CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13285
https://notcve.org/view.php?id=CVE-2017-13285
04 Apr 2018 — In SvoxSsmlParser and startElement of svox_ssml_parser.cpp, there is a possible out of bounds write due to an uninitialized buffer. This could lead to remote code execution in an unprivileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • https://source.android.com/security/bulletin/2018-04-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-13288
https://notcve.org/view.php?id=CVE-2017-13288
04 Apr 2018 — In writeToParcel and readFromParcel of PeriodicAdvertisingReport.java, there is a permission bypass due to a 64/32bit int mismatch. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. • https://source.android.com/security/bulletin/2018-04-01 • CWE-682: Incorrect Calculation •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13301
https://notcve.org/view.php?id=CVE-2017-13301
04 Apr 2018 — A denial of service vulnerability in the Android system (system ui). Product: Android. Versions: 8.0. Android ID: A-66498711. Vulnerabilidad de denegación de servicio (DoS) en el sistema Android (system ui). • https://source.android.com/security/bulletin/pixel/2018-04-01 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13299
https://notcve.org/view.php?id=CVE-2017-13299
04 Apr 2018 — A other vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897394. Vulnerabilidad no especificada en el media framework de Android (libhavc). • https://source.android.com/security/bulletin/pixel/2018-04-01 •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13274
https://notcve.org/view.php?id=CVE-2017-13274
04 Apr 2018 — In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • https://source.android.com/security/bulletin/2018-04-01 • CWE-346: Origin Validation Error •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-13287
https://notcve.org/view.php?id=CVE-2017-13287
04 Apr 2018 — In createFromParcel of VerifyCredentialResponse.java, there is a possible invalid parcel read due to improper input validation. This could lead to local escalation of privilege if mPayload in writeToParcel were null, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • https://source.android.com/security/bulletin/2018-04-01 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2017-13281
https://notcve.org/view.php?id=CVE-2017-13281
04 Apr 2018 — In avrc_pars_browsing_cmd of avrc_pars_tg.cc, there is a possible stack buffer overflow due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. • https://source.android.com/security/bulletin/2018-04-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.2EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13290
https://notcve.org/view.php?id=CVE-2017-13290
04 Apr 2018 — In sdp_server_handle_client_req of sdp_server.cc, there is an out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • https://source.android.com/security/bulletin/2018-04-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2017-13286
https://notcve.org/view.php?id=CVE-2017-13286
04 Apr 2018 — In writeToParcel and readFromParcel of OutputConfiguration.java, there is a permission bypass due to mismatched serialization. This could lead to a local escalation of privilege where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. • https://github.com/UmVfX1BvaW50/CVE-2017-13286 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13267
https://notcve.org/view.php?id=CVE-2017-13267
04 Apr 2018 — In avrc_pars_vendor_cmd of avrc_pars_tg.cc, there is a possible stack corruption due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • https://source.android.com/security/bulletin/2018-04-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •