CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 3CVE-2017-0478
https://notcve.org/view.php?id=CVE-2017-0478
08 Mar 2017 — A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33718716. • https://github.com/bingghost/CVE-2017-0478 •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0522
https://notcve.org/view.php?id=CVE-2017-0522
08 Mar 2017 — An elevation of privilege vulnerability in a MediaTek APK could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High due to the possibility of local arbitrary code execution in a privileged process. Product: Android. Versions: N/A. Android ID: A-32916158. • http://www.securityfocus.com/bid/96798 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0529
https://notcve.org/view.php?id=CVE-2017-0529
08 Mar 2017 — An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-28449427. • http://www.securityfocus.com/bid/96810 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 28EXPL: 0CVE-2017-0481
https://notcve.org/view.php?id=CVE-2017-0481
08 Mar 2017 — An elevation of privilege vulnerability in NFC could enable a proximate attacker to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33434992. • http://www.securityfocus.com/bid/96765 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.1EPSS: 0%CPEs: 5EXPL: 0CVE-2017-0487
https://notcve.org/view.php?id=CVE-2017-0487
08 Mar 2017 — A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33751193. • http://www.securityfocus.com/bid/96733 •
CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2017-0495
https://notcve.org/view.php?id=CVE-2017-0495
08 Mar 2017 — An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33552073. • http://www.securityfocus.com/bid/96796 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2017-0474
https://notcve.org/view.php?id=CVE-2017-0474
08 Mar 2017 — A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32589224. • http://www.securityfocus.com/bid/96717 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 0%CPEs: 28EXPL: 0CVE-2017-0475
https://notcve.org/view.php?id=CVE-2017-0475
08 Mar 2017 — An elevation of privilege vulnerability in the recovery verifier could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31914369. • http://www.securityfocus.com/bid/96716 • CWE-20: Improper Input Validation •
CVSS: 9.3EPSS: 0%CPEs: 28EXPL: 0CVE-2017-0480
https://notcve.org/view.php?id=CVE-2017-0480
08 Mar 2017 — An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32705429. • http://www.securityfocus.com/bid/96958 •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2017-0473
https://notcve.org/view.php?id=CVE-2017-0473
08 Mar 2017 — A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33982658. • http://www.securityfocus.com/bid/96717 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •