CVE-2017-13203
https://notcve.org/view.php?id=CVE-2017-13203
An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63122634. Existe una vulnerabilidad de divulgación de información en el media framework de Android (libavc). • https://android.googlesource.com/platform/external/libavc/+/e86d3cfd2bc28dac421092106751e5638d54a848 https://source.android.com/security/bulletin/pixel/2018-01-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-0846
https://notcve.org/view.php?id=CVE-2017-0846
An information disclosure vulnerability in the Android framework (clipboardservice). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64934810. Existe una vulnerabilidad de revelación de información en el framework de Android (clipboardservice). • https://source.android.com/security/bulletin/pixel/2018-01-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-0855
https://notcve.org/view.php?id=CVE-2017-0855
In MPEG4Extractor.cpp, there are several places where functions return early without cleaning up internal buffers which could lead to memory leaks. This could lead to remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. • http://www.securityfocus.com/bid/102414 http://www.securitytracker.com/id/1040106 https://source.android.com/security/bulletin/2018-01-01 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVE-2017-13200
https://notcve.org/view.php?id=CVE-2017-13200
An information disclosure vulnerability in the Android media framework (av) related to id3 unsynchronization. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63100526. Existe una vulnerabilidad de revelación de información en el media framework de Android (av), relacionado con la sincronización id3. • https://android.googlesource.com/platform/frameworks/av/+/dd3ca4d6b81a9ae2ddf358b7b93d2f8c010921f5 https://source.android.com/security/bulletin/pixel/2018-01-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-13184
https://notcve.org/view.php?id=CVE-2017-13184
In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyncInjector. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. • http://www.securityfocus.com/bid/102414 http://www.securitytracker.com/id/1040106 https://source.android.com/security/bulletin/2018-01-01 • CWE-416: Use After Free •