CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13203
https://notcve.org/view.php?id=CVE-2017-13203
12 Jan 2018 — An information disclosure vulnerability in the Android media framework (libavc). Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-63122634. Existe una vulnerabilidad de divulgación de información en el media framework de Android (libavc). • https://android.googlesource.com/platform/external/libavc/+/e86d3cfd2bc28dac421092106751e5638d54a848 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-13189
https://notcve.org/view.php?id=CVE-2017-13189
12 Jan 2018 — A vulnerability in the Android media framework (libavc) related to handling dec_hdl memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68300072. Existe una vulnerabilidad en el framework media de Android (libavc) relacionado con la gestión de los fallos de asignación de memoria de dec_hdl. • https://android.googlesource.com/platform/external/libavc/+/5acaa6fc86c73a750e5f4900c4e2d44bf22f683a • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13212
https://notcve.org/view.php?id=CVE-2017-13212
12 Jan 2018 — An elevation of privilege vulnerability in the Android system (systemui). Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0. Android ID: A-62187985. Existe una vulnerabilidad de elevación de privilegios en el sistema de Android (systemui). • https://source.android.com/security/bulletin/pixel/2018-01-01 •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 1CVE-2017-13208
https://notcve.org/view.php?id=CVE-2017-13208
12 Jan 2018 — In receive_packet of libnetutils/packet.c, there is a possible out-of-bounds write due to a missing bounds check on the DHCP response. This could lead to remote code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • https://github.com/idanshechter/CVE-2017-13208-Scanner • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13180
https://notcve.org/view.php?id=CVE-2017-13180
12 Jan 2018 — In the onQueueFilled function of SoftAVCDec, there is a possible out-of-bounds write due to a use after free if a bad header causes the decoder to get caught in a loop while another thread frees the memory it's accessing. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • http://www.securityfocus.com/bid/102414 • CWE-416: Use After Free CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-13182
https://notcve.org/view.php?id=CVE-2017-13182
12 Jan 2018 — In the sendFormatChange function of ACodec, there is a possible integer overflow which could lead to an out-of-bounds write. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. • http://www.securityfocus.com/bid/102414 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2017-13190
https://notcve.org/view.php?id=CVE-2017-13190
12 Jan 2018 — A vulnerability in the Android media framework (libhevc) related to handling ps_codec_obj memory allocation failures. Product: Android. Versions: 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-68299873. Existe una vulnerabilidad en el framework media de Android (libhevc) relacionado con la gestión de los fallos de asignación de memoria de ps_codec_obj. • https://android.googlesource.com/platform/external/libhevc/+/3ed3c6b79a7b9a60c475dd4936ad57b0b92fd600 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-13199
https://notcve.org/view.php?id=CVE-2017-13199
12 Jan 2018 — In Bitmap.ccp if Bitmap.nativeCreate fails an out of memory exception is not thrown leading to a java.io.IOException later on. This could lead to a remote denial of service of a critical system process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. • http://www.securityfocus.com/bid/102414 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-13184
https://notcve.org/view.php?id=CVE-2017-13184
12 Jan 2018 — In the enableVSyncInjections function of SurfaceFlinger, there is a possible use after free of mVSyncInjector. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. • http://www.securityfocus.com/bid/102414 • CWE-416: Use After Free •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 2CVE-2017-13209 – Android - Hardware Service Manager Arbitrary Service Replacement due to getpidcon
https://notcve.org/view.php?id=CVE-2017-13209
11 Jan 2018 — In the ServiceManager::add function in the hardware service manager, there is an insecure permissions check based on the PID of the caller which could allow an application or service to replace a HAL service with its own service. This could lead to a local elevation of privilege enabling code execution as a privileged process with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. • https://packetstorm.news/files/id/145840 • CWE-862: Missing Authorization •