CVSS: 7.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13278
https://notcve.org/view.php?id=CVE-2017-13278
In MediaPlayerService::Client::notify of MediaPlayerService.cpp, there is a possible use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • https://source.android.com/security/bulletin/2018-04-01 • CWE-416: Use After Free •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13295
https://notcve.org/view.php?id=CVE-2017-13295
A denial of service vulnerability in the Android framework (package installer). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-62537081. Existe una vulnerabilidad de denegación de servicio (DoS) en el framework de Android (package installer). • https://source.android.com/security/bulletin/pixel/2018-04-01 • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13274
https://notcve.org/view.php?id=CVE-2017-13274
In the getHost() function of UriTest.java, there is the possibility of incorrect web origin determination. This could lead to incorrect security decisions with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • https://source.android.com/security/bulletin/2018-04-01 • CWE-346: Origin Validation Error •
CVSS: 5.3EPSS: 0%CPEs: 7EXPL: 0CVE-2017-13297
https://notcve.org/view.php?id=CVE-2017-13297
A information disclosure vulnerability in the Android media framework (libhevc). Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. Android ID: A-71766721. Existe una vulnerabilidad de revelación de información en el media framework de Android (libhevc). • https://source.android.com/security/bulletin/pixel/2018-04-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 2CVE-2017-13261 – Android Bluetooth - BNEP BNEP_SETUP_CONNECTION_REQUEST_MSG Out-of-Bounds Read
https://notcve.org/view.php?id=CVE-2017-13261
In bnep_process_control_packet of bnep_utils.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1. • https://www.exploit-db.com/exploits/44327 https://www.exploit-db.com/exploits/44326 http://www.securityfocus.com/bid/103253 https://source.android.com/security/bulletin/2018-03-01 • CWE-125: Out-of-bounds Read •