VYPR

Vendor CVEs

Google

All CVEs

11,327 total · sorted by risk
  • CVE-2014-9978CriAug 18, 2017
    risk 0.64cvss 9.8epss 0.01

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE service.

  • CVE-2014-9977CriAug 18, 2017
    risk 0.64cvss 9.8epss 0.01

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in PlayReady DRM.

  • CVE-2014-9976CriAug 18, 2017
    risk 0.64cvss 9.8epss 0.01

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing.

  • CVE-2014-9975CriAug 18, 2017
    risk 0.64cvss 9.8epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption.

  • CVE-2014-9974CriAug 18, 2017
    risk 0.64cvss 9.8epss 0.01

    In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths was missing in Keymaster.

  • CVE-2014-9973CriAug 18, 2017
    risk 0.64cvss 9.8epss 0.01

    In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine.

  • CVE-2014-9972CriAug 18, 2017
    risk 0.64cvss 9.8epss 0.01

    In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition.

  • CVE-2014-9971CriAug 18, 2017
    risk 0.64cvss 9.8epss 0.01

    In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow.

  • CVE-2014-9969CriAug 18, 2017
    risk 0.64cvss 9.8epss 0.00

    In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm.

  • CVE-2014-9968CriAug 18, 2017
    risk 0.64cvss 9.8epss 0.01

    In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface.

  • CVE-2014-9411CriAug 18, 2017
    risk 0.64cvss 9.8epss 0.01

    In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection.

  • CVE-2016-5178CriMay 23, 2017
    risk 0.64cvss 9.8epss 0.02

    Multiple unspecified vulnerabilities in Google Chrome before 53.0.2785.143 allow remote attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2014-9654CriApr 24, 2017
    risk 0.64cvss 9.8epss 0.02

    The Regular Expressions package in International Components for Unicode (ICU) for C/C++ before 2014-12-03, as used in Google Chrome before 40.0.2214.91, calculates certain values without ensuring that they can be represented in a 24-bit field, which allows remote attackers to…

  • CVE-2016-6727CriApr 17, 2017
    risk 0.64cvss 9.8epss 0.03

    The Qualcomm GPS subsystem in Android on Android One devices allows remote attackers to execute arbitrary code.

  • CVE-2016-6726CriApr 17, 2017
    risk 0.64cvss 9.8epss 0.01

    Unspecified vulnerability in Qualcomm components in Android on Nexus 6 and Android One devices.

  • CVE-2016-1155CriApr 13, 2017
    risk 0.64cvss 9.8epss 0.02

    HTTP header injection vulnerability in the URLConnection class in Android OS 2.2 through 6.0 allows remote attackers to execute arbitrary scripts or set arbitrary values in cookies.

  • CVE-2014-7921CriApr 13, 2017
    risk 0.64cvss 9.8epss 0.01

    mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920.

  • CVE-2014-7920CriApr 13, 2017
    risk 0.64cvss 9.8epss 0.02

    mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921.

  • CVE-2013-6647CriApr 11, 2017
    risk 0.64cvss 9.8epss 0.01

    A use-after-free in AnimationController::endAnimationUpdate in Google Chrome.

  • CVE-2016-8418CriFeb 8, 2017
    risk 0.64cvss 9.8epss 0.03

    A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel. Product:…

  • CVE-2016-8411CriJan 27, 2017
    risk 0.64cvss 9.8epss 0.01

    Buffer overflow vulnerability while processing QMI QOS TLVs. Product: Android. Versions: versions that have qmi_qos_srvc.c. Android ID: 31805216. References: QC CR#912775.

  • CVE-2016-8459CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.02

    Possible buffer overflow in storage subsystem. Bad parameters as part of listener responses to RPMB commands could lead to buffer overflow. Product: Android. Versions: Kernel 3.18. Android ID: A-32577972. References: QC-CR#988462.

  • CVE-2016-8440CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.02

    Possible buffer overflow in SMMU system call. Improper input validation in ADSP SID2CB system call may result in hypervisor memory overwrite. Product: Android. Versions: Kernel 3.18. Android ID: A-31625306. References: QC-CR#1036747.

  • CVE-2016-8439CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.02

    Possible buffer overflow in trust zone access control API. Buffer overflow may occur due to lack of buffer size checking. Product: Android. Versions: Kernel 3.18. Android ID: A-31625204. References: QC-CR#1027804.

  • CVE-2016-8438CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.02

    Integer overflow leading to a TOCTOU condition in hypervisor PIL. An integer overflow exposes a race condition that may be used to bypass (Peripheral Image Loader) PIL authentication. Product: Android. Versions: Kernel 3.18. Android ID: A-31624565. References: QC-CR#1023638.

  • CVE-2016-8437CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.02

    Improper input validation in Access Control APIs. Access control API may return memory range checking incorrectly. Product: Android. Versions: Kernel 3.18. Android ID: A-31623057. References: QC-CR#1009695.

  • CVE-2016-8398CriJan 12, 2017
    risk 0.64cvss 9.8epss 0.02

    Unauthenticated messages processed by the UE. Certain NAS messages are processed when no EPS security context exists in the UE. Product: Android. Versions: Kernel 3.18. Android ID: A-31548486. References: QC-CR#877705.

  • CVE-2016-6725CriNov 25, 2016
    risk 0.64cvss 9.8epss 0.03

    A remote code execution vulnerability in the Qualcomm crypto driver in Android before 2016-11-05 could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the…

  • CVE-2016-6696CriOct 10, 2016
    risk 0.64cvss 9.8epss 0.01

    sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a large negative value for the data length, aka Qualcomm internal bug CR 1041130.

  • CVE-2016-6695CriOct 10, 2016
    risk 0.64cvss 9.8epss 0.01

    sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted visualizer data length, aka Qualcomm internal bug CR 1033540.

  • CVE-2016-6694CriOct 10, 2016
    risk 0.64cvss 9.8epss 0.01

    sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via crafted parameter data, aka Qualcomm internal bug CR 1033525.

  • CVE-2016-6693CriOct 10, 2016
    risk 0.64cvss 9.8epss 0.01

    sound/soc/msm/qdsp6v2/msm-ds2-dap-config.c in a Qualcomm QDSP6v2 driver in Android before 2016-10-05 allows attackers to cause a denial of service or possibly have unspecified other impact via an invalid data length, aka Qualcomm internal bug CR 1027585.

  • CVE-2016-6692CriOct 10, 2016
    risk 0.64cvss 9.8epss 0.01

    drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm MDSS driver in Android before 2016-10-05 allows attackers to cause a denial of service (invalid pointer access) or possibly have unspecified other impact via unknown vectors, aka Qualcomm internal bug CR 1004933.

  • CVE-2016-6691CriOct 10, 2016
    risk 0.64cvss 9.8epss 0.01

    service/jni/com_android_server_wifi_Gbk2Utf.cpp in the Qualcomm Wi-Fi gbk2utf module in Android before 2016-10-05 allows remote attackers to cause a denial of service (framework crash) or possibly have unspecified other impact via an access point that has a malformed SSID with…

  • CVE-2016-3929CriOct 10, 2016
    risk 0.64cvss 9.8epss 0.01

    Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823675.

  • CVE-2016-3927CriOct 10, 2016
    risk 0.64cvss 9.8epss 0.01

    Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5X and 6P devices has unknown impact and attack vectors, aka internal bug 28823244.

  • CVE-2016-3926CriOct 10, 2016
    risk 0.64cvss 9.8epss 0.01

    Unspecified vulnerability in a Qualcomm component in Android before 2016-10-05 on Nexus 5, 5X, 6, and 6P devices has unknown impact and attack vectors, aka internal bug 28823953.

  • CVE-2016-3877CriSep 11, 2016
    risk 0.64cvss 9.8epss 0.01

    Unspecified vulnerability in Android before 2016-09-01 has unknown impact and attack vectors.

  • CVE-2016-5344CriAug 30, 2016
    risk 0.64cvss 9.8epss 0.02

    Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size…

  • CVE-2016-5146CriAug 7, 2016
    risk 0.64cvss 9.8epss 0.01

    Multiple unspecified vulnerabilities in Google Chrome before 52.0.2743.116 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

  • CVE-2016-5144CriAug 7, 2016
    risk 0.64cvss 9.8epss 0.02

    The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted…

  • CVE-2016-5143CriAug 7, 2016
    risk 0.64cvss 9.8epss 0.02

    The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted…

  • CVE-2016-5142CriAug 7, 2016
    risk 0.64cvss 9.8epss 0.02

    The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted…

  • CVE-2016-5140CriAug 7, 2016
    risk 0.64cvss 9.8epss 0.02

    Heap-based buffer overflow in the opj_j2k_read_SQcd_SQcc function in j2k.c in OpenJPEG, as used in PDFium in Google Chrome before 52.0.2743.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JPEG 2000 data.

  • CVE-2016-3840CriAug 5, 2016
    risk 0.64cvss 9.8epss 0.02

    Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751153.

  • CVE-2016-3821CriAug 5, 2016
    risk 0.64cvss 9.8epss 0.02

    libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL pointer dereference or memory…

  • CVE-2016-3820CriAug 5, 2016
    risk 0.64cvss 9.8epss 0.01

    The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 mishandles slice numbers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28673410.

  • CVE-2016-3819CriAug 5, 2016
    risk 0.64cvss 9.8epss 0.02

    Integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory…

  • CVE-2014-9902CriAug 5, 2016
    risk 0.64cvss 9.8epss 0.03

    Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android…

  • CVE-2016-3745CriJul 11, 2016
    risk 0.64cvss 9.8epss 0.01

    Multiple buffer overflows in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allow attackers to gain privileges via a crafted application that provides an AudioEffect reply, as demonstrated by obtaining Signature or…

Page 6 of 227