CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2017-0543
https://notcve.org/view.php?id=CVE-2017-0543
07 Apr 2017 — A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34097866. • http://www.securityfocus.com/bid/97330 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-0557
https://notcve.org/view.php?id=CVE-2017-0557
07 Apr 2017 — An information disclosure vulnerability in libmpeg2 in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-34093073. • http://www.securityfocus.com/bid/97332 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 28EXPL: 0CVE-2017-0544
https://notcve.org/view.php?id=CVE-2017-0544
07 Apr 2017 — An elevation of privilege vulnerability in CameraBase could enable a local malicious application to execute arbitrary code. This issue is rated as High because it is a local arbitrary code execution in a privileged process. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31992879. • http://www.securityfocus.com/bid/97337 • CWE-672: Operation on a Resource after Expiration or Release •
CVSS: 5.5EPSS: 0%CPEs: 28EXPL: 0CVE-2017-0547
https://notcve.org/view.php?id=CVE-2017-0547
07 Apr 2017 — An information disclosure vulnerability in libmedia in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33861560. • http://www.securityfocus.com/bid/97338 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 28EXPL: 0CVE-2017-0546
https://notcve.org/view.php?id=CVE-2017-0546
07 Apr 2017 — An elevation of privilege vulnerability in SurfaceFlinger could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32628763. • http://www.securityfocus.com/bid/97341 • CWE-476: NULL Pointer Dereference •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2017-0538
https://notcve.org/view.php?id=CVE-2017-0538
07 Apr 2017 — A remote code execution vulnerability in libavc in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33641588. • http://www.securityfocus.com/bid/97330 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0562
https://notcve.org/view.php?id=CVE-2017-0562
07 Apr 2017 — An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202425. • http://www.securityfocus.com/bid/97345 •
CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0566
https://notcve.org/view.php?id=CVE-2017-0566
07 Apr 2017 — An elevation of privilege vulnerability in the MediaTek camera driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28470975. • http://www.securityfocus.com/bid/97351 •
CVSS: 7.6EPSS: 0%CPEs: 11EXPL: 0CVE-2017-0553 – libnl: Integer overflow in nlmsg_reserve()
https://notcve.org/view.php?id=CVE-2017-0553
07 Apr 2017 — An elevation of privilege vulnerability in libnl could enable a local malicious application to execute arbitrary code within the context of the Wi-Fi service. This issue is rated as Moderate because it first requires compromising a privileged process and is mitigated by current platform configurations. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32342065. • http://git.infradead.org/users/tgr/libnl.git/commit/3e18948f17148e6a3c4255bdeaaf01ef6081ceeb • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 1CVE-2017-0554
https://notcve.org/view.php?id=CVE-2017-0554
07 Apr 2017 — An elevation of privilege vulnerability in the Telephony component could enable a local malicious application to access capabilities outside of its permission levels. This issue is rated as Moderate because it could be used to gain access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33815946. • https://github.com/lanrat/tethr • CWE-862: Missing Authorization •