CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-13313
https://notcve.org/view.php?id=CVE-2017-13313
15 Nov 2024 — In ElementaryStreamQueue::dequeueAccessUnitMPEG4Video of ESQueue.cpp, there is a possible infinite loop leading to resource exhaustion due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is needed for exploitation. • https://source.android.com/security/bulletin/2018-05-01 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-13314
https://notcve.org/view.php?id=CVE-2017-13314
15 Nov 2024 — In setAllowOnlyVpnForUids of NetworkManagementService.java, there is a possible security settings bypass due to a missing permission check. This could lead to local escalation of privilege allowing users to access non-VPN networks, when they are supposed to be restricted to the VPN networks, with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2018-05-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13312
https://notcve.org/view.php?id=CVE-2017-13312
15 Nov 2024 — In createFromParcel of MediaCas.java, there is a possible parcel read/write mismatch due to improper input validation. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2018-05-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2017-13311
https://notcve.org/view.php?id=CVE-2017-13311
15 Nov 2024 — In the read() function of ProcessStats.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2018-05-01 • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-13310
https://notcve.org/view.php?id=CVE-2017-13310
15 Nov 2024 — In createFromParcel of ViewPager.java, there is a possible read/write serialization issue leading to a permissions bypass. This could lead to local escalation of privilege where an app can start an activity with system privileges with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2018-05-01 • CWE-276: Incorrect Default Permissions •
CVSS: 6.2EPSS: 0%CPEs: 1EXPL: 0CVE-2017-13309
https://notcve.org/view.php?id=CVE-2017-13309
15 Nov 2024 — In readEncryptedData of ConscryptEngine.java, there is a possible plaintext leak due to improperly used crypto. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2018-05-01 •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2017-13227
https://notcve.org/view.php?id=CVE-2017-13227
14 Nov 2024 — In the autofill service, the package name that is provided by the app process is trusted inappropriately. This could lead to information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. • https://source.android.com/security/bulletin/2018-06-01 •
CVSS: 6.3EPSS: 28%CPEs: 28EXPL: 8CVE-2023-45866 – bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution
https://notcve.org/view.php?id=CVE-2023-45866
07 Dec 2023 — Bluetooth HID Hosts in BlueZ may permit an unauthenticated Peripheral role HID Device to initiate and establish an encrypted connection, and accept HID keyboard reports, potentially permitting injection of HID messages when no user interaction has occurred in the Central role to authorize such access. An example affected package is bluez 5.64-0ubuntu1 in Ubuntu 22.04LTS. NOTE: in some cases, a CVE-2020-0556 mitigation would have already addressed this Bluetooth HID Hosts issue. Bluetooth HID Hosts in BlueZ ... • https://github.com/pentestfunctions/BlueDucky • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45780
https://notcve.org/view.php?id=CVE-2023-45780
30 Oct 2023 — In Print Service, there is a possible background activity launch due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. En Print Service, existe un posible inicio de actividad en segundo plano debido a un error lógico en el código. Esto podría conducir a una escalada local de privilegios sin necesidad de permisos de ejecución adicionales. • https://source.android.com/docs/security/bulletin/android-14 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40101
https://notcve.org/view.php?id=CVE-2023-40101
30 Oct 2023 — In collapse of canonicalize_md.c, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. En collapse de canonicalize_md.c, hay una posible lectura fuera de los límites debido a una verificación de los límites faltantes. Esto podría dar lugar a la divulgación de información local sin necesidad de privilegios de ejecución adicionales. • https://source.android.com/docs/security/bulletin/android-14 • CWE-125: Out-of-bounds Read •