Max CVSS 10.0 Min CVSS 4.3 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2016-3822 6.8
exif.c in Matthias Wandel jhead 2.87, as used in libjhead in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01, allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds ac
05-11-2018 - 20:33 05-08-2016 - 20:59
CVE-2016-3841 7.2
The IPv6 stack in the Linux kernel before 4.3.3 mishandles options data, which allows local users to gain privileges or cause a denial of service (use-after-free and system crash) via a crafted sendmsg system call.
05-01-2018 - 02:30 06-08-2016 - 20:59
CVE-2016-3847 6.9
The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28871433.
19-10-2017 - 01:30 05-08-2016 - 20:59
CVE-2016-3819 7.5
Integer overflow in codecs/on2/h264dec/source/h264bsd_dpb.c in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to execute arbitrary code or cause a d
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3820 7.5
The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 mishandles slice numbers, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28673410.
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3821 7.5
libmedia in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 has certain incorrect declarations, which allows remote attackers to execute arbitrary code or cause a denial of service (NULL poin
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3823 4.6
The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to gain privileges via a cra
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3824 4.6
omx/OMXNodeInstance.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the buffer port, which allows attackers to gain privileges via a crafted applica
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3825 4.6
mm-video-v4l2/vidc/venc/src/omx_video_base.cpp in mediaserver in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allocates an incorrect amount of memory, which allows attackers to gain privileges via a crafted application, a
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3826 4.6
services/audioflinger/Effects.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not validate the reply size for an AudioFlinger effect command, which allows attackers to gain privil
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3827 7.1
codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 2
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3828 7.1
decoder/ih264d_api.c in mediaserver in Android 6.x before 2016-08-01 mishandles invalid PPS and SPS NAL units, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28835995.
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3829 7.1
The ih264d decoder in mediaserver in Android 6.x before 2016-08-01 does not initialize certain structure members, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 29023649.
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3830 7.1
codecs/aacdec/SoftAAC2.cpp in libstagefright in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device hang or reboot) via crafted ADTS d
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3831 5.0
The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial of service (device crash) via a NITZ time value of 2038-01-19 or later that is mishandled
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3832 8.3
The framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 do not ensure that package data originated from the Package Manager, which allows attackers to bypass an unspecified protection mechanis
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3833 9.3
The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypass intended access restrictions via a crafted appli
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3834 4.3
The camera APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allow attackers to bypass intended access restrictions and obtain sensitive information about ANW buffer addresses via a crafted applicatio
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3835 4.3
The secure-session feature in the mm-video-v4l2 venc component in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 mishandles heap pointers, which allows attackers to obtain sensitive informat
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3836 4.3
The SurfaceFlinger service in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application, related to lack of a default constructor in include/ui/FrameStats.h, a
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3837 4.3
service/jni/com_android_server_wifi_WifiNative.cpp in Wi-Fi in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to obtain sensitive information via a crafted application that provides a MAC address with too f
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3838 4.3
Android 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of locked-screen 911 functionality) via a crafted application that uses the app-pinning feature, aka internal bug 28761672.
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3839 4.3
Bluetooth in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to cause a denial of service (loss of Bluetooth 911 functionality) via a crafted application that sends a signal to a Bluetooth
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3840 10.0
Conscrypt in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-05 does not properly identify session reuse, which allows remote attackers to execute arbitrary code via unspecified vectors, aka internal bug 28751
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3842 9.3
The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28377352 and Qualcomm internal bug CR1002974.
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3843 9.3
Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component,
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3844 9.3
mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28299517.
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3845 9.3
The video driver in the kernel in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka internal bug 28399876.
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3846 7.6
The Serial Peripheral Interface driver in Android before 2016-08-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28817378.
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3848 7.6
The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28919417.
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3849 6.9
The ION driver in Android before 2016-08-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28939740.
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3850 6.9
Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted header field in a boot image, aka Android internal bug 27917291 a
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3851 9.3
The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X devices allows attackers to gain privileges by leveraging access to a privileged process, aka internal bug 29189941.
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3852 4.3
The MediaTek Wi-Fi driver in Android before 2016-08-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29141147 and MediaTek internal bug ALPS02751738.
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3853 4.9
Google Play services in Android before 2016-08-05 on Nexus devices allow local users to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26803208.
28-11-2016 - 20:12 05-08-2016 - 20:59
CVE-2016-3854 6.8
drivers/media/video/msm/msm_mctl_buf.c in the Qualcomm components in Android before 2016-08-05 does not validate the image mode, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impac
28-11-2016 - 20:12 06-08-2016 - 10:59
CVE-2016-3855 6.8
drivers/thermal/supply_lm_core.c in the Qualcomm components in Android before 2016-08-05 does not validate a certain count parameter, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other
28-11-2016 - 20:12 06-08-2016 - 10:59
CVE-2016-3856 6.8
netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR959631.
28-11-2016 - 20:12 06-08-2016 - 10:59
CVE-2016-2497 7.5
services/core/java/com/android/server/pm/PackageManagerService.java in the framework APIs in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows attackers to increase intent-filter priority via a crafted
28-11-2016 - 20:04 05-08-2016 - 20:59
CVE-2016-2504 6.9
The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974.
28-11-2016 - 20:04 05-08-2016 - 20:59
CVE-2015-8937 6.8
drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka Android internal bug 2
28-11-2016 - 19:50 06-08-2016 - 10:59
CVE-2015-8938 9.3
The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804030 and Qualcomm i
28-11-2016 - 19:50 06-08-2016 - 10:59
CVE-2015-8939 9.3
drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted application, aka Android i
28-11-2016 - 19:50 06-08-2016 - 10:59
CVE-2015-8940 9.3
Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and Qualcomm internal bug CR
28-11-2016 - 19:50 06-08-2016 - 10:59
CVE-2015-8941 9.3
drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges via a crafted appl
28-11-2016 - 19:50 06-08-2016 - 10:59
CVE-2015-8942 9.3
drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted application, aka Android i
28-11-2016 - 19:50 06-08-2016 - 10:59
CVE-2015-8943 6.8
drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain privileges via a crafted
28-11-2016 - 19:50 06-08-2016 - 10:59
CVE-2015-8944 4.3
The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information
28-11-2016 - 19:50 06-08-2016 - 10:59
CVE-2014-9863 9.3
Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9864 9.3
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747998 and Q
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9865 9.3
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka Android internal bug
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9866 9.3
drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via a crafted applica
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9867 9.3
drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges via a crafted appli
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9868 6.9
drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted mask value, aka And
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9869 9.3
drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges via a crafted appl
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9870 9.3
The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted appl
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9871 9.3
Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android int
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9872 6.8
The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 2875015
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9873 6.8
Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android inter
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9874 6.8
Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audio_utils.c and sound/soc/msm/qdsp6
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9875 6.8
drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal bug 28767589 and Q
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9876 6.8
drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application, aka Android intern
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9877 6.8
drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges via a crafted appli
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9878 6.8
drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka Android internal bug
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9879 6.8
The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221 and Qualcomm int
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9880 6.8
drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a crafted application,
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9881 6.8
drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or cause a denial of service (buffer overflow) via a cra
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9882 6.8
Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546 and Qualcomm intern
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9883 6.8
Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android intern
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9884 6.8
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769920
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9885 6.8
Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, ak
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9886 6.8
arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted application, aka A
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9887 9.3
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 2880
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9888 7.2
arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9889 6.8
drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted application, aka Android
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9890 9.3
Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that sends an I2C comm
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9891 9.3
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl call, aka Android in
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9892 4.3
The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to o
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9893 4.3
drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a crafted application,
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9894 4.3
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\0' character, which allows attackers to obtain sensitive information via a crafted applicati
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9895 4.3
drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive information via a c
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9896 4.3
drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a crafted application,
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9897 4.3
sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted application, aka Android
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9898 4.3
arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information via a crafted appli
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9899 4.3
drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted application, aka Andr
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9900 4.3
The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive infor
28-11-2016 - 19:15 06-08-2016 - 10:59
CVE-2014-9901 7.8
The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android internal bug 28670333
28-11-2016 - 19:15 05-08-2016 - 20:59
CVE-2014-9902 10.0
Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 manage
28-11-2016 - 19:15 05-08-2016 - 20:59
CVE-2016-3857 9.3
The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518.
10-08-2016 - 15:33 05-08-2016 - 20:59
Back to Top Mark selected
Back to Top