National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:google:android:2.2.2
There are 1,218 matching records.
Displaying matches 441 through 460.
Vuln ID Summary CVSS Severity
CVE-2016-3874

CORE/HDD/src/wlan_hdd_wext.c in the Qualcomm Wi-Fi driver in Android before 2016-09-05 on Nexus 5X devices does not properly validate the arguments array, which allows attackers to gain privileges via a crafted application that sends a WE_UNIT_TEST_CMD command, aka Android internal bug 29944562 and Qualcomm internal bug CR997797.

Published: September 11, 2016; 05:59:17 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-3873

The NVIDIA kernel in Android before 2016-09-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 29518457.

Published: September 11, 2016; 05:59:16 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-3869

The Broadcom Wi-Fi driver in Android before 2016-09-05 on Nexus 5, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, and Pixel C devices allows attackers to gain privileges via a crafted application, aka Android internal bug 29009982 and Broadcom internal bug RB#96070.

Published: September 11, 2016; 05:59:12 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-3868

The Qualcomm power driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28967028 and Qualcomm internal bug CR1032875.

Published: September 11, 2016; 05:59:11 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-3867

The Qualcomm IPA driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28919863 and Qualcomm internal bug CR1037897.

Published: September 11, 2016; 05:59:10 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-3866

The Qualcomm sound driver in Android before 2016-09-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28868303 and Qualcomm internal bug CR1032820.

Published: September 11, 2016; 05:59:09 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-3865

The Synaptics touchscreen driver in Android before 2016-09-05 on Nexus 5X and 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28799389.

Published: September 11, 2016; 05:59:07 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-3864

The Qualcomm radio interface layer in Android before 2016-09-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28823714 and Qualcomm internal bug CR913117.

Published: September 11, 2016; 05:59:06 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-3859

The Qualcomm camera driver in Android before 2016-09-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28815326 and Qualcomm internal bug CR1034641.

Published: September 11, 2016; 05:59:01 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-3858

Buffer overflow in drivers/soc/qcom/subsystem_restart.c in the Qualcomm subsystem driver in Android before 2016-09-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application that provides a long string, aka Android internal bug 28675151 and Qualcomm internal bug CR1022641.

Published: September 11, 2016; 05:59:00 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-5344

Multiple integer overflows in the MDSS driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service or possibly have unspecified other impact via a large size value, related to mdss_compat_utils.c, mdss_fb.c, and mdss_rotator.c.

Published: August 30, 2016; 01:59:03 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2016-5342

Heap-based buffer overflow in the wcnss_wlan_write function in drivers/net/wireless/wcnss/wcnss_wlan.c in the wcnss_wlan device driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to cause a denial of service or possibly have unspecified other impact by writing to /dev/wcnss_wlan with an unexpected amount of data.

Published: August 30, 2016; 01:59:02 PM -04:00
V3.0: 7.8 HIGH
    V2: 7.2 HIGH
CVE-2016-5340

The is_ashmem_file function in drivers/staging/android/ashmem.c in a certain Qualcomm Innovation Center (QuIC) Android patch for the Linux kernel 3.x mishandles pointer validation within the KGSL Linux Graphics Module, which allows attackers to bypass intended access restrictions by using the /ashmem string as the dentry name.

Published: August 07, 2016; 05:59:08 PM -04:00
V3.0: 8.4 HIGH
    V2: 7.2 HIGH
CVE-2016-5696

net/ipv4/tcp_input.c in the Linux kernel before 4.7 does not properly determine the rate of challenge ACK segments, which makes it easier for remote attackers to hijack TCP sessions via a blind in-window attack.

Published: August 06, 2016; 04:59:05 PM -04:00
V3.0: 4.8 MEDIUM
    V2: 5.8 MEDIUM
CVE-2016-3856

netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR959631.

Published: August 06, 2016; 06:59:57 AM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2016-3855

drivers/thermal/supply_lm_core.c in the Qualcomm components in Android before 2016-08-05 does not validate a certain count parameter, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR990824.

Published: August 06, 2016; 06:59:56 AM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2016-3854

drivers/media/video/msm/msm_mctl_buf.c in the Qualcomm components in Android before 2016-08-05 does not validate the image mode, which allows attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via a crafted application, aka Qualcomm internal bug CR897326.

Published: August 06, 2016; 06:59:55 AM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2015-8944

The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka Android internal bug 28814213 and Qualcomm internal bug CR786116. NOTE: the permissions may be intentional in most non-Android contexts.

Published: August 06, 2016; 06:59:54 AM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-8943

drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815158 and Qualcomm internal bugs CR794217 and CR836226.

Published: August 06, 2016; 06:59:53 AM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2015-8942

drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814652 and Qualcomm internal bug CR803246.

Published: August 06, 2016; 06:59:52 AM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH