CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-13286
https://notcve.org/view.php?id=CVE-2017-13286
In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due to mismatched serialization. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. • https://github.com/UmVfX1BvaW50/CVE-2017-13286 https://source.android.com/security/bulletin/2018-04-01 • CWE-502: Deserialization of Untrusted Data •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13297
https://notcve.org/view.php?id=CVE-2017-13297
A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71766721. Existe una vulnerabilidad de revelación de información en el media framework de Android (libhevc). • https://source.android.com/security/bulletin/pixel/2018-04-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13298
https://notcve.org/view.php?id=CVE-2017-13298
A information disclosure vulnerability in the Android media framework (libhavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72117051. Existe una vulnerabilidad de revelación de información en el media framework de Android (libhavc). • https://source.android.com/security/bulletin/pixel/2018-04-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-13300
https://notcve.org/view.php?id=CVE-2017-13300
A denial of service vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1. Android ID: A-71567394. Existe una vulnerabilidad de denegación de servicio en el media framework en Android (libhevc). • https://source.android.com/security/bulletin/pixel/2018-04-01 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2017-13283
https://notcve.org/view.php?id=CVE-2017-13283
In avrc_ctrl_pars_vendor_rsp of bluetooth avrcp_ctrl, there is a possible out of bounds write on the stack due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • http://www.securityfocus.com/bid/105482 https://source.android.com/security/bulletin/2018-04-01 • CWE-787: Out-of-bounds Write •