CVSS: 7.6EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6249
https://notcve.org/view.php?id=CVE-2017-6249
An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34373711. • http://www.securityfocus.com/bid/99616 http://www.securitytracker.com/id/1038623 https://source.android.com/security/bulletin/2017-06-01 •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7953
https://notcve.org/view.php?id=CVE-2014-7953
Race condition in the bindBackupAgent method in the ActivityManagerService in Android 4.4.4 allows local users with adb shell access to execute arbitrary code or any valid package as system by running "pm install" with the target apk, and simultaneously running a crafted script to process logcat's output looking for a dexopt line, which once found should execute bindBackupAgent with the uid member of the ApplicationInfo parameter set to 1000. Condición de carrera en el método bindBackupAgent en el ActivityManagerService en Android 4.4.4 permite a los usuarios locales con un shell adb ejecutar un código arbitrario o cualquier paquete válido como sistema mediante la ejecución de "pm install " con un objetivo apk, y simultáneamente ejecutando un script manipulado al proceso de salida de logcat buscando la línea dexopt, el cual una vez encontrada debiera ejecutar bindBackupAgent con el miembro uid de los parámetros puesto a 1000 de ApplicationInfo. • http://seclists.org/fulldisclosure/2015/Apr/52 http://www.securityfocus.com/archive/1/535296/100/1100/threaded http://www.securityfocus.com/bid/74213 https://android.googlesource.com/platform/frameworks/base/+/a8f6d1b%5E%21 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 9.3EPSS: 0%CPEs: 8EXPL: 0CVE-2017-0666
https://notcve.org/view.php?id=CVE-2017-0666
A elevation of privilege vulnerability in the Android framework. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-37285689. Una vulnerabilidad de elevación de privilegios en el Framework de Android. • http://www.securityfocus.com/bid/99470 https://source.android.com/security/bulletin/2017-07-01 • CWE-682: Incorrect Calculation •
CVSS: 9.3EPSS: 0%CPEs: 5EXPL: 0CVE-2017-0677
https://notcve.org/view.php?id=CVE-2017-0677
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36035074. Una vulnerabilidad de ejecución remota de código en el Framework de medios de Android. • http://www.securityfocus.com/bid/99478 https://source.android.com/security/bulletin/2017-07-01 •
CVSS: 9.3EPSS: 0%CPEs: 4EXPL: 0CVE-2017-0675
https://notcve.org/view.php?id=CVE-2017-0675
A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-34779227. Una vulnerabilidad de ejecución remota de código en el Framework de medios de Android. • http://www.securityfocus.com/bid/99478 https://source.android.com/security/bulletin/2017-07-01 • CWE-20: Improper Input Validation •