CVE-2014-7953
https://notcve.org/view.php?id=CVE-2014-7953
Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running "pm install" with the target apk, and simultaneously running a crafted script to process logcat's output looking for a dexopt line, which once found should execute bindBackupAgent with the uid member of the ApplicationInfo parameter set to 1000. Condición de carrera en el método bindBackupAgent en el ActivityManagerService en Android 4.4.4 permite a los usuarios locales con un shell adb ejecutar un código arbitrario o cualquier paquete válido como sistema mediante la ejecución de "pm install " con un objetivo apk, y simultáneamente ejecutando un script manipulado al proceso de salida de logcat buscando la línea dexopt, el cual una vez encontrada debiera ejecutar bindBackupAgent con el miembro uid de los parámetros puesto a 1000 de ApplicationInfo. • http://seclists.org/fulldisclosure/2015/Apr/52 http://www.securityfocus.com/archive/1/535296/100/1100/threaded http://www.securityfocus.com/bid/74213 https://android.googlesource.com/platform/frameworks/base/+/a8f6d1b%5E%21 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2017-0668
https://notcve.org/view.php?id=CVE-2017-0668
A information disclosure vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-22011579. Una vulnerabilidad de divulgación de información en el Framework de Android. • http://www.securityfocus.com/bid/99470 https://source.android.com/security/bulletin/2017-07-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-0666
https://notcve.org/view.php?id=CVE-2017-0666
A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37285689. Una vulnerabilidad de elevación de privilegios en el Framework de Android. • http://www.securityfocus.com/bid/99470 https://source.android.com/security/bulletin/2017-07-01 • CWE-682: Incorrect Calculation •
CVE-2017-0690
https://notcve.org/view.php?id=CVE-2017-0690
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36592202. Una vulnerabilidad de denegación de servicio en el framework multimedia de Android. • http://www.securityfocus.com/bid/99478 https://source.android.com/security/bulletin/2017-07-01 • CWE-400: Uncontrolled Resource Consumption •
CVE-2017-0692
https://notcve.org/view.php?id=CVE-2017-0692
A denial of service vulnerability in the Android media framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36725407. Una vulnerabilidad de denegación de servicio en el framework multimedia de Android. • http://www.securityfocus.com/bid/99478 https://source.android.com/security/bulletin/2017-07-01 • CWE-674: Uncontrolled Recursion •