Skip to content

Commit

Permalink
8 changes (7 new | 1 updated):
Browse files Browse the repository at this point in the history 
      - 7 new CVEs:  CVE-2017-13322, CVE-2018-9375, CVE-2018-9379, CVE-2018-9382, CVE-2018-9384, CVE-2018-9434, CVE-2018-9447
      - 1 updated CVEs: CVE-2018-9377
  • Loading branch information
cvelistV5 Github Action committed Jan 17, 2025
1 parent 058c3e2 commit 374a7c6
Show file tree
Hide file tree
Showing 10 changed files with 552 additions and 489 deletions.
93 changes: 93 additions & 0 deletions cves/2017/13xxx/CVE-2017-13322.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,93 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2017-13322",
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"state": "PUBLISHED",
"assignerShortName": "google_android",
"dateReserved": "2017-08-23T00:00:00.000Z",
"datePublished": "2025-01-17T23:06:15.618Z",
"dateUpdated": "2025-01-17T23:06:15.618Z"
},
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android Kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"value": "In endCallForSubscriber of PhoneInterfaceManager.java, there is a possible way to prevent access to emergency services due to a logic error in the code. This could lead to a local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"providerMetadata": {
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android",
"dateUpdated": "2025-01-17T23:06:15.618Z"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2018-05-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
}
}
59 changes: 59 additions & 0 deletions cves/2018/9xxx/CVE-2018-9375.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2018-9375",
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"state": "PUBLISHED",
"assignerShortName": "google_android",
"dateReserved": "2018-04-05T00:00:00.000Z",
"datePublished": "2025-01-17T23:07:14.793Z",
"dateUpdated": "2025-01-17T23:07:14.793Z"
},
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android Kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.<br>"
}
],
"value": "In multiple functions of UserDictionaryProvider.java, there is a possible way to add and delete words in the user dictionary due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"providerMetadata": {
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android",
"dateUpdated": "2025-01-17T23:07:14.793Z"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2018-06-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
}
}
8 changes: 4 additions & 4 deletions cves/2018/9xxx/CVE-2018-9377.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
"assignerShortName": "google_android",
"dateReserved": "2018-04-05T00:00:00.000Z",
"datePublished": "2024-11-28T00:23:14.763Z",
"dateUpdated": "2024-11-29T21:15:13.647Z"
"dateUpdated": "2025-01-17T23:08:41.086Z"
},
"containers": {
"cna": {
Expand Down Expand Up @@ -56,16 +56,16 @@
{
"base64": false,
"type": "text/html",
"value": "<span style=\"background-color: rgb(255, 255, 255);\">In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">possible information disclosure due to uninitialized data. This could lead&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">to local information disclosure with no additional execution privileges&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">needed. User interaction is not needed for exploitation.</span><br>"
"value": "In getIntentForIntentSender of ActivityManagerService.java, there is a possible way to access user metadata due to a pending intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.<br>"
}
],
"value": "In BnAudioPolicyService::onTransact of IAudioPolicyService.cpp, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
"value": "In getIntentForIntentSender of ActivityManagerService.java, there is a possible way to access user metadata due to a pending intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"providerMetadata": {
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android",
"dateUpdated": "2024-11-28T00:23:14.763Z"
"dateUpdated": "2025-01-17T23:08:41.086Z"
},
"references": [
{
Expand Down
59 changes: 59 additions & 0 deletions cves/2018/9xxx/CVE-2018-9379.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2018-9379",
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"state": "PUBLISHED",
"assignerShortName": "google_android",
"dateReserved": "2018-04-05T00:00:00.000Z",
"datePublished": "2025-01-17T23:09:39.761Z",
"dateUpdated": "2025-01-17T23:09:39.761Z"
},
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android Kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of deleted photos due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.<br>"
}
],
"value": "In multiple functions of MiniThumbFile.java, there is a possible way to view the thumbnails of deleted photos due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"providerMetadata": {
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android",
"dateUpdated": "2025-01-17T23:09:39.761Z"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2018-06-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
}
}
59 changes: 59 additions & 0 deletions cves/2018/9xxx/CVE-2018-9382.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2018-9382",
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"state": "PUBLISHED",
"assignerShortName": "google_android",
"dateReserved": "2018-04-05T00:00:00.000Z",
"datePublished": "2025-01-17T23:10:28.749Z",
"dateUpdated": "2025-01-17T23:10:28.749Z"
},
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android Kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In multiple functions of WifiServiceImpl.java, there is a possible way to activate Wi-Fi hotspot from a non-owner profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.<br>"
}
],
"value": "In multiple functions of WifiServiceImpl.java, there is a possible way to activate Wi-Fi hotspot from a non-owner profile due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation."
}
],
"providerMetadata": {
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android",
"dateUpdated": "2025-01-17T23:10:28.749Z"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2018-06-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
}
}
59 changes: 59 additions & 0 deletions cves/2018/9xxx/CVE-2018-9384.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,59 @@
{
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"cveMetadata": {
"cveId": "CVE-2018-9384",
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"state": "PUBLISHED",
"assignerShortName": "google_android",
"dateReserved": "2018-04-05T00:00:00.000Z",
"datePublished": "2025-01-17T23:04:49.336Z",
"dateUpdated": "2025-01-17T23:04:49.336Z"
},
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Android",
"vendor": "Google",
"versions": [
{
"status": "affected",
"version": "Android Kernel"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "In multiple locations, there is a possible way to bypass KASLR due to an unusual root cause. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation.<br>"
}
],
"value": "In multiple locations, there is a possible way to bypass KASLR due to an unusual root cause. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation."
}
],
"providerMetadata": {
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android",
"dateUpdated": "2025-01-17T23:04:49.336Z"
},
"references": [
{
"url": "https://source.android.com/security/bulletin/pixel/2018-06-01"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
}
}
Loading

0 comments on commit 374a7c6

Please sign in to comment.