CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2017-0388
https://notcve.org/view.php?id=CVE-2017-0388
12 Jan 2017 — An elevation of privilege vulnerability in the External Storage Provider could enable a local secondary user to read data from an external storage SD card inserted by the primary user. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32523490. • http://www.securityfocus.com/bid/95252 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 27EXPL: 0CVE-2017-0395
https://notcve.org/view.php?id=CVE-2017-0395
12 Jan 2017 — An elevation of privilege vulnerability in Contacts could enable a local malicious application to silently create contact information. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32219099. • http://www.securityfocus.com/bid/95261 •
CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 0CVE-2017-0387
https://notcve.org/view.php?id=CVE-2017-0387
12 Jan 2017 — An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32660278. • http://www.securityfocus.com/bid/95258 •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8433
https://notcve.org/view.php?id=CVE-2016-8433
12 Jan 2017 — An elevation of privilege vulnerability in the MediaTek driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31750190. • http://www.securityfocus.com/bid/95253 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-0389
https://notcve.org/view.php?id=CVE-2017-0389
12 Jan 2017 — A denial of service vulnerability in core networking could enable a remote attacker to use specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31850211. • http://www.securityfocus.com/bid/95251 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 27EXPL: 0CVE-2017-0396
https://notcve.org/view.php?id=CVE-2017-0396
12 Jan 2017 — An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31781965. • http://www.securityfocus.com/bid/95232 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-0401
https://notcve.org/view.php?id=CVE-2017-0401
12 Jan 2017 — An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32588016. • http://www.securityfocus.com/bid/95226 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8423
https://notcve.org/view.php?id=CVE-2016-8423
12 Jan 2017 — An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31399736. • http://www.securityfocus.com/bid/95241 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 10EXPL: 0CVE-2017-0381 – Apple Security Advisory 2017-10-31-8
https://notcve.org/view.php?id=CVE-2017-0381
12 Jan 2017 — An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31607432. • http://www.securityfocus.com/bid/95248 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2017-0382
https://notcve.org/view.php?id=CVE-2017-0382
12 Jan 2017 — A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32338390. • http://www.securityfocus.com/bid/95247 •