National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:google:android:2.2.2
There are 1,226 matching records.
Displaying matches 481 through 500.
Vuln ID Summary CVSS Severity
CVE-2014-9893

drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28747914 and Qualcomm internal bug CR542223.

Published: August 06, 2016; 06:59:37 AM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2014-9892

The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717.

Published: August 06, 2016; 06:59:35 AM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2014-9891

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl call, aka Android internal bug 28749283 and Qualcomm internal bug CR550061.

Published: August 06, 2016; 06:59:34 AM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2014-9890

Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that sends an I2C command, aka Android internal bug 28770207 and Qualcomm internal bug CR529177.

Published: August 06, 2016; 06:59:33 AM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2014-9889

drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803645 and Qualcomm internal bug CR674712.

Published: August 06, 2016; 06:59:32 AM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2014-9887

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804057 and Qualcomm internal bug CR636633.

Published: August 06, 2016; 06:59:30 AM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2014-9886

arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815575 and Qualcomm internal bug CR555030.

Published: August 06, 2016; 06:59:29 AM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2014-9885

Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug 28769959 and Qualcomm internal bug CR562261.

Published: August 06, 2016; 06:59:28 AM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2014-9884

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769920 and Qualcomm internal bug CR580740.

Published: August 06, 2016; 06:59:27 AM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2014-9883

Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28769912 and Qualcomm internal bug CR565160.

Published: August 06, 2016; 06:59:25 AM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2014-9882

Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546 and Qualcomm internal bug CR552329.

Published: August 06, 2016; 06:59:24 AM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2014-9881

drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application, aka Android internal bug 28769368 and Qualcomm internal bug CR539008.

Published: August 06, 2016; 06:59:23 AM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2014-9880

drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769352 and Qualcomm internal bug CR556356.

Published: August 06, 2016; 06:59:22 AM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2014-9879

The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221 and Qualcomm internal bug CR524490.

Published: August 06, 2016; 06:59:21 AM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2014-9878

drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769208 and Qualcomm internal bug CR547479.

Published: August 06, 2016; 06:59:20 AM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2014-9877

drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28768281 and Qualcomm internal bug CR547231.

Published: August 06, 2016; 06:59:19 AM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2014-9876

drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28767796 and Qualcomm internal bug CR483408.

Published: August 06, 2016; 06:59:17 AM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2014-9875

drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal bug 28767589 and Qualcomm internal bug CR483310.

Published: August 06, 2016; 06:59:16 AM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2014-9874

Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audio_utils.c and sound/soc/msm/qdsp6v2/q6asm.c, aka Android internal bug 28751152 and Qualcomm internal bug CR563086.

Published: August 06, 2016; 06:59:15 AM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM
CVE-2014-9873

Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm internal bug CR556860.

Published: August 06, 2016; 06:59:14 AM -04:00
V3.0: 7.8 HIGH
    V2: 6.8 MEDIUM