CVE-2017-3750
https://notcve.org/view.php?id=CVE-2017-3750
On Lenovo VIBE mobile phones, the Lenovo Security Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3749. En los teléfonos móviles Lenovo VIBE, la aplicación de Android Lenovo Security permite que los datos privados se copien y restauren mediante Android Debug Bridge, lo que permite la falsificación que conduce a un escalado de privilegios junto con CVE-2017-3748 y CVE-2017-3749. • https://support.lenovo.com/us/en/product_security/LEN-15823 •
CVE-2017-3748
https://notcve.org/view.php?id=CVE-2017-3748
On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device). En los teléfonos móviles Lenovo VIBE, los controles de acceso incorrectos en el componente nac_server puede emplearse junto con CVE-2017-3749 y CVE-2017-3750 para elevar los privilegios a usuario root (conocido comúnmente como "rooting" o "jail breaking" de un dispositivo). • http://www.securityfocus.com/bid/99295 https://support.lenovo.com/us/en/product_security/LEN-15823 •
CVE-2015-3840
https://notcve.org/view.php?id=CVE-2015-3840
The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission. El servicio MessageStatusReceiver en AndroidManifest.XML en Android 5.1.1 y versiones anteriores permite a usuarios locales alterar los estados de mensajes SMS y MMS enviados / recibidos sin el permiso "WRITE_SMS" asociado. • http://blog.trendmicro.com/trendlabs-security-intelligence/os-x-zero-days-on-the-rise-a-2015-midyear-review-on-advanced-attack-surfaces http://blog.trendmicro.com/trendlabs-security-intelligence/two-new-android-bugs-mess-up-messaging-may-lead-to-multiple-send-charges https://huntcve.github.io/2017/02/13/cveupdate • CWE-284: Improper Access Control •
CVE-2017-0600
https://notcve.org/view.php?id=CVE-2017-0600
A remote denial of service vulnerability in libstagefright in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35269635. • https://android.googlesource.com/platform/frameworks/av/+/961e5ac5788b52304e64b9a509781beaf5201fb0 https://source.android.com/security/bulletin/2017-05-01 •
CVE-2016-10282
https://notcve.org/view.php?id=CVE-2016-10282
An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33939045. • http://www.securityfocus.com/bid/98159 https://source.android.com/security/bulletin/2017-05-01 • CWE-264: Permissions, Privileges, and Access Controls •