VYPR

Android

by Google

CVEs (4,041)

  • CVE-2014-9411CriAug 18, 2017
    risk 0.64cvss 9.8epss 0.01

    In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection.

  • CVE-2016-6727CriApr 17, 2017
    risk 0.64cvss 9.8epss 0.03

    The Qualcomm GPS subsystem in Android on Android One devices allows remote attackers to execute arbitrary code.

  • CVE-2016-6726CriApr 17, 2017
    risk 0.64cvss 9.8epss 0.01

    Unspecified vulnerability in Qualcomm components in Android on Nexus 6 and Android One devices.

  • CVE-2016-1155CriApr 13, 2017
    risk 0.64cvss 9.8epss 0.02

    HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies.

  • CVE-2014-7921CriApr 13, 2017
    risk 0.64cvss 9.8epss 0.01

    mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920.

  • CVE-2014-7920CriApr 13, 2017
    risk 0.64cvss 9.8epss 0.02

    mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921.

  • CVE-2016-8418CriFeb 8, 2017
    risk 0.64cvss 9.8epss 0.03

    A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Product:…

  • CVE-2016-8411CriJan 27, 2017
    risk 0.64cvss 9.8epss 0.01

    Buffer overflow vulnerability while processing QMI QOS TLVs. Product: Android. Versions: versions that have qmi_qos_srvc.c. Android ID: 31805216. References: QC CR#912775.

  • CVE-2016-8459CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.02

    Possible buffer overflow in storage subsystem. Bad parameters as part of listener responses to RPMB commands could lead to buffer overflow. Product: Android. Versions: Kernel 3.18. Android ID: A-32577972. References: QC-CR#988462.

  • CVE-2016-8440CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.02

    Possible buffer overflow in SMMU system call. Improper input validation in ADSP SID2CB system call may result in hypervisor memory overwrite. Product: Android. Versions: Kernel 3.18. Android ID: A-31625306. References: QC-CR#1036747.

  • CVE-2016-8439CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.02

    Possible buffer overflow in trust zone access control API. Buffer overflow may occur due to lack of buffer size checking. Product: Android. Versions: Kernel 3.18. Android ID: A-31625204. References: QC-CR#1027804.

  • CVE-2016-8438CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.02

    Integer overflow leading to a TOCTOU condition in hypervisor PIL. An integer overflow exposes a race condition that may be used to bypass (Peripheral Image Loader) PIL authentication. Product: Android. Versions: Kernel 3.18. Android ID: A-31624565. References: QC-CR#1023638.

  • CVE-2016-8437CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.02

    Improper input validation in Access Control APIs. Access control API may return memory range checking incorrectly. Product: Android. Versions: Kernel 3.18. Android ID: A-31623057. References: QC-CR#1009695.

  • CVE-2016-8398CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.02

    Unauthenticated messages processed by the UE. Certain NAS messages are processed when no EPS security context exists in the UE. Product: Android. Versions: Kernel 3.18. Android ID: A-31548486. References: QC-CR#877705.

  • CVE-2016-6725CriNov 25, 2016
    risk 0.64cvss 9.8epss 0.03

    A remote code execution vulnerability in the Qualcomm crypto driver in Android before 2016-11-05 could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the…

  • CVE-2016-6696CriOct 10, 2016
    risk 0.64cvss 9.8epss 0.01

    sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a large negative value for the data length, aka Qualcomm internal bug CR 1041130.

  • CVE-2016-6695CriOct 10, 2016
    risk 0.64cvss 9.8epss 0.01

    sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted visualizer data length, aka Qualcomm internal bug CR 1033540.

  • CVE-2016-6694CriOct 10, 2016
    risk 0.64cvss 9.8epss 0.01

    sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via crafted parameter data, aka Qualcomm internal bug CR 1033525.

  • CVE-2016-6693CriOct 10, 2016
    risk 0.64cvss 9.8epss 0.01

    sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via an invalid data length, aka Qualcomm internal bug CR 1027585.

  • CVE-2016-6692CriOct 10, 2016
    risk 0.64cvss 9.8epss 0.01

    drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm MDSS driver in Android before 2016-10-05 allows attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via unknown vectors, aka Qualcomm internal bug CR 1004933.

Page 13 of 203