VYPR

Vendor CVEs

Qualcomm

All CVEs

2,042 total · sorted by risk
  • CVE-2017-0604HigMay 12, 2017
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which…

  • CVE-2016-10276HigMay 12, 2017
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may…

  • CVE-2016-10275HigMay 12, 2017
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may…

  • CVE-2016-5857HigMar 20, 2017
    risk 0.51cvss 7.8epss 0.00

    The Qualcomm SPCom driver in Android before 7.0 allows local users to execute arbitrary code within the context of the kernel via a crafted application, aka Android internal bug 34386529 and Qualcomm internal bug CR#1094140.

  • CVE-2017-0455HigMar 8, 2017
    risk 0.51cvss 7.8epss 0.02

    An information disclosure vulnerability in the Qualcomm bootloader could help to enable a local malicious application to to execute arbitrary code within the context of the bootloader. This issue is rated as High because it is a general bypass for a bootloader level defense in…

  • CVE-2016-8479HigMar 8, 2017
    risk 0.51cvss 7.8epss 0.02

    An elevation of privilege vulnerability in the Qualcomm GPU driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may…

  • CVE-2016-8436HigJan 12, 2017
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the Qualcomm video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may…

  • CVE-2016-8423HigJan 12, 2017
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may…

  • CVE-2016-8422HigJan 12, 2017
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may…

  • CVE-2016-6761HigJan 12, 2017
    risk 0.51cvss 7.8epss 0.02

    An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities,…

  • CVE-2016-6760HigJan 12, 2017
    risk 0.51cvss 7.8epss 0.02

    An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities,…

  • CVE-2016-6759HigJan 12, 2017
    risk 0.51cvss 7.8epss 0.02

    An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities,…

  • CVE-2016-6758HigJan 12, 2017
    risk 0.51cvss 7.8epss 0.02

    An elevation of privilege vulnerability in Qualcomm media codecs could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities,…

  • CVE-2016-6741HigNov 25, 2016
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a…

  • CVE-2016-6740HigNov 25, 2016
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a…

  • CVE-2016-6739HigNov 25, 2016
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the Qualcomm camera driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a…

  • CVE-2016-6738HigNov 25, 2016
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the Qualcomm crypto engine driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a…

  • CVE-2016-3904HigNov 25, 2016
    risk 0.51cvss 7.8epss 0.01

    An elevation of privilege vulnerability in the Qualcomm bus driver in Android before 2016-11-05 could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged…

  • CVE-2016-6680HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.01

    CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to obtain sensitive information via a crafted application that makes an iw_set_priv ioctl call, aka Android internal bug 29982678 and…

  • CVE-2016-6676HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.01

    Off-by-one error in CORE/HDD/src/wlan_hdd_cfg.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application that makes a GET_CFG ioctl…

  • CVE-2016-6675HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.01

    Off-by-one error in CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X and Android One devices allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application that makes a linkspeed…

  • CVE-2016-3939HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.00

    drivers/video/msm/mdss/mdss_debug.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 30874196 and Qualcomm internal bug CR…

  • CVE-2016-3938HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.01

    drivers/video/msm/mdss/mdss_mdp_overlay.c in the Qualcomm video driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 30019716 and Qualcomm internal bug…

  • CVE-2016-3935HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.01

    Multiple integer overflows in drivers/crypto/msm/qcedev.c in the Qualcomm cryptographic engine driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug…

  • CVE-2016-3934HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.01

    drivers/media/platform/msm/camera_v2/sensor/io/msm_camera_cci_i2c.c in the Qualcomm camera driver in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices relies on variable-length arrays, which allows attackers to gain privileges via a…

  • CVE-2016-3931HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.01

    drivers/misc/qseecom.c in the Qualcomm QSEE Communicator driver in Android before 2016-10-05 on Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29157595 and Qualcomm internal bug CR…

  • CVE-2016-3905HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.01

    CORE/HDD/src/wlan_hdd_main.c in the Qualcomm Wi-Fi driver in Android before 2016-10-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application that sends a SENDACTIONFRAME command, aka Android internal bug 28061823 and Qualcomm internal bug CR 1001449.

  • CVE-2016-3903HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.01

    drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm camera driver in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug…

  • CVE-2015-8951HigOct 10, 2016
    risk 0.51cvss 7.8epss 0.01

    Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug…

  • CVE-2016-3874HigSep 11, 2016
    risk 0.51cvss 7.8epss 0.01

    CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-09-05 on Nexus 5X devices does not properly validate the arguments array, which allows attackers to gain privileges via a crafted application that sends a WE_UNIT_TEST_CMD command, aka Android…

  • CVE-2016-3864HigSep 11, 2016
    risk 0.51cvss 7.8epss 0.00

    The Qualcomm radio interface layer in Android before 2016-09-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28823714 and Qualcomm internal bug CR913117.

  • CVE-2016-3858HigSep 11, 2016
    risk 0.51cvss 7.8epss 0.01

    Buffer overflow in drivers/soc/qcom/subsystem_restart.c in the Qualcomm subsystem driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application that provides a long string, aka Android internal bug 28675151 and…

  • CVE-2016-5342HigAug 30, 2016
    risk 0.51cvss 7.8epss 0.01

    Heap-based buffer overflow in the wcnss_wlan_write function in drivers/net/wireless/wcnss/wcnss_wlan.c in the wcnss_wlan device driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows…

  • CVE-2016-2065HigAug 7, 2016
    risk 0.51cvss 7.8epss 0.01

    sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (out-of-bounds write and…

  • CVE-2016-2064HigAug 7, 2016
    risk 0.51cvss 7.8epss 0.01

    sound/soc/msm/qdsp6v2/msm-audio-effects-q6-v2.c in the MSM QDSP6 audio driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service (buffer over-read) or…

  • CVE-2016-2063HigAug 7, 2016
    risk 0.51cvss 7.8epss 0.00

    Stack-based buffer overflow in the supply_lm_input_write function in drivers/thermal/supply_lm_core.c in the MSM Thermal driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to…

  • CVE-2015-0568HigAug 7, 2016
    risk 0.51cvss 7.8epss 0.01

    Use-after-free vulnerability in the msm_set_crop function in drivers/media/video/msm/msm_camera.c in the MSM-Camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain…

  • CVE-2016-3855HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    drivers/thermal/supply_lm_core.c in the Qualcomm components in Android before 2016-08-05 does not validate a certain count parameter, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted…

  • CVE-2016-3854HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    drivers/media/video/msm/msm_mctl_buf.c in the Qualcomm components in Android before 2016-08-05 does not validate the image mode, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application,…

  • CVE-2015-8943HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain privileges via a crafted application, aka Android…

  • CVE-2015-8942HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.01

    drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814652 and…

  • CVE-2015-8941HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.01

    drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges via a crafted application, aka Android internal…

  • CVE-2015-8940HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.01

    Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and Qualcomm internal bug CR792367.

  • CVE-2015-8939HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.01

    drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28398884 and…

  • CVE-2015-8938HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.01

    The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804030 and Qualcomm internal bug CR766022.

  • CVE-2014-9891HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.01

    drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl call, aka Android internal bug 28749283 and…

  • CVE-2014-9889HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803645 and…

  • CVE-2014-9887HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.01

    drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804057 and Qualcomm internal…

  • CVE-2014-9886HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815575…

  • CVE-2014-9885HigAug 6, 2016
    risk 0.51cvss 7.8epss 0.00

    Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug…

Page 10 of 41