CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2017-2278
https://notcve.org/view.php?id=CVE-2017-2278
The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Las versiones 2.0.3 y anteriores de la aplicación RBB SPEED TEST App para Android, así como las versiones 2.1.0 y anteriores para iOS no verifican certificados X.509 desde servidores SSL. Esto permite a los atacantes que realicen Man-in-the-Middle (MitM) suplantar servidores y obtener información sensible utilizando un certificado manipulado. • http://www.iid.co.jp/information/170714.html https://jvn.jp/en/jp/JVN24238648/index.html • CWE-295: Improper Certificate Validation •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6249
https://notcve.org/view.php?id=CVE-2017-6249
An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34373711. • http://www.securityfocus.com/bid/99616 http://www.securitytracker.com/id/1038623 https://source.android.com/security/bulletin/2017-06-01 •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7953
https://notcve.org/view.php?id=CVE-2014-7953
Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running "pm install" with the target apk, and simultaneously running a crafted script to process logcat's output looking for a dexopt line, which once found should execute bindBackupAgent with the uid member of the ApplicationInfo parameter set to 1000. Condición de carrera en el método bindBackupAgent en el ActivityManagerService en Android 4.4.4 permite a los usuarios locales con un shell adb ejecutar un código arbitrario o cualquier paquete válido como sistema mediante la ejecución de "pm install " con un objetivo apk, y simultáneamente ejecutando un script manipulado al proceso de salida de logcat buscando la línea dexopt, el cual una vez encontrada debiera ejecutar bindBackupAgent con el miembro uid de los parámetros puesto a 1000 de ApplicationInfo. • http://seclists.org/fulldisclosure/2015/Apr/52 http://www.securityfocus.com/archive/1/535296/100/1100/threaded http://www.securityfocus.com/bid/74213 https://android.googlesource.com/platform/frameworks/base/+/a8f6d1b%5E%21 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-0668
https://notcve.org/view.php?id=CVE-2017-0668
A information disclosure vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-22011579. Una vulnerabilidad de divulgación de información en el Framework de Android. • http://www.securityfocus.com/bid/99470 https://source.android.com/security/bulletin/2017-07-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2017-0666
https://notcve.org/view.php?id=CVE-2017-0666
A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37285689. Una vulnerabilidad de elevación de privilegios en el Framework de Android. • http://www.securityfocus.com/bid/99470 https://source.android.com/security/bulletin/2017-07-01 • CWE-682: Incorrect Calculation •