Vuldb Updates

A vulnerability has been found in Reolink RLC-410W 3.0.0.136_20121102 and classified as critical. This vulnerability affects unknown code of the component SetDdns API. The manipulation of the argument ddns->domain leads to os command injection. This vulnerability was named CVE-2021-40407. The attack needs to be initiated within the local network. Furthermore, there is an exploit available.

A vulnerability was found in Google Android Kernel. It has been rated as critical. This issue affects the function mtk_cfg80211_vendor_packet_keep_alive_start of the file drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_vendor.c. The manipulation leads to out-of-bounds write. The identification of this vulnerability is CVE-2018-9395. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 7.0/7.1.1/7.1.2/8.0/8.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to information disclosure. This vulnerability is known as CVE-2018-9426. The attack can only be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android up to 8.1. It has been declared as critical. This vulnerability affects the function prop2cfg of the file btif_storage.cc. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2018-9430. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in Google Android up to 8.1. This vulnerability affects the function gatt_process_error_rsp of the file gatt_cl.cc. The manipulation leads to out-of-bounds read. This vulnerability was named CVE-2018-9435. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in Google Android 8/8.1. Affected is the function OSUInfo of the file OSUInfo.java. The manipulation leads to incorrect default permissions. This vulnerability is traded as CVE-2018-9431. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android. It has been classified as critical. This affects the function procfile_write of the file drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_proc.c. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2018-9393. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android Kernel. It has been declared as critical. This vulnerability affects the function mtk_p2p_wext_set_key of the file drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_p2p.c. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2018-9394. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android up to 8.1. It has been rated as problematic. Affected by this issue is the function rpc_msg_handler of the file drivers/misc/mediatek/eccci/port_rpc.c. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2018-9376. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in Google Android up to 8.1. This affects the function gattServerSendResponseNative of the file com_android_bluetooth_gatt.cpp. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2018-9414. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 7/7.1.1/7.1.2/8/8.1. It has been rated as critical. This issue affects the function handle_app_cur_val_response of the file dtif_rc.cc. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2018-9418. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android up to 8.1. It has been rated as problematic. Affected by this issue is the function sdp_copy_raw_data of the file sdp_discovery.cc. The manipulation leads to out-of-bounds read. This vulnerability is handled as CVE-2018-9441. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in Google Android up to 8.1. This affects the function process_service_search_attr_rsp of the file sdp_discovery.cc. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2018-9449. Attacking locally is a requirement. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in Google Android 7/7.1.1/7.1.2/8/8.1. This issue affects the function impeg2d_bit_stream_flush of the component libmpeg2dec. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2017-13320. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 7/7.1.1/7.1.2/8/8.1. It has been rated as critical. This issue affects the function pvmp3_get_main_data_size of the file pvmp3_get_main_data_size.cpp. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2017-13319. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 8/8.1. It has been declared as problematic. Affected by this vulnerability is the function SensorService::isDataInjectionEnabled of the file of frameworks/native/services/sensorservice/SensorService.cpp. The manipulation leads to out-of-bounds read. This vulnerability is known as CVE-2017-13321. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in Google Android 7/7.1.1/7.1.2/8/8.1. This affects the function mv_err_cost of the file mcomp.c. The manipulation leads to out-of-bounds read. This vulnerability is uniquely identified as CVE-2018-9349. Access to the local network is required for this attack to succeed. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in Google Android up to 8.1. This vulnerability affects the function String16 of the file String16.cpp. The manipulation leads to out-of-bounds write. This vulnerability was named CVE-2017-13323. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Google Android 7/7.1.1/7.1.2/8/8.1. It has been rated as critical. This issue affects the function ih264e_fmt_conv_420p_to_420sp of the file ih264e_fmt_conv.c. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2018-9351. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in Google Android 7/7.1.1/7.1.2/8/8.1. Affected is the function ih264d_assign_pic_num of the file ih264d_utils.c. The manipulation leads to denial of service. This vulnerability is traded as CVE-2018-9350. It is possible to launch the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.