CVSS: 5.5EPSS: 0%CPEs: 24EXPL: 0CVE-2017-0400
https://notcve.org/view.php?id=CVE-2017-0400
An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32584034. • http://www.securityfocus.com/bid/95226 https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac https://source.android.com/security/bulletin/2017-01-01.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8423
https://notcve.org/view.php?id=CVE-2016-8423
An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-31399736. • http://www.securityfocus.com/bid/95241 https://source.android.com/security/bulletin/2017-01-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 0CVE-2016-8436
https://notcve.org/view.php?id=CVE-2016-8436
An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.18. Android ID: A-32450261. • http://www.securityfocus.com/bid/95259 https://source.android.com/security/bulletin/2017-01-01.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 0%CPEs: 10EXPL: 0CVE-2017-0382
https://notcve.org/view.php?id=CVE-2017-0382
A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32338390. • http://www.securityfocus.com/bid/95247 https://source.android.com/security/bulletin/2017-01-01.html •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8445
https://notcve.org/view.php?id=CVE-2016-8445
An elevation of privilege vulnerability in MediaTek components, including the thermal driver and video driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31747590. • http://www.securityfocus.com/bid/95229 https://source.android.com/security/bulletin/2017-01-01.html • CWE-264: Permissions, Privileges, and Access Controls •