CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2017-0406
https://notcve.org/view.php?id=CVE-2017-0406
08 Feb 2017 — A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. • http://www.securityfocus.com/bid/96046 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 28EXPL: 0CVE-2017-0418
https://notcve.org/view.php?id=CVE-2017-0418
08 Feb 2017 — An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32703959. • http://www.securityfocus.com/bid/96055 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 11EXPL: 0CVE-2017-0421
https://notcve.org/view.php?id=CVE-2017-0421
08 Feb 2017 — An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32555637. • http://www.securityfocus.com/bid/96096 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-0448
https://notcve.org/view.php?id=CVE-2017-0448
08 Feb 2017 — An information disclosure vulnerability in the NVIDIA video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-32721029. • http://www.securityfocus.com/bid/96105 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2017-0426
https://notcve.org/view.php?id=CVE-2017-0426
08 Feb 2017 — An information disclosure vulnerability in the Filesystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32799236. • http://www.securityfocus.com/bid/96099 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2017-0436
https://notcve.org/view.php?id=CVE-2017-0436
08 Feb 2017 — An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32624661. • http://www.securityfocus.com/bid/96053 •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2017-0405
https://notcve.org/view.php?id=CVE-2017-0405
08 Feb 2017 — A remote code execution vulnerability in Surfaceflinger could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Surfaceflinger process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-31960359. • http://www.securityfocus.com/bid/96048 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2017-0429
https://notcve.org/view.php?id=CVE-2017-0429
08 Feb 2017 — An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32636619. • http://nvidia.custhelp.com/app/answers/detail/a_id/4561 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-0414
https://notcve.org/view.php?id=CVE-2017-0414
08 Feb 2017 — An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32807795. • http://www.securityfocus.com/bid/96063 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0450
https://notcve.org/view.php?id=CVE-2017-0450
08 Feb 2017 — An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it is mitigated by current platform configurations. Product: Android. Versions: N/A. Android ID: A-32917432. • http://www.securityfocus.com/bid/96109 •