CVSS: 9.3EPSS: 0%CPEs: 28EXPL: 0CVE-2017-0546
https://notcve.org/view.php?id=CVE-2017-0546
07 Apr 2017 — An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32628763. • http://www.securityfocus.com/bid/97341 • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 28EXPL: 0CVE-2017-0547
https://notcve.org/view.php?id=CVE-2017-0547
07 Apr 2017 — An information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33861560. • http://www.securityfocus.com/bid/97338 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.6EPSS: 0%CPEs: 11EXPL: 0CVE-2017-0553 – libnl: Integer overflow in nlmsg_reserve()
https://notcve.org/view.php?id=CVE-2017-0553
07 Apr 2017 — An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. • http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 1CVE-2017-0554
https://notcve.org/view.php?id=CVE-2017-0554
07 Apr 2017 — An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. This issue is rated as Moderate because it could be used to gain access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33815946. • https://github.com/lanrat/tethr • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 28EXPL: 0CVE-2017-0558
https://notcve.org/view.php?id=CVE-2017-0558
07 Apr 2017 — An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34056274. • http://www.securityfocus.com/bid/97332 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 28EXPL: 0CVE-2017-0559
https://notcve.org/view.php?id=CVE-2017-0559
07 Apr 2017 — An information disclosure vulnerability in libskia could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33897722. • http://www.securityfocus.com/bid/97352 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 28EXPL: 0CVE-2017-0560
https://notcve.org/view.php?id=CVE-2017-0560
07 Apr 2017 — An information disclosure vulnerability in the factory reset process could enable a local malicious attacker to access data from the previous owner. This issue is rated as Moderate due to the possibility of bypassing device protection. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30681079. • http://www.securityfocus.com/bid/97360 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0562
https://notcve.org/view.php?id=CVE-2017-0562
07 Apr 2017 — An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202425. • http://www.securityfocus.com/bid/97345 •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0565
https://notcve.org/view.php?id=CVE-2017-0565
07 Apr 2017 — An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175904. • http://www.securityfocus.com/bid/97349 •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0566
https://notcve.org/view.php?id=CVE-2017-0566
07 Apr 2017 — An elevation of privilege vulnerability in the MediaTek camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28470975. • http://www.securityfocus.com/bid/97351 •