CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10398
https://notcve.org/view.php?id=CVE-2016-10398
Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by a weak challenge. This allows adversaries to replay previously captured responses and use the TEE without authenticating. All apps using authentication-gated cryptography are vulnerable to this attack, which was confirmed on the LG Nexus 5X. Android versión 6.0, presenta un bypass de autenticación para los atacantes con acceso root y físico. • https://homepages.staff.os3.nl/~delaat/rp/2015-2016/p30/report.pdf • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6249
https://notcve.org/view.php?id=CVE-2017-6249
An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34373711. • http://www.securityfocus.com/bid/99616 http://www.securitytracker.com/id/1038623 https://source.android.com/security/bulletin/2017-06-01 •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7953
https://notcve.org/view.php?id=CVE-2014-7953
Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running "pm install" with the target apk, and simultaneously running a crafted script to process logcat's output looking for a dexopt line, which once found should execute bindBackupAgent with the uid member of the ApplicationInfo parameter set to 1000. Condición de carrera en el método bindBackupAgent en el ActivityManagerService en Android 4.4.4 permite a los usuarios locales con un shell adb ejecutar un código arbitrario o cualquier paquete válido como sistema mediante la ejecución de "pm install " con un objetivo apk, y simultáneamente ejecutando un script manipulado al proceso de salida de logcat buscando la línea dexopt, el cual una vez encontrada debiera ejecutar bindBackupAgent con el miembro uid de los parámetros puesto a 1000 de ApplicationInfo. • http://seclists.org/fulldisclosure/2015/Apr/52 http://www.securityfocus.com/archive/1/535296/100/1100/threaded http://www.securityfocus.com/bid/74213 https://android.googlesource.com/platform/frameworks/base/+/a8f6d1b%5E%21 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0326
https://notcve.org/view.php?id=CVE-2017-0326
An information disclosure vulnerability in the NVIDIA Video Driver due to an out-of-bounds read function in the Tegra Display Controller driver could result in possible information disclosure. This issue is rated as Moderate. Product: Android. Version: N/A. Android ID: A-33718700. • http://nvidia.custhelp.com/app/answers/detail/a_id/4561 http://www.securityfocus.com/bid/99477 https://source.android.com/security/bulletin/2017-07-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0340
https://notcve.org/view.php?id=CVE-2017-0340
An elevation of privilege vulnerability in the NVIDIA Libnvparser component due to a memcpy into a fixed sized buffer with a user-controlled size could lead to a memory corruption and possible remote code execution. This issue is rated as High. Product: Android. Version: N/A. Android ID: A-33968204. • http://www.securityfocus.com/bid/99477 https://source.android.com/security/bulletin/2017-07-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •