VYPR

Vendor CVEs

Google

All CVEs

11,416 total · sorted by risk
  • CVE-2014-9891HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.01

    drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl call, aka Android internal bug 28749283 and…

  • CVE-2014-9890HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.01

    Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that sends an I2C command, aka Android internal bug…

  • CVE-2014-9889HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803645 and…

  • CVE-2014-9887HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.01

    drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804057 and Qualcomm internal…

  • CVE-2014-9886HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815575…

  • CVE-2014-9885HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug…

  • CVE-2014-9884HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769920 and Qualcomm internal bug…

  • CVE-2014-9883HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28769912 and Qualcomm…

  • CVE-2014-9882HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.01

    Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546 and Qualcomm internal bug CR552329.

  • CVE-2014-9881HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application, aka Android…

  • CVE-2014-9880HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug…

  • CVE-2014-9879HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221 and Qualcomm internal bug CR524490.

  • CVE-2014-9878HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769208 and Qualcomm…

  • CVE-2014-9877HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges via a crafted application, aka Android internal…

  • CVE-2014-9876HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28767796 and Qualcomm…

  • CVE-2014-9875HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal bug 28767589 and Qualcomm internal bug CR483310.

  • CVE-2014-9874HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audio_utils.c and sound/soc/msm/qdsp6v2/q6asm.c, aka Android…

  • CVE-2014-9873HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm…

  • CVE-2014-9872HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug…

  • CVE-2014-9871HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.01

    Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28749803 and…

  • CVE-2014-9869HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.01

    drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges via a crafted application, aka Android internal…

  • CVE-2014-9868HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted mask value, aka Android internal bug 28749721…

  • CVE-2014-9867HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.01

    drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges via a crafted application, aka Android internal…

  • CVE-2014-9866HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.01

    drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via a crafted application, aka Android internal…

  • CVE-2014-9865HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.01

    drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28748271 and Qualcomm…

  • CVE-2014-9864HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.01

    drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747998 and Qualcomm internal bug CR561841.

  • CVE-2014-9863HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.01

    Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug…

  • CVE-2016-3857HigAug 5, 2016
    risk 0.51cvss 7.8epss 0.01

    The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518.

  • CVE-2016-3849HigAug 5, 2016
    risk 0.51cvss 7.8epss 0.00

    The ION driver in Android before 2016-08-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28939740.

  • CVE-2016-3847HigAug 5, 2016
    risk 0.51cvss 7.8epss 0.00

    The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28871433.

  • CVE-2016-3845HigAug 5, 2016
    risk 0.51cvss 7.8epss 0.00

    The video driver in the kernel in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka internal bug 28399876.

  • CVE-2016-3844HigAug 5, 2016
    risk 0.51cvss 7.8epss 0.00

    mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28299517.

  • CVE-2016-3843HigAug 5, 2016
    risk 0.51cvss 7.8epss 0.01

    Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs…

  • CVE-2016-3842HigAug 5, 2016
    risk 0.51cvss 7.8epss 0.00

    The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28377352 and Qualcomm internal bug CR1002974.

  • CVE-2016-3833HigAug 5, 2016
    risk 0.51cvss 7.8epss 0.00

    The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug…

  • CVE-2016-3832HigAug 5, 2016
    risk 0.51cvss 7.8epss 0.00

    The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows attackers to bypass an unspecified protection mechanism via a crafted application,…

  • CVE-2016-3826HigAug 5, 2016
    risk 0.51cvss 7.8epss 0.00

    services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the reply size for an AudioFlinger effect command, which allows attackers to gain privileges via a crafted…

  • CVE-2016-3825HigAug 5, 2016
    risk 0.51cvss 7.8epss 0.00

    mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allocates an incorrect amount of memory, which allows attackers to gain privileges via a crafted application, aka internal bug 28816964.

  • CVE-2016-3824HigAug 5, 2016
    risk 0.51cvss 7.8epss 0.00

    omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the buffer port, which allows attackers to gain privileges via a crafted application, aka internal bug…

  • CVE-2016-3823HigAug 5, 2016
    risk 0.51cvss 7.8epss 0.00

    The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a crafted application, aka…

  • CVE-2016-3822HigAug 5, 2016
    risk 0.51cvss 7.8epss 0.01

    exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds access) via crafted EXIF data,…

  • CVE-2016-2504HigAug 5, 2016
    risk 0.51cvss 7.8epss 0.00

    The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974.

  • CVE-2016-3811HigJul 11, 2016
    risk 0.51cvss 7.8epss 0.00

    The kernel video driver in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28447556.

  • CVE-2016-3808HigJul 11, 2016
    risk 0.51cvss 7.8epss 0.00

    The serial peripheral interface driver in Android before 2016-07-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28430009.

  • CVE-2016-3807HigJul 11, 2016
    risk 0.51cvss 7.8epss 0.00

    The serial peripheral interface driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28402196.

  • CVE-2016-3806HigJul 11, 2016
    risk 0.51cvss 7.8epss 0.00

    The MediaTek display driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28402341 and MediaTek internal bug ALPS02715341.

  • CVE-2016-3805HigJul 11, 2016
    risk 0.51cvss 7.8epss 0.00

    The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28333002 and MediaTek internal bug ALPS02694412.

  • CVE-2016-3804HigJul 11, 2016
    risk 0.51cvss 7.8epss 0.00

    The MediaTek power management driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28332766 and MediaTek internal bug ALPS02694410.

  • CVE-2016-3803HigJul 11, 2016
    risk 0.51cvss 7.8epss 0.01

    The kernel filesystem implementation in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28588434.

  • CVE-2016-3802HigJul 11, 2016
    risk 0.51cvss 7.8epss 0.01

    The kernel filesystem implementation in Android before 2016-07-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28271368.

Page 92 of 229