CVSS: 7.8EPSS: 0%CPEs: 29EXPL: 0CVE-2017-0731
https://notcve.org/view.php?id=CVE-2017-0731
A elevation of privilege vulnerability in the Android media framework (mpeg4 encoder). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36075363. Existe una vulnerabilidad de elevación de privilegios en el media framework de Android (mpeg4 encoder). • http://www.securityfocus.com/bid/100204 https://source.android.com/security/bulletin/2017-08-01 • CWE-763: Release of Invalid Pointer or Reference •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-0750
https://notcve.org/view.php?id=CVE-2017-0750
A elevation of privilege vulnerability in the Upstream Linux file system. Product: Android. Versions: Android kernel. Android ID: A-36817013. Existe una vulnerabilidad de elevación de privilegios en el sistema de archivos Upstream Linux. • http://www.securityfocus.com/bid/100215 https://bugzilla.novell.com/show_bug.cgi?id=1053160 https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-0750.html https://security-tracker.debian.org/tracker/CVE-2017-0750 https://source.android.com/security/bulletin/2017-08-01 https://usn.ubuntu.com/3583-1 https://usn.ubuntu.com/3583-2 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2015-3839
https://notcve.org/view.php?id=CVE-2015-3839
The updateMessageStatus function in Android 5.1.1 and earlier allows local users to cause a denial of service (NULL pointer exception and process crash). La función updateMessageStatus en Android 5.1.1 y anteriores permite que usuarios locales provoquen una denegación de servicio (excepción de puntero nulo y caída de procesos). • http://blog.trendmicro.com/trendlabs-security-intelligence/os-x-zero-days-on-the-rise-a-2015-midyear-review-on-advanced-attack-surfaces http://blog.trendmicro.com/trendlabs-security-intelligence/two-new-android-bugs-mess-up-messaging-may-lead-to-multiple-send-charges http://www.securityfocus.com/bid/100158 https://huntcve.github.io/2017/02/13/cveupdate • CWE-476: NULL Pointer Dereference •
CVSS: 5.9EPSS: 0%CPEs: 4EXPL: 0CVE-2017-2278
https://notcve.org/view.php?id=CVE-2017-2278
The RBB SPEED TEST App for Android version 2.0.3 and earlier, RBB SPEED TEST App for iOS version 2.1.0 and earlier does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Las versiones 2.0.3 y anteriores de la aplicación RBB SPEED TEST App para Android, así como las versiones 2.1.0 y anteriores para iOS no verifican certificados X.509 desde servidores SSL. Esto permite a los atacantes que realicen Man-in-the-Middle (MitM) suplantar servidores y obtener información sensible utilizando un certificado manipulado. • http://www.iid.co.jp/information/170714.html https://jvn.jp/en/jp/JVN24238648/index.html • CWE-295: Improper Certificate Validation •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10398
https://notcve.org/view.php?id=CVE-2016-10398
Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by a weak challenge. This allows adversaries to replay previously captured responses and use the TEE without authenticating. All apps using authentication-gated cryptography are vulnerable to this attack, which was confirmed on the LG Nexus 5X. Android versión 6.0, presenta un bypass de autenticación para los atacantes con acceso root y físico. • https://homepages.staff.os3.nl/~delaat/rp/2015-2016/p30/report.pdf • CWE-264: Permissions, Privileges, and Access Controls •