CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2017-0554
https://notcve.org/view.php?id=CVE-2017-0554
An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. This issue is rated as Moderate because it could be used to gain access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33815946. • http://www.securityfocus.com/bid/97343 http://www.securitytracker.com/id/1038201 https://source.android.com/security/bulletin/2017-04-01 • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-0555
https://notcve.org/view.php?id=CVE-2017-0555
An information disclosure vulnerability in libavc in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33551775. • http://www.securityfocus.com/bid/97332 http://www.securitytracker.com/id/1038201 https://android.googlesource.com/platform/external/libavc/+/0b23c81c3dd9ec38f7e6806a3955fed1925541a0 https://source.android.com/security/bulletin/2017-04-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 28EXPL: 0CVE-2017-0546
https://notcve.org/view.php?id=CVE-2017-0546
An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32628763. • http://www.securityfocus.com/bid/97341 http://www.securitytracker.com/id/1038201 https://source.android.com/security/bulletin/2017-04-01 • CWE-476: NULL Pointer Dereference •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2017-0550
https://notcve.org/view.php?id=CVE-2017-0550
A remote denial of service vulnerability in libavc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33933140. • http://www.securityfocus.com/bid/97336 http://www.securitytracker.com/id/1038201 https://android.googlesource.com/platform/external/libavc/+/7950bf47b6944546a0aff11a7184947de9591b51 https://source.android.com/security/bulletin/2017-04-01 •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2017-0542
https://notcve.org/view.php?id=CVE-2017-0542
A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33934721. • http://www.securityfocus.com/bid/97330 http://www.securitytracker.com/id/1038201 https://android.googlesource.com/platform/external/libavc/+/33ef7de9ddc8ea7eb9cbc440d1cf89957a0c267b https://source.android.com/security/bulletin/2017-04-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •