CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9725 – kernel: Incorrect type conversion for size during dma allocation
https://notcve.org/view.php?id=CVE-2017-9725
21 Sep 2017 — In all Qualcomm products with Android releases from CAF using the Linux kernel, during DMA allocation, due to wrong data type of size, allocation size gets truncated which makes allocation succeed when it should fail. En todos los productos Qualcomm con distribuciones Android desde CAF empleando el kernel Linux, durante la asignación de DMA, el tamaño de asignación se trunca, lo que permite que la asignación sea un éxito cuando debería fallar. Esto se debe a un tipo de tamaño de datos erróneo. A flaw was fo... • http://www.securityfocus.com/bid/100658 • CWE-681: Incorrect Conversion between Numeric Types CWE-682: Incorrect Calculation •
CVSS: 9.8EPSS: 0%CPEs: 14EXPL: 0CVE-2017-7375 – Ubuntu Security Notice USN-3424-2
https://notcve.org/view.php?id=CVE-2017-7375
19 Sep 2017 — A flaw in libxml2 allows remote XML entity inclusion with default parser flags (i.e., when the caller did not request entity substitution, DTD validation, external DTD subset loading, or default DTD attributes). Depending on the context, this may expose a higher-risk attack surface in libxml2 not usually reachable with default parser flags, and expose content from local files, HTTP, or FTP servers (which might be otherwise unreachable). Un error en libxml2 permite la inclusión de entidades XML con marcas de... • http://www.securityfocus.com/bid/98877 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 10.0EPSS: 39%CPEs: 11EXPL: 1CVE-2017-7376 – Ubuntu Security Notice USN-3424-2
https://notcve.org/view.php?id=CVE-2017-7376
19 Sep 2017 — Buffer overflow in libxml2 allows remote attackers to execute arbitrary code by leveraging an incorrect limit for port values when handling redirects. Desbordamiento de búfer en libxml2 permite que atacantes remotos ejecuten código arbitrario aprovechando un límite incorrecto para los valores del puerto cuando se gestionan las redirecciones. It was discovered that a type confusion error existed in libxml2. An attacker could use this to specially construct XML data that could cause a denial of service or pos... • https://github.com/brahmstaedt/libxml2-exploit • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 41%CPEs: 30EXPL: 9CVE-2017-0781 – LineageOS 14.1 Blueborne - Remote Code Execution
https://notcve.org/view.php?id=CVE-2017-0781
14 Sep 2017 — A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146105. Existe una vulnerabilidad de ejecución remota de código en el sistema Android (bluetooth). • https://packetstorm.news/files/id/147076 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.5EPSS: 0%CPEs: 30EXPL: 0CVE-2017-0783
https://notcve.org/view.php?id=CVE-2017-0783
14 Sep 2017 — A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63145701. Existe una vulnerabilidad de divulgación de información en el sistema de Android (bluetooth). • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.5EPSS: 9%CPEs: 30EXPL: 10CVE-2017-0785 – Android Bluetooth - 'Blueborne' Information Leak
https://notcve.org/view.php?id=CVE-2017-0785
14 Sep 2017 — A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146698. Existe una vulnerabilidad de divulgación de información en el sistema de Android (bluetooth). • https://www.exploit-db.com/exploits/44555 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 45%CPEs: 30EXPL: 0CVE-2017-0782
https://notcve.org/view.php?id=CVE-2017-0782
14 Sep 2017 — A remote code execution vulnerability in the Android system (bluetooth). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63146237. Existe una vulnerabilidad de ejecución remota de código en el sistema Android (bluetooth). • http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.3EPSS: 0%CPEs: 29EXPL: 0CVE-2017-0752
https://notcve.org/view.php?id=CVE-2017-0752
08 Sep 2017 — A elevation of privilege vulnerability in the Android framework (windowmanager). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-62196835. Existe una vulnerabilidad de elevación de privilegios en el framework de Android (windowmanager). • http://www.securityfocus.com/bid/100673 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 9.3EPSS: 0%CPEs: 13EXPL: 0CVE-2017-0755
https://notcve.org/view.php?id=CVE-2017-0755
08 Sep 2017 — A elevation of privilege vulnerability in the Android libraries (libminikin). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-32178311. Existe una vulnerabilidad de elevación de privilegios en las librerías de Android (libminikin). • http://www.securityfocus.com/bid/100650 •
CVSS: 9.3EPSS: 0%CPEs: 29EXPL: 0CVE-2017-0756
https://notcve.org/view.php?id=CVE-2017-0756
08 Sep 2017 — A remote code execution vulnerability in the Android media framework (libstagefright). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34621073. Existe una vulnerabilidad de ejecución remota de código en el media framework de Android (libstagefright). • http://www.securityfocus.com/bid/100649 • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •