| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
251 |
CVE-2017-0428 |
264 |
|
Exec Code |
2017-02-08 |
2017-07-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10. Android ID: A-32401526. References: N-CVE-2017-0428. |
|
252 |
CVE-2017-0427 |
264 |
|
Exec Code |
2017-02-08 |
2017-07-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-31495866. |
|
253 |
CVE-2017-0426 |
200 |
|
+Info |
2017-02-08 |
2017-07-24 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Filesystem could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-32799236. |
|
254 |
CVE-2017-0425 |
200 |
|
+Info |
2017-02-08 |
2017-07-24 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32720785. |
|
255 |
CVE-2017-0424 |
200 |
|
Bypass +Info |
2017-02-08 |
2017-07-24 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in AOSP Messaging could enable a remote attacker using a special crafted file to access data outside of its permission levels. This issue is rated as Moderate because it is a general bypass for a user level defense in depth or exploit mitigation technology in a privileged process. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322450. |
|
256 |
CVE-2017-0423 |
264 |
|
|
2017-02-08 |
2017-07-24 |
2.9 |
None |
Local Network |
Medium |
Not required |
Partial |
None |
None |
|
An elevation of privilege vulnerability in Bluetooth could enable a proximate attacker to manage access to documents on the device. This issue is rated as Moderate because it first requires exploitation of a separate vulnerability in the Bluetooth stack. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32612586. |
|
257 |
CVE-2017-0422 |
20 |
|
DoS |
2017-02-08 |
2017-07-24 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
A denial of service vulnerability in Bionic DNS could enable a remote attacker to use a specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32322088. |
|
258 |
CVE-2017-0421 |
200 |
|
Bypass +Info |
2017-02-08 |
2017-07-24 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the Framework APIs could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32555637. |
|
259 |
CVE-2017-0420 |
200 |
|
Bypass +Info |
2017-02-08 |
2017-07-24 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in AOSP Mail could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32615212. |
|
260 |
CVE-2017-0419 |
264 |
|
Exec Code +Priv |
2017-02-08 |
2017-07-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32220769. |
|
261 |
CVE-2017-0418 |
264 |
|
Exec Code +Priv |
2017-02-08 |
2017-07-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32703959. |
|
262 |
CVE-2017-0417 |
264 |
|
Exec Code +Priv |
2017-02-08 |
2017-07-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32705438. |
|
263 |
CVE-2017-0416 |
264 |
|
Exec Code +Priv |
2017-02-08 |
2017-07-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32886609. |
|
264 |
CVE-2017-0415 |
264 |
|
Exec Code +Priv |
2017-02-08 |
2017-07-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32706020. |
|
265 |
CVE-2017-0414 |
200 |
|
Bypass +Info |
2017-02-08 |
2017-07-24 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32807795. |
|
266 |
CVE-2017-0413 |
200 |
|
Bypass +Info |
2017-02-08 |
2017-07-24 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in AOSP Messaging could enable a local malicious application to bypass operating system protections that isolate application data from other applications. This issue is rated as High because it could be used to gain access to data that the application does not have access to. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32161610. |
|
267 |
CVE-2017-0412 |
264 |
|
Exec Code +Priv |
2017-02-08 |
2017-07-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33039926. |
|
268 |
CVE-2017-0411 |
264 |
|
Exec Code +Priv |
2017-02-08 |
2017-07-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33042690. |
|
269 |
CVE-2017-0410 |
264 |
|
Exec Code +Priv |
2017-02-08 |
2017-07-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31929765. |
|
270 |
CVE-2017-0409 |
284 |
|
Exec Code |
2017-02-08 |
2017-07-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A remote code execution vulnerability in libstagefright could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-31999646. |
|
271 |
CVE-2017-0408 |
284 |
|
Exec Code |
2017-02-08 |
2017-07-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A remote code execution vulnerability in libgdx could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses this library. Product: Android. Versions: 7.1.1. Android ID: A-32769670. |
|
272 |
CVE-2017-0407 |
119 |
|
Exec Code Overflow Mem. Corr. |
2017-02-08 |
2017-07-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32873375. |
|
273 |
CVE-2017-0406 |
119 |
|
Exec Code Overflow Mem. Corr. |
2017-02-08 |
2017-07-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability in Mediaserver could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Mediaserver process. This affects the libhevc library. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32915871. |
|
274 |
CVE-2017-0405 |
119 |
|
Exec Code Overflow Mem. Corr. |
2017-02-08 |
2017-07-24 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
A remote code execution vulnerability in Surfaceflinger could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue is rated as Critical due to the possibility of remote code execution within the context of the Surfaceflinger process. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-31960359. |
|
275 |
CVE-2017-0402 |
200 |
|
+Info |
2017-01-12 |
2017-01-17 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32436341. |
|
276 |
CVE-2017-0401 |
200 |
|
+Info |
2017-01-12 |
2017-01-17 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32588016. |
|
277 |
CVE-2017-0400 |
200 |
|
+Info |
2017-01-12 |
2017-01-17 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32584034. |
|
278 |
CVE-2017-0399 |
200 |
|
+Info |
2017-01-12 |
2017-01-17 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in the Qualcomm audio post processor could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32588756. |
|
279 |
CVE-2017-0398 |
200 |
|
+Info |
2017-01-13 |
2017-01-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in Audioserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android IDs: A-32438594, A-32635664. |
|
280 |
CVE-2017-0397 |
200 |
|
+Info |
2017-01-12 |
2017-01-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in id3/ID3.cpp in libstagefright in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32377688. |
|
281 |
CVE-2017-0396 |
200 |
|
+Info |
2017-01-12 |
2017-01-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in visualizer/EffectVisualizer.cpp in libeffects in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31781965. |
|
282 |
CVE-2017-0395 |
264 |
|
Bypass |
2017-01-12 |
2017-01-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
An elevation of privilege vulnerability in Contacts could enable a local malicious application to silently create contact information. This issue is rated as Moderate because it is a local bypass of user interaction requirements (access to functionality that would normally require either user initiation or user permission). Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32219099. |
|
283 |
CVE-2017-0394 |
284 |
|
DoS |
2017-01-12 |
2017-01-18 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
A denial of service vulnerability in Telephony could enable a remote attacker to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31752213. |
|
284 |
CVE-2017-0393 |
284 |
|
DoS |
2017-01-12 |
2017-01-18 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
A denial of service vulnerability in libvpx in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-30436808. |
|
285 |
CVE-2017-0392 |
284 |
|
DoS |
2017-01-12 |
2017-01-18 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
A denial of service vulnerability in VBRISeeker.cpp in libstagefright in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32577290. |
|
286 |
CVE-2017-0391 |
284 |
|
DoS |
2017-01-12 |
2017-07-07 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
A denial of service vulnerability in decoder/ihevcd_decode.c in libhevc in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32322258. |
|
287 |
CVE-2017-0390 |
284 |
|
DoS |
2017-01-12 |
2017-01-18 |
7.1 |
None |
Remote |
Medium |
Not required |
None |
None |
Complete |
|
A denial of service vulnerability in Tremolo/dpen.s in Mediaserver could enable a remote attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31647370. |
|
288 |
CVE-2017-0389 |
20 |
|
DoS |
2017-01-12 |
2017-01-17 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
A denial of service vulnerability in core networking could enable a remote attacker to use specially crafted network packet to cause a device hang or reboot. This issue is rated as High due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31850211. |
|
289 |
CVE-2017-0388 |
200 |
|
Bypass +Info |
2017-01-12 |
2017-01-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
An elevation of privilege vulnerability in the External Storage Provider could enable a local secondary user to read data from an external storage SD card inserted by the primary user. This issue is rated as High because it is a general bypass for operating system protections that isolate application data from other applications. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32523490. |
|
290 |
CVE-2017-0387 |
264 |
|
Exec Code +Priv |
2017-01-12 |
2017-01-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in Mediaserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32660278. |
|
291 |
CVE-2017-0386 |
264 |
|
Exec Code +Priv |
2017-01-12 |
2017-01-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the libnl library could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32255299. |
|
292 |
CVE-2017-0385 |
264 |
|
Exec Code +Priv |
2017-01-12 |
2017-01-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32585400. |
|
293 |
CVE-2017-0384 |
264 |
|
Exec Code +Priv |
2017-01-12 |
2017-01-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in lvm/wrapper/Bundle/EffectBundle.cpp in libeffects in Audioserver could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32095626. |
|
294 |
CVE-2017-0383 |
264 |
|
Exec Code +Priv |
2017-01-12 |
2017-01-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the Framework APIs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Product: Android. Versions: 7.0, 7.1. Android ID: A-31677614. |
|
295 |
CVE-2017-0382 |
284 |
|
Exec Code |
2017-01-12 |
2017-01-18 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A remote code execution vulnerability in the Framesequence library could enable an attacker using a specially crafted file to execute arbitrary code in the context of an unprivileged process. This issue is rated as High due to the possibility of remote code execution in an application that uses the Framesequence library. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-32338390. |
|
296 |
CVE-2017-0381 |
119 |
|
Overflow |
2017-01-12 |
2017-06-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An information disclosure vulnerability in silk/NLSF_stabilize.c in libopus in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1. Android ID: A-31607432. |
|
297 |
CVE-2017-0340 |
264 |
|
Exec Code Mem. Corr. |
2017-07-07 |
2017-07-17 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the NVIDIA Libnvparser component due to a memcpy into a fixed sized buffer with a user-controlled size could lead to a memory corruption and possible remote code execution. This issue is rated as High. Product: Android. Version: N/A. Android ID: A-33968204. References: N-CVE-2017-0340. |
|
298 |
CVE-2017-0331 |
264 |
|
Exec Code |
2017-05-02 |
2017-05-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An elevation of privilege vulnerability in the NVIDIA video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel 3.10. Android ID: A-34113000. References: N-CVE-2017-0331. |
|
299 |
CVE-2017-0326 |
200 |
|
+Info |
2017-07-07 |
2017-07-26 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
An information disclosure vulnerability in the NVIDIA Video Driver due to an out-of-bounds read function in the Tegra Display Controller driver could result in possible information disclosure. This issue is rated as Moderate. Product: Android. Version: N/A. Android ID: A-33718700. References: N-CVE-2017-0326. |
|
300 |
CVE-2016-10398 |
264 |
|
Bypass |
2017-07-17 |
2017-07-21 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Android 6.0 has an authentication bypass for attackers with root and physical access. Cryptographic authentication tokens (AuthTokens) used by the Trusted Execution Environment (TEE) are protected by a weak challenge. This allows adversaries to replay previously captured responses and use the TEE without authenticating. All apps using authentication-gated cryptography are vulnerable to this attack, which was confirmed on the LG Nexus 5X. |
