CVE-2017-13156 – Android Janus - APK Signature Bypass
https://notcve.org/view.php?id=CVE-2017-13156
An elevation of privilege vulnerability in the Android system (art). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-64211847. Existe una vulnerabilidad de elevación de privilegios en el sistema de Android (art). • https://www.exploit-db.com/exploits/47601 https://github.com/xyzAsian/Janus-CVE-2017-13156 https://github.com/tea9/CVE-2017-13156-Janus https://github.com/M507/CVE-2017-13156 https://github.com/nahid0x1/Janus-Vulnerability-CVE-2017-13156-Exploit http://packetstormsecurity.com/files/155189/Android-Janus-APK-Signature-Bypass.html http://www.securityfocus.com/bid/102109 https://source.android.com/security/bulletin/2017-12-01 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVE-2017-0874
https://notcve.org/view.php?id=CVE-2017-0874
A denial of service vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID A-63315932. Existe una vulnerabilidad de denegación de servicio en el framework multimedia en Android (libavc). • http://www.securityfocus.com/bid/102126 https://source.android.com/security/bulletin/2017-12-01 • CWE-20: Improper Input Validation •
CVE-2017-0845
https://notcve.org/view.php?id=CVE-2017-0845
A denial of service vulnerability in the Android framework (syncstorageengine). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-35028827. Existe una vulnerabilidad de denegación de servicio en el framework de Android (syncstorageengine). • https://source.android.com/security/bulletin/pixel/2017-11-01 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2017-0848
https://notcve.org/view.php?id=CVE-2017-0848
An information disclosure vulnerability in the Android media framework (libeffects). Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-64477217. Existe una vulnerabilidad de divulgación de información en el media framework de Android (libeffects). • https://source.android.com/security/bulletin/pixel/2017-11-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2017-0853
https://notcve.org/view.php?id=CVE-2017-0853
An information disclosure vulnerability in the Android media framework (n/a). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-63121644. Existe una vulnerabilidad de divulgación de información en el media framework de Android (n/a). • https://source.android.com/security/bulletin/pixel/2017-11-01 •