Google Inc Android vulnerabilities

CVE-2017-0489 [MEDIUM] CVE-2017-0489: An elevation of privilege vulnerability in Location Manager could enable a local malicious applicati An elevation of privilege vulnerability in Location Manager could enable a local malicious application to bypass operating system protections for location data. This issue is rated as Moderate because it could be used to generate inaccurate data. Product: Android. Versions: 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33091107.

CVE-2017-0486 [MEDIUM] CVE-2017-0486: A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33621215.

CVE-2017-0495 [MEDIUM] CWE-200 CVE-2017-0495: An information disclosure vulnerability in Mediaserver could enable a local malicious application to An information disclosure vulnerability in Mediaserver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it could be used to access sensitive data without permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33552073.

CVE-2017-0535 [MEDIUM] CWE-200 CVE-2017-0535: An information disclosure vulnerability in the HTC sound codec driver could enable a local malicious An information disclosure vulnerability in the HTC sound codec driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-33547247.

CVE-2017-0492 [MEDIUM] CWE-1021 CVE-2017-0492: An elevation of privilege vulnerability in the System UI could enable a local malicious application An elevation of privilege vulnerability in the System UI could enable a local malicious application to create a UI overlay covering the entire screen. This issue is rated as Moderate because it is a local bypass of user interaction requirements that would normally require either user initiation or user permission. Product: Android. Versions: 7.1.1. An

CVE-2017-0498 [MEDIUM] CVE-2017-0498: A denial of service vulnerability in Setup Wizard could allow a local attacker to require Google acc A denial of service vulnerability in Setup Wizard could allow a local attacker to require Google account sign-in after a factory reset. This issue is rated as Moderate because it may require a factory reset to repair the device. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-30352311.

CVE-2017-0483 [MEDIUM] CWE-20 CVE-2017-0483: A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33137046.

CVE-2017-0485 [MEDIUM] CVE-2017-0485: A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33387820.

CVE-2016-8413 [MEDIUM] CWE-200 CVE-2016-8413: An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32709702. References: QC-CR#51

CVE-2017-0459 [MEDIUM] CWE-200 CVE-2017-0459: An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious An information disclosure vulnerability in the Qualcomm Wi-Fi driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32644895. References: QC-CR#1091939.

CVE-2017-0484 [MEDIUM] CWE-20 CVE-2017-0484: A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33298089.

CVE-2016-8416 [MEDIUM] CWE-200 CVE-2016-8416: An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32510746. References: QC-CR#1088206.

CVE-2017-0499 [MEDIUM] CWE-20 CVE-2017-0499: A denial of service vulnerability in Audioserver could enable a local malicious application to cause A denial of service vulnerability in Audioserver could enable a local malicious application to cause a device hang or reboot. This issue is rated as Low due to the possibility of a temporary denial of service. Product: Android. Versions: 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-32095713.

CVE-2016-8483 [MEDIUM] CWE-200 CVE-2016-8483: An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious An information disclosure vulnerability in the Qualcomm power driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: Kernel-3.10. Android ID: A-33745862. References: QC-C

CVE-2016-8478 [MEDIUM] CWE-200 CVE-2016-8478: An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious An information disclosure vulnerability in the Qualcomm video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.18. Android ID: A-32511270. References: QC-CR#1088206.

CVE-2017-0487 [MEDIUM] CVE-2017-0487: A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33751193.

CVE-2017-0482 [MEDIUM] CVE-2017-0482: A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted A denial of service vulnerability in Mediaserver could enable an attacker to use a specially crafted file to cause a device hang or reboot. This issue is rated as High severity due to the possibility of remote denial of service. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33090864.

CVE-2017-0490 [MEDIUM] CVE-2017-0490: An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to delet An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to delete user data. This issue is rated as Moderate because it is a local bypass of user interaction requirements that would normally require either user initiation or user permission. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1. Android ID: A-33178389.

CVE-2016-8477 [MEDIUM] CWE-200 CVE-2016-8477: An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-32720522. References: QC-CR#10

CVE-2017-0529 [MEDIUM] CWE-200 CVE-2017-0529: An information disclosure vulnerability in the MediaTek driver could enable a local malicious applic An information disclosure vulnerability in the MediaTek driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-28449427. References: M-ALPS02710042.