via a crafted HTML page.
Categories: Security News

CVE-2018-6064

National Vulnerability Database - Wed, 11/14/2018 - 10:29
Type Confusion in the implementation of __defineGetter__ in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Categories: Security News

Pages