CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10274
https://notcve.org/view.php?id=CVE-2016-10274
An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202412. • http://www.securityfocus.com/bid/98145 https://source.android.com/security/bulletin/2017-05-01 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 29EXPL: 0CVE-2017-0602
https://notcve.org/view.php?id=CVE-2017-0602
An information disclosure vulnerability in Bluetooth could allow a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate due to details specific to the vulnerability. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34946955. • http://www.securityfocus.com/bid/98141 https://source.android.com/security/bulletin/2017-05-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 6EXPL: 0CVE-2017-0599
https://notcve.org/view.php?id=CVE-2017-0599
A remote denial of service vulnerability in libhevc in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34672748. • http://www.securityfocus.com/bid/98134 https://android.googlesource.com/platform/external/libhevc/+/a1424724a00d62ac5efa0e27953eed66850d662f https://source.android.com/security/bulletin/2017-05-01 • CWE-252: Unchecked Return Value •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10282
https://notcve.org/view.php?id=CVE-2016-10282
An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33939045. • http://www.securityfocus.com/bid/98159 https://source.android.com/security/bulletin/2017-05-01 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2017-0591
https://notcve.org/view.php?id=CVE-2017-0591
A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34097672. • http://www.securityfocus.com/bid/98124 https://android.googlesource.com/platform/external/libavc/+/5c3fd5d93a268abb20ff22f26009535b40db3c7d https://source.android.com/security/bulletin/2017-05-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •