CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11041
https://notcve.org/view.php?id=CVE-2017-11041
21 Sep 2017 — In all Qualcomm products with Android releases from CAF using the Linux kernel, an output buffer is accessed in one thread and can be potentially freed in another. En todos los productos Qualcomm con sistemas operativos Android distribuidos desde el CAF utilizando el kernel de Linux, se puede acceder a un búfer de salida en un hilo y se podría liberar en otro. • http://www.securityfocus.com/bid/100658 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-11000
https://notcve.org/view.php?id=CVE-2017-11000
21 Sep 2017 — In all Qualcomm products with Android releases from CAF using the Linux kernel, in an ISP Camera kernel driver function, an incorrect bounds check may potentially lead to an out-of-bounds write. En todos los productos Qualcomm con sistemas operativos Android distribuidos desde el CAF utilizando el kernel de Linux, en una función del driver del kernel de ISP Camera, una comprobación en los límites incorrectos podría provocar una escritura fuera de límites. • http://www.securityfocus.com/bid/100658 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9677
https://notcve.org/view.php?id=CVE-2017-9677
21 Sep 2017 — In all Qualcomm products with Android releases from CAF using the Linux kernel, in function msm_compr_ioctl_shared, variable "ddp->params_length" could be accessed and modified by multiple threads, while it is not protected with locks. If one thread is running, while another thread is setting data, race conditions will happen. If "ddp->params_length" is set to a big number, a buffer overflow will occur. En la función msm_compr_ioctl_shared en todos los productos Qualcomm con distribuciones Android desde CAF... • http://www.securityfocus.com/bid/100658 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2017-7375 – Ubuntu Security Notice USN-3424-2
https://notcve.org/view.php?id=CVE-2017-7375
19 Sep 2017 — A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable). Un error en libxml2 permite la inclusión de entidades XML con marcas de... • http://www.securityfocus.com/bid/98877 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 10%CPEs: 11EXPL: 1CVE-2017-7376 – Ubuntu Security Notice USN-3424-2
https://notcve.org/view.php?id=CVE-2017-7376
19 Sep 2017 — Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects. Desbordamiento de búfer en libxml2 permite que atacantes remotos ejecuten código arbitrario aprovechando un límite incorrecto para los valores del puerto cuando se gestionan las redirecciones. It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or pos... • https://github.com/brahmstaedt/libxml2-exploit • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 30EXPL: 0CVE-2017-0782
https://notcve.org/view.php?id=CVE-2017-0782
14 Sep 2017 — A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146237. Existe una vulnerabilidad de ejecución remota de código en el sistema Android (bluetooth). • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.5EPSS: 1%CPEs: 30EXPL: 10CVE-2017-0785 – Android Bluetooth - 'Blueborne' Information Leak
https://notcve.org/view.php?id=CVE-2017-0785
14 Sep 2017 — A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698. Existe una vulnerabilidad de divulgación de información en el sistema de Android (bluetooth). • https://www.exploit-db.com/exploits/44555 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 0%CPEs: 30EXPL: 0CVE-2017-0783
https://notcve.org/view.php?id=CVE-2017-0783
14 Sep 2017 — A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701. Existe una vulnerabilidad de divulgación de información en el sistema de Android (bluetooth). • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 2%CPEs: 30EXPL: 9CVE-2017-0781 – LineageOS 14.1 Blueborne - Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-0781
14 Sep 2017 — A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105. Existe una vulnerabilidad de ejecución remota de código en el sistema Android (bluetooth). • https://packetstorm.news/files/id/147076 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0798
https://notcve.org/view.php?id=CVE-2017-0798
08 Sep 2017 — A elevation of privilege vulnerability in the MediaTek kernel. Product: Android. Versions: Android kernel. Android ID: A-36100671. References: M-ALPS03365532. • http://www.securityfocus.com/bid/100652 •