CVE-2018-9377

HIGH Year: 2018
CVSS v3 Score
8.4
High
Weakness Type
CWE-908
View all →

Vulnerability Description

In getIntentForIntentSender of ActivityManagerService.java, there is a possible way to access user metadata due to a pending intent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

Related Vulnerabilities

CVE-2020-11260

HIGH
CVSS:8.4(High)

An improper free of uninitialized memory can occur in DIAG services in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile

CWE-9082020

CVE-2020-13113

HIGH
CVSS:8.2(High)

An issue was discovered in libexif before 0.6.22. Use of uninitialized memory in EXIF Makernote handling could lead to crashes and potential use-after-free conditions.

CWE-9082020

CVE-2024-7868

LOW
CVSS:8.2(High)

In Xpdf 4.05 (and earlier), invalid header info in a DCT (JPEG) stream can lead to an uninitialized variable in the DCT decoder. The proof-of-concept PDF file causes a segfault attempting to read from...

CWE-9082024

CVE-2022-29240

HIGH
CVSS:8.1(High)

Scylla is a real-time big data database that is API-compatible with Apache Cassandra and Amazon DynamoDB. When decompressing CQL frame received from user, Scylla assumes that user-provided uncompresse...

CWE-9082022

CVE-2008-2934

HIGH
CVSS:8.8(High)

Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an...

CWE-9082008

CVE-2008-3475

HIGH
CVSS:8.8(High)

Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remo...

CWE-9082008