CVSS: 9.3EPSS: 0%CPEs: 27EXPL: 0CVE-2017-0385
https://notcve.org/view.php?id=CVE-2017-0385
12 Jan 2017 — An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32585400. • http://www.securityfocus.com/bid/95239 •
CVSS: 7.1EPSS: 0%CPEs: 27EXPL: 0CVE-2017-0392
https://notcve.org/view.php?id=CVE-2017-0392
12 Jan 2017 — A denial of service vulnerability in VBRISeeker.cpp in libstagefright in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32577290. • http://www.securityfocus.com/bid/95230 •
CVSS: 9.3EPSS: 0%CPEs: 27EXPL: 0CVE-2017-0384
https://notcve.org/view.php?id=CVE-2017-0384
12 Jan 2017 — An elevation of privilege vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32095626. • http://www.securityfocus.com/bid/95239 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2017-0399
https://notcve.org/view.php?id=CVE-2017-0399
12 Jan 2017 — An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32588756. • http://www.securityfocus.com/bid/95226 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8396
https://notcve.org/view.php?id=CVE-2016-8396
12 Jan 2017 — An information disclosure vulnerability in the MediaTek video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-31249105. • http://www.securityfocus.com/bid/94712 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 26EXPL: 0CVE-2016-6766
https://notcve.org/view.php?id=CVE-2016-6766
12 Jan 2017 — A denial of service vulnerability in libmedia and libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31318219. • http://www.securityfocus.com/bid/94688 • CWE-19: Data Processing Errors •
CVSS: 4.3EPSS: 0%CPEs: 26EXPL: 0CVE-2016-6770
https://notcve.org/view.php?id=CVE-2016-6770
12 Jan 2017 — An elevation of privilege vulnerability in the Framework API could enable a local malicious application to access system functions beyond its access level. This issue is rated as Moderate because it is a local bypass of restrictions on a constrained process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-30202228. • http://www.securityfocus.com/bid/94702 • CWE-284: Improper Access Control •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6774
https://notcve.org/view.php?id=CVE-2016-6774
12 Jan 2017 — An information disclosure vulnerability in Package Manager could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 7.0. Android ID: A-31251489. • http://www.securityfocus.com/bid/94705 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.1EPSS: 0%CPEs: 24EXPL: 0CVE-2016-6765
https://notcve.org/view.php?id=CVE-2016-6765
12 Jan 2017 — A denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 7.0. Android ID: A-31449945. • http://www.securityfocus.com/bid/94688 • CWE-19: Data Processing Errors •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2016-6788
https://notcve.org/view.php?id=CVE-2016-6788
12 Jan 2017 — An elevation of privilege vulnerability in the MediaTek I2C driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31224428. • http://www.securityfocus.com/bid/94687 • CWE-264: Permissions, Privileges, and Access Controls •