CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2017-0753
https://notcve.org/view.php?id=CVE-2017-0753
A remote code execution vulnerability in the Android libraries (libgdx). Product: Android. Versions: 7.1.1, 7.1.2, 8.0. Android ID: A-62218744. Existe una vulnerabilidad de ejecución remota de código en las bibliotecas Android (libgdx). • http://www.securityfocus.com/bid/100650 https://source.android.com/security/bulletin/2017-09-01 •
CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0CVE-2017-0761
https://notcve.org/view.php?id=CVE-2017-0761
A remote code execution vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-38448381. Existe una vulnerabilidad de ejecución remota de código en el media framework de Android (libavc). • http://www.securityfocus.com/bid/100649 https://source.android.com/security/bulletin/2017-09-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 13EXPL: 0CVE-2017-0763
https://notcve.org/view.php?id=CVE-2017-0763
A remote code execution vulnerability in the Android media framework (libhevc). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62534693. Existe una vulnerabilidad de ejecución remota de código en el media framework de Android (libhevc). • http://www.securityfocus.com/bid/100649 https://source.android.com/security/bulletin/2017-09-01 •
CVSS: 7.1EPSS: 0%CPEs: 30EXPL: 0CVE-2017-0775
https://notcve.org/view.php?id=CVE-2017-0775
A denial of service vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62673179. Existe una vulnerabilidad de denegación de servicio en el media framework de Android (libstagefright). • http://www.securityfocus.com/bid/100649 https://source.android.com/security/bulletin/2017-09-01 • CWE-834: Excessive Iteration •
CVSS: 5.9EPSS: 96%CPEs: 60EXPL: 2CVE-2016-2107 – OpenSSL - Padding Oracle in AES-NI CBC MAC Check
https://notcve.org/view.php?id=CVE-2016-2107
The AES-NI implementation in OpenSSL before 1.0.1t and 1.0.2 before 1.0.2h does not consider memory allocation during a certain padding check, which allows remote attackers to obtain sensitive cleartext information via a padding-oracle attack against an AES CBC session. NOTE: this vulnerability exists because of an incorrect fix for CVE-2013-0169. La implementación de AES-NI en OpenSSL en versiones anteriores a 1.0.1t y 1.0.2 en versiones anteriores a 1.0.2h no considera la asignación de memoria durante una comprobación de relleno determinada, lo que permite a atacantes remotos obtener información de texto claro sensible a través de un ataque de padding-oracle contra una sesión AES CBC . NOTA: esta vulnerabilidad existe debido a una corrección incorrecta para CVE-2013-0169. It was discovered that OpenSSL leaked timing information when decrypting TLS/SSL and DTLS protocol encrypted records when the connection used the AES CBC cipher suite and the server supported AES-NI. • https://www.exploit-db.com/exploits/39768 https://github.com/FiloSottile/CVE-2016-2107 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10759 http://lists.apple.com/archives/security-announce/2016/Jul/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183457.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/183607.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184605.html http://lists.opensuse.org/opensuse-security • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-310: Cryptographic Issues •