CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13284
https://notcve.org/view.php?id=CVE-2017-13284
04 Apr 2018 — In config_set_string of config.cc, it is possible to pair a second BT keyboard without user approval due to improper input validation. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • https://source.android.com/security/bulletin/2018-04-01 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13280
https://notcve.org/view.php?id=CVE-2017-13280
04 Apr 2018 — In the FrameSequence_gif::FrameSequence_gif function of libframesequence, there is a out of bounds read due to a missing bounds check. This could lead to a remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • https://source.android.com/security/bulletin/2018-04-01 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-13291
https://notcve.org/view.php?id=CVE-2017-13291
04 Apr 2018 — In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible NULL pointer dereference due to missing bounds checks. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • https://source.android.com/security/bulletin/2018-04-01 • CWE-476: NULL Pointer Dereference •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13298
https://notcve.org/view.php?id=CVE-2017-13298
04 Apr 2018 — A information disclosure vulnerability in the Android media framework (libhavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-72117051. Existe una vulnerabilidad de revelación de información en el media framework de Android (libhavc). • https://source.android.com/security/bulletin/pixel/2018-04-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13276
https://notcve.org/view.php?id=CVE-2017-13276
04 Apr 2018 — In CProgramConfig_ReadHeightExt of tpdec_asc.cpp, there is a possible stack buffer overflow due to a missing bounds check. This could lead to a remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • https://source.android.com/security/bulletin/2018-04-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13279
https://notcve.org/view.php?id=CVE-2017-13279
04 Apr 2018 — In M3UParser::parse of M3UParser.cpp, there is a memory resource exhaustion due to a large loop of pushing items into a vector. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • https://source.android.com/security/bulletin/2018-04-01 • CWE-834: Excessive Iteration •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13289
https://notcve.org/view.php?id=CVE-2017-13289
04 Apr 2018 — In writeToParcel and createFromParcel of RttManager.java, there is a permission bypass due to a write size mismatch. This could lead to a local escalation of privileges where the user can start an activity with system privileges, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • https://source.android.com/security/bulletin/2018-04-01 • CWE-131: Incorrect Calculation of Buffer Size •
CVSS: 10.0EPSS: 0%CPEs: 5EXPL: 0CVE-2017-13282
https://notcve.org/view.php?id=CVE-2017-13282
04 Apr 2018 — In avrc_ctrl_pars_vendor_rsp of avrc_pars_ct.cc, there is a possible stack buffer overflow due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • https://source.android.com/security/bulletin/2018-04-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13277
https://notcve.org/view.php?id=CVE-2017-13277
04 Apr 2018 — In ihevcd_fmt_conv of ihevcd_fmt_conv.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • https://source.android.com/security/bulletin/2018-04-01 • CWE-787: Out-of-bounds Write •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13296
https://notcve.org/view.php?id=CVE-2017-13296
04 Apr 2018 — A information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-70897454. Vulnerabilidad de divulgación de información en el media framework de Android (libavc). • https://source.android.com/security/bulletin/pixel/2018-04-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •