CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-13240
https://notcve.org/view.php?id=CVE-2017-13240
12 Feb 2018 — A information disclosure vulnerability in the Android framework (crypto framework). Product: Android. Versions: 8.0, 8.1. ID: A-68694819. Existe una vulnerabilidad de revelación de información en el framework de Android (crypto framework). • http://www.securityfocus.com/bid/103011 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-13241
https://notcve.org/view.php?id=CVE-2017-13241
12 Feb 2018 — A information disclosure vulnerability in the Android media framework (libstagefright_soft_avcenc). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-69065651. Existe una vulnerabilidad de revelación de información en el media framework de Android (libstagefright_soft_avcenc). • http://www.securityfocus.com/bid/103017 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13242
https://notcve.org/view.php?id=CVE-2017-13242
12 Feb 2018 — A information disclosure vulnerability in the Android system (bluetooth). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. ID: A-62672248. Existe una vulnerabilidad de divulgación de información en el sistema de Android (bluetooth). • http://www.securityfocus.com/bid/103014 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2017-13243 – Android OS FLAG_SECURE Information Disclosure
https://notcve.org/view.php?id=CVE-2017-13243
12 Feb 2018 — A information disclosure vulnerability in the Android system (ui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. ID: A-38258991. Existe una vulnerabilidad de divulgación de información en el sistema de Android (ui). • https://packetstorm.news/files/id/147887 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 2CVE-2017-13236 – Android - 'getpidcon' Permission Bypass in KeyStore Service
https://notcve.org/view.php?id=CVE-2017-13236
06 Feb 2018 — In the KeyStore service, there is a permissions bypass that allows access to protected resources. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. • https://packetstorm.news/files/id/146282 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 10%CPEs: 8EXPL: 0CVE-2017-13177
https://notcve.org/view.php?id=CVE-2017-13177
12 Jan 2018 — In several functions of libhevc, NEON registers are not preserved. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • http://www.securityfocus.com/bid/102414 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13180
https://notcve.org/view.php?id=CVE-2017-13180
12 Jan 2018 — In the onQueueFilled function of SoftAVCDec, there is a possible out-of-bounds write due to a use after free if a bad header causes the decoder to get caught in a loop while another thread frees the memory it's accessing. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • http://www.securityfocus.com/bid/102414 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2017-13181
https://notcve.org/view.php?id=CVE-2017-13181
12 Jan 2018 — In the doGetThumb and getThumbnail functions of MtpServer, there is a possible double free due to not NULLing out a freed pointer. This could lead to an local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • http://www.securityfocus.com/bid/102414 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-13182
https://notcve.org/view.php?id=CVE-2017-13182
12 Jan 2018 — In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to an out-of-bounds write. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. • http://www.securityfocus.com/bid/102414 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-13184
https://notcve.org/view.php?id=CVE-2017-13184
12 Jan 2018 — In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyncInjector. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. • http://www.securityfocus.com/bid/102414 • CWE-416: Use After Free •