CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-0694
https://notcve.org/view.php?id=CVE-2017-0694
06 Jul 2017 — A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37093318. Una vulnerabilidad de denegación de servicio en el framework multimedia de Android. • http://www.securityfocus.com/bid/99478 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-0695
https://notcve.org/view.php?id=CVE-2017-0695
06 Jul 2017 — A denial of service vulnerability in the Android media framework. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37094889. Una vulnerabilidad de denegación de servicio en el framework multimedia de Android. • http://www.securityfocus.com/bid/99478 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-0697
https://notcve.org/view.php?id=CVE-2017-0697
06 Jul 2017 — A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37239013. Una vulnerabilidad de denegación de servicio en el framework multimedia de Android. • http://www.securityfocus.com/bid/99478 • CWE-772: Missing Release of Resource after Effective Lifetime •
CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2017-0703
https://notcve.org/view.php?id=CVE-2017-0703
06 Jul 2017 — A elevation of privilege vulnerability in the Android system ui. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-33123882. Una vulnerabilidad de elevación de privilegios en la interfaz de usuario del sistema Android. • http://www.securityfocus.com/bid/99472 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 0CVE-2017-3748
https://notcve.org/view.php?id=CVE-2017-3748
29 Jun 2017 — On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device). En los teléfonos móviles Lenovo VIBE, los controles de acceso incorrectos en el componente nac_server puede emplearse junto con CVE-2017-3749 y CVE-2017-3750 para elevar los privilegios a usuario root (conocido comúnmente como "rooting" o "jail breaking" de un disp... • http://www.securityfocus.com/bid/99295 •
CVSS: 6.9EPSS: 0%CPEs: 21EXPL: 0CVE-2017-3749
https://notcve.org/view.php?id=CVE-2017-3749
29 Jun 2017 — On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750. En los teléfonos móviles Lenovo VIBE, la aplicación de Android Idea Friend permite que los datos privados se copien y restauren mediante Android Debug Bridge, lo que permite la falsificación que conduce a un escalado de privilegios junto con CVE-2017-3748 y CVE-2... • https://support.lenovo.com/us/en/product_security/LEN-15823 •
CVSS: 6.9EPSS: 0%CPEs: 21EXPL: 0CVE-2017-3750
https://notcve.org/view.php?id=CVE-2017-3750
29 Jun 2017 — On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749. En los teléfonos móviles Lenovo VIBE, la aplicación de Android Lenovo Security permite que los datos privados se copien y restauren mediante Android Debug Bridge, lo que permite la falsificación que conduce a un escalado de privilegios junto con CVE-2017-3748... • https://support.lenovo.com/us/en/product_security/LEN-15823 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2015-3840
https://notcve.org/view.php?id=CVE-2015-3840
27 Jun 2017 — The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission. El servicio MessageStatusReceiver en AndroidManifest.XML en Android 5.1.1 y versiones anteriores permite a usuarios locales alterar los estados de mensajes SMS y MMS enviados / recibidos sin el permiso "WRITE_SMS" asociado. • http://blog.trendmicro.com/trendlabs-security-intelligence/os-x-zero-days-on-the-rise-a-2015-midyear-review-on-advanced-attack-surfaces • CWE-284: Improper Access Control •
CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0CVE-2017-0637
https://notcve.org/view.php?id=CVE-2017-0637
14 Jun 2017 — A remote code execution vulnerability in libhevc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process.Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34064500. Una vulnerabilidad de ejecución remota de código en libhevc en Mediaserver podría permitir a un atacant... • http://www.securityfocus.com/bid/98868 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-0639
https://notcve.org/view.php?id=CVE-2017-0639
14 Jun 2017 — An information disclosure vulnerability in Bluetooth component could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35310991. • http://www.securityfocus.com/bid/98871 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •