Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2017-AVI-066
Vulnerability from certfr_avis - Published: 2017-03-07 - Updated: 2017-03-07
De multiples vulnérabilités ont été corrigées dans Google Android (Nexus). Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Google Android (Nexus) toutes versions n'intégrant pas le correctif de sécurité du 6 mars 2017
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eGoogle Android (Nexus) toutes versions n\u0027int\u00e9grant pas le correctif de s\u00e9curit\u00e9 du 6 mars 2017\u003c/P\u003e",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-0520",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0520"
},
{
"name": "CVE-2017-0478",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0478"
},
{
"name": "CVE-2017-0516",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0516"
},
{
"name": "CVE-2017-0489",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0489"
},
{
"name": "CVE-2017-0536",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0536"
},
{
"name": "CVE-2017-0499",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0499"
},
{
"name": "CVE-2017-0476",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0476"
},
{
"name": "CVE-2017-0531",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0531"
},
{
"name": "CVE-2017-0495",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0495"
},
{
"name": "CVE-2017-0525",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0525"
},
{
"name": "CVE-2017-0510",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0510"
},
{
"name": "CVE-2017-0523",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0523"
},
{
"name": "CVE-2017-0306",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0306"
},
{
"name": "CVE-2017-0453",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0453"
},
{
"name": "CVE-2017-0337",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0337"
},
{
"name": "CVE-2017-0473",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0473"
},
{
"name": "CVE-2017-0471",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0471"
},
{
"name": "CVE-2016-8487",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8487"
},
{
"name": "CVE-2017-0334",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0334"
},
{
"name": "CVE-2016-9793",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9793"
},
{
"name": "CVE-2017-0534",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0534"
},
{
"name": "CVE-2017-0458",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0458"
},
{
"name": "CVE-2017-0479",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0479"
},
{
"name": "CVE-2017-0498",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0498"
},
{
"name": "CVE-2016-8417",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8417"
},
{
"name": "CVE-2016-8650",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8650"
},
{
"name": "CVE-2017-0497",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0497"
},
{
"name": "CVE-2017-0457",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0457"
},
{
"name": "CVE-2017-0467",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0467"
},
{
"name": "CVE-2017-0492",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0492"
},
{
"name": "CVE-2017-0338",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0338"
},
{
"name": "CVE-2017-0509",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0509"
},
{
"name": "CVE-2017-0480",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0480"
},
{
"name": "CVE-2017-0535",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0535"
},
{
"name": "CVE-2017-0533",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0533"
},
{
"name": "CVE-2017-0464",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0464"
},
{
"name": "CVE-2017-0459",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0459"
},
{
"name": "CVE-2014-8709",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8709"
},
{
"name": "CVE-2017-0392",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0392"
},
{
"name": "CVE-2017-0475",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0475"
},
{
"name": "CVE-2017-0529",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0529"
},
{
"name": "CVE-2017-0460",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0460"
},
{
"name": "CVE-2017-0333",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0333"
},
{
"name": "CVE-2017-0503",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0503"
},
{
"name": "CVE-2017-0487",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0487"
},
{
"name": "CVE-2017-0518",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0518"
},
{
"name": "CVE-2016-8416",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8416"
},
{
"name": "CVE-2017-0524",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0524"
},
{
"name": "CVE-2017-0461",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0461"
},
{
"name": "CVE-2017-0481",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0481"
},
{
"name": "CVE-2017-0532",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0532"
},
{
"name": "CVE-2017-0500",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0500"
},
{
"name": "CVE-2017-0456",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0456"
},
{
"name": "CVE-2016-8413",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8413"
},
{
"name": "CVE-2017-0468",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0468"
},
{
"name": "CVE-2017-0486",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0486"
},
{
"name": "CVE-2017-0506",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0506"
},
{
"name": "CVE-2016-8486",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8486"
},
{
"name": "CVE-2016-8484",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8484"
},
{
"name": "CVE-2017-0335",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0335"
},
{
"name": "CVE-2016-8485",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8485"
},
{
"name": "CVE-2016-8488",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8488"
},
{
"name": "CVE-2017-0501",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0501"
},
{
"name": "CVE-2017-0522",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0522"
},
{
"name": "CVE-2017-0488",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0488"
},
{
"name": "CVE-2017-0517",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0517"
},
{
"name": "CVE-2017-0483",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0483"
},
{
"name": "CVE-2016-1020",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-1020"
},
{
"name": "CVE-2017-0470",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0470"
},
{
"name": "CVE-2016-8479",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8479"
},
{
"name": "CVE-2016-9806",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9806"
},
{
"name": "CVE-2017-0482",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0482"
},
{
"name": "CVE-2016-8655",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8655"
},
{
"name": "CVE-2017-0521",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0521"
},
{
"name": "CVE-2017-0504",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0504"
},
{
"name": "CVE-2017-0484",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0484"
},
{
"name": "CVE-2017-0507",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0507"
},
{
"name": "CVE-2017-0527",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0527"
},
{
"name": "CVE-2017-0452",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0452"
},
{
"name": "CVE-2017-0472",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0472"
},
{
"name": "CVE-2016-5856",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5856"
},
{
"name": "CVE-2017-0469",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0469"
},
{
"name": "CVE-2017-0463",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0463"
},
{
"name": "CVE-2017-0307",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0307"
},
{
"name": "CVE-2017-0505",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0505"
},
{
"name": "CVE-2017-0519",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0519"
},
{
"name": "CVE-2017-0474",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0474"
},
{
"name": "CVE-2016-8483",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8483"
},
{
"name": "CVE-2017-0526",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0526"
},
{
"name": "CVE-2016-8478",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8478"
},
{
"name": "CVE-2017-0496",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0496"
},
{
"name": "CVE-2017-0466",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0466"
},
{
"name": "CVE-2016-2182",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-2182"
},
{
"name": "CVE-2017-0537",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0537"
},
{
"name": "CVE-2017-0494",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0494"
},
{
"name": "CVE-2017-0490",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0490"
},
{
"name": "CVE-2017-0390",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0390"
},
{
"name": "CVE-2017-0336",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0336"
},
{
"name": "CVE-2016-5857",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5857"
},
{
"name": "CVE-2017-0502",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0502"
},
{
"name": "CVE-2017-0455",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0455"
},
{
"name": "CVE-2017-0477",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0477"
},
{
"name": "CVE-2016-8477",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8477"
},
{
"name": "CVE-2017-0491",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0491"
},
{
"name": "CVE-2017-0485",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0485"
},
{
"name": "CVE-2017-0508",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0508"
},
{
"name": "CVE-2017-0528",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-0528"
}
],
"initial_release_date": "2017-03-07T00:00:00",
"last_revision_date": "2017-03-07T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-066",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2017-03-07T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Android (Nexus)\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer un probl\u00e8me de s\u00e9curit\u00e9 non\nsp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de code arbitraire \u00e0 distance et\nun d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android (Nexus)",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Android du 06 mars 2017",
"url": "http://source.android.com/security/bulletin/2017-03-01.html"
}
]
}
CVE-2017-0495 (GCVE-0-2017-0495)
Vulnerability from cvelistv5 – Published: 2017-03-08 01:00 – Updated: 2024-08-05 13:11
VLAI
EPSS
Summary
An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33552073.
Severity
No CVSS data available.
CWE
- Information disclosure
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037968 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/96796 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
Android-6.0
Affected: Android-6.0.1 Affected: Android-7.0 Affected: Android-7.1.1 |
Date Public
2017-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:11:05.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96796",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96796"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "Android-6.0"
},
{
"status": "affected",
"version": "Android-6.0.1"
},
{
"status": "affected",
"version": "Android-7.0"
},
{
"status": "affected",
"version": "Android-7.1.1"
}
]
}
],
"datePublic": "2017-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33552073."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Information disclosure",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96796",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96796"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0495",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-6.0"
},
{
"version_value": "Android-6.0.1"
},
{
"version_value": "Android-7.0"
},
{
"version_value": "Android-7.1.1"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33552073."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96796",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96796"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2017-0495",
"datePublished": "2017-03-08T01:00:00.000Z",
"dateReserved": "2016-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:11:05.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0496 (GCVE-0-2017-0496)
Vulnerability from cvelistv5 – Published: 2017-03-08 01:00 – Updated: 2024-08-05 13:11
VLAI
EPSS
Summary
A denial of service vulnerability in Setup Wizard could allow a local malicious application to temporarily block access to an affected device. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-31554152.
Severity
No CVSS data available.
CWE
- Denial of service
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037968 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/96788 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
Android-5.0.2
Affected: Android-5.1.1 Affected: Android-6.0 Affected: Android-6.0.1 |
Date Public
2017-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:11:05.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96788",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96788"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "Android-5.0.2"
},
{
"status": "affected",
"version": "Android-5.1.1"
},
{
"status": "affected",
"version": "Android-6.0"
},
{
"status": "affected",
"version": "Android-6.0.1"
}
]
}
],
"datePublic": "2017-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability in Setup Wizard could allow a local malicious application to temporarily block access to an affected device. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-31554152."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96788",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96788"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0496",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-5.0.2"
},
{
"version_value": "Android-5.1.1"
},
{
"version_value": "Android-6.0"
},
{
"version_value": "Android-6.0.1"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability in Setup Wizard could allow a local malicious application to temporarily block access to an affected device. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1. Android ID: A-31554152."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96788",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96788"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2017-0496",
"datePublished": "2017-03-08T01:00:00.000Z",
"dateReserved": "2016-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:11:05.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0497 (GCVE-0-2017-0497)
Vulnerability from cvelistv5 – Published: 2017-03-08 01:00 – Updated: 2024-08-05 13:11
VLAI
EPSS
Summary
A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33300701.
Severity
No CVSS data available.
CWE
- Denial of service
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037968 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/96795 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
Android-7.0
Affected: Android-7.1.1 |
Date Public
2017-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:11:05.672Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96795",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96795"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "Android-7.0"
},
{
"status": "affected",
"version": "Android-7.1.1"
}
]
}
],
"datePublic": "2017-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33300701."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96795",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96795"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0497",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-7.0"
},
{
"version_value": "Android-7.1.1"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as Moderate because it requires an uncommon device configuration. Product: Android. Versions: 7.0, 7.1.1. Android ID: A-33300701."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96795",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96795"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2017-0497",
"datePublished": "2017-03-08T01:00:00.000Z",
"dateReserved": "2016-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:11:05.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0498 (GCVE-0-2017-0498)
Vulnerability from cvelistv5 – Published: 2017-03-08 01:00 – Updated: 2024-08-05 13:11
VLAI
EPSS
Summary
A denial of service vulnerability in Setup Wizard could allow a local attacker to require Google account sign-in after a factory reset. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30352311.
Severity
No CVSS data available.
CWE
- Denial of service
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037968 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/96793 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
Android-5.1.1
Affected: Android-6.0 Affected: Android-6.0.1 Affected: Android-7.0 Affected: Android-7.1.1 |
Date Public
2017-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:11:05.615Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96793",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96793"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "Android-5.1.1"
},
{
"status": "affected",
"version": "Android-6.0"
},
{
"status": "affected",
"version": "Android-6.0.1"
},
{
"status": "affected",
"version": "Android-7.0"
},
{
"status": "affected",
"version": "Android-7.1.1"
}
]
}
],
"datePublic": "2017-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability in Setup Wizard could allow a local attacker to require Google account sign-in after a factory reset. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30352311."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96793",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96793"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0498",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-5.1.1"
},
{
"version_value": "Android-6.0"
},
{
"version_value": "Android-6.0.1"
},
{
"version_value": "Android-7.0"
},
{
"version_value": "Android-7.1.1"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability in Setup Wizard could allow a local attacker to require Google account sign-in after a factory reset. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30352311."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96793",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96793"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2017-0498",
"datePublished": "2017-03-08T01:00:00.000Z",
"dateReserved": "2016-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:11:05.615Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0499 (GCVE-0-2017-0499)
Vulnerability from cvelistv5 – Published: 2017-03-08 01:00 – Updated: 2024-08-05 13:11
VLAI
EPSS
Summary
A denial of service vulnerability in Audioserver could enable a local malicious application to cause a device hang or reboot. This issue is rated as Low due to the possibility of a temporary denial of service. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32095713.
Severity
No CVSS data available.
CWE
- Denial of service
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037968 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/96806 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
Android-5.1.1
Affected: Android-6.0 Affected: Android-6.0.1 Affected: Android-7.0 Affected: Android-7.1.1 |
Date Public
2017-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:11:05.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96806",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96806"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "Android-5.1.1"
},
{
"status": "affected",
"version": "Android-6.0"
},
{
"status": "affected",
"version": "Android-6.0.1"
},
{
"status": "affected",
"version": "Android-7.0"
},
{
"status": "affected",
"version": "Android-7.1.1"
}
]
}
],
"datePublic": "2017-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "A denial of service vulnerability in Audioserver could enable a local malicious application to cause a device hang or reboot. This issue is rated as Low due to the possibility of a temporary denial of service. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32095713."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96806",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96806"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0499",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "Android-5.1.1"
},
{
"version_value": "Android-6.0"
},
{
"version_value": "Android-6.0.1"
},
{
"version_value": "Android-7.0"
},
{
"version_value": "Android-7.1.1"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A denial of service vulnerability in Audioserver could enable a local malicious application to cause a device hang or reboot. This issue is rated as Low due to the possibility of a temporary denial of service. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32095713."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96806",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96806"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2017-0499",
"datePublished": "2017-03-08T01:00:00.000Z",
"dateReserved": "2016-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:11:05.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0500 (GCVE-0-2017-0500)
Vulnerability from cvelistv5 – Published: 2017-03-08 01:00 – Updated: 2024-08-05 13:11
VLAI
EPSS
Summary
An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28429685. References: M-ALPS02710006.
Severity
No CVSS data available.
CWE
- Elevation of privilege
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037968 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/96726 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
n/a
|
Date Public
2017-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:11:05.744Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96726",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96726"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28429685. References: M-ALPS02710006."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96726",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96726"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28429685. References: M-ALPS02710006."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96726",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96726"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2017-0500",
"datePublished": "2017-03-08T01:00:00.000Z",
"dateReserved": "2016-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:11:05.744Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0501 (GCVE-0-2017-0501)
Vulnerability from cvelistv5 – Published: 2017-03-08 01:00 – Updated: 2024-08-05 13:11
VLAI
EPSS
Summary
An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28430015. References: M-ALPS02708983.
Severity
No CVSS data available.
CWE
- Elevation of privilege
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037968 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/96726 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
n/a
|
Date Public
2017-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:11:05.760Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96726",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96726"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28430015. References: M-ALPS02708983."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96726",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96726"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0501",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28430015. References: M-ALPS02708983."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96726",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96726"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2017-0501",
"datePublished": "2017-03-08T01:00:00.000Z",
"dateReserved": "2016-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:11:05.760Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0502 (GCVE-0-2017-0502)
Vulnerability from cvelistv5 – Published: 2017-03-08 01:00 – Updated: 2024-08-05 13:11
VLAI
EPSS
Summary
An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28430164. References: M-ALPS02710027.
Severity
No CVSS data available.
CWE
- Elevation of privilege
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037968 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/96726 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
n/a
|
Date Public
2017-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:11:05.762Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96726",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96726"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28430164. References: M-ALPS02710027."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96726",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96726"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0502",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28430164. References: M-ALPS02710027."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96726",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96726"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2017-0502",
"datePublished": "2017-03-08T01:00:00.000Z",
"dateReserved": "2016-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:11:05.762Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0503 (GCVE-0-2017-0503)
Vulnerability from cvelistv5 – Published: 2017-03-08 01:00 – Updated: 2024-08-05 13:11
VLAI
EPSS
Summary
An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28449045. References: M-ALPS02710075.
Severity
No CVSS data available.
CWE
- Elevation of privilege
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037968 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/96726 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
n/a
|
Date Public
2017-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:11:05.693Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96726",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96726"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28449045. References: M-ALPS02710075."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96726",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96726"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-28449045. References: M-ALPS02710075."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96726",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96726"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2017-0503",
"datePublished": "2017-03-08T01:00:00.000Z",
"dateReserved": "2016-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:11:05.693Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0504 (GCVE-0-2017-0504)
Vulnerability from cvelistv5 – Published: 2017-03-08 01:00 – Updated: 2024-08-05 13:11
VLAI
EPSS
Summary
An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30074628. References: M-ALPS02829371.
Severity
No CVSS data available.
CWE
- Elevation of privilege
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://source.android.com/security/bulletin/2017-03-01 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1037968 | vdb-entryx_refsource_SECTRACK |
| http://www.securityfocus.com/bid/96726 | vdb-entryx_refsource_BID |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Google Inc. | Android |
Affected:
n/a
|
Date Public
2017-03-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:11:05.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96726",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/96726"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Android",
"vendor": "Google Inc.",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2017-03-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30074628. References: M-ALPS02829371."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Elevation of privilege",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-14T09:57:01.000Z",
"orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"shortName": "google_android"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96726",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/96726"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@android.com",
"ID": "CVE-2017-0504",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Android",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "Google Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An elevation of privilege vulnerability in MediaTek components, including the M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue driver, could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30074628. References: M-ALPS02829371."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Elevation of privilege"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://source.android.com/security/bulletin/2017-03-01",
"refsource": "CONFIRM",
"url": "https://source.android.com/security/bulletin/2017-03-01"
},
{
"name": "1037968",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1037968"
},
{
"name": "96726",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/96726"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6",
"assignerShortName": "google_android",
"cveId": "CVE-2017-0504",
"datePublished": "2017-03-08T01:00:00.000Z",
"dateReserved": "2016-11-29T00:00:00.000Z",
"dateUpdated": "2024-08-05T13:11:05.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…