CVSS: 9.3EPSS: 0%CPEs: 28EXPL: 0CVE-2017-0416
https://notcve.org/view.php?id=CVE-2017-0416
08 Feb 2017 — An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32886609. • http://www.securityfocus.com/bid/96055 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-0424
https://notcve.org/view.php?id=CVE-2017-0424
08 Feb 2017 — An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it is a general bypass for a user level defense in depth or exploit mitigation technology in a privileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322450. • http://www.securityfocus.com/bid/96104 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2017-0443
https://notcve.org/view.php?id=CVE-2017-0443
08 Feb 2017 — An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32877494. • http://www.securityfocus.com/bid/96047 •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 2CVE-2017-0412 – Google Android - android.util.MemoryIntArray Ashmem Race Conditions
https://notcve.org/view.php?id=CVE-2017-0412
08 Feb 2017 — An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33039926. • https://packetstorm.news/files/id/141000 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0408
https://notcve.org/view.php?id=CVE-2017-0408
08 Feb 2017 — A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 7.1.1. Android ID: A-32769670. • http://www.securityfocus.com/bid/96092 •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2017-0437
https://notcve.org/view.php?id=CVE-2017-0437
08 Feb 2017 — An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32402310. • http://www.securityfocus.com/bid/96047 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2017-0407
https://notcve.org/view.php?id=CVE-2017-0407
08 Feb 2017 — A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. • http://www.securityfocus.com/bid/96046 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.6EPSS: 0%CPEs: 3EXPL: 0CVE-2016-8481
https://notcve.org/view.php?id=CVE-2016-8481
08 Feb 2017 — An elevation of privilege vulnerability in the Qualcomm sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31906415. • http://www.securityfocus.com/bid/96053 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2016-8414
https://notcve.org/view.php?id=CVE-2016-8414
08 Feb 2017 — An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31704078. • http://www.securityfocus.com/bid/96111 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 3CVE-2017-0411 – Google Android - Inter-process munmap in android.util.MemoryIntArray
https://notcve.org/view.php?id=CVE-2017-0411
08 Feb 2017 — An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33042690. • https://packetstorm.news/files/id/140999 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •