National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:google:android:2.2.2
There are 1,218 matching records.
Displaying matches 501 through 520.
Vuln ID Summary CVSS Severity
CVE-2014-9864

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747998 and Qualcomm internal bug CR561841.

Published: August 06, 2016; 06:59:02 AM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2014-9863

Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470.

Published: August 06, 2016; 06:59:00 AM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-3857

The kernel in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 28522518.

Published: August 05, 2016; 04:59:45 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-3853

Google Play services in Android before 2016-08-05 on Nexus devices allow local users to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 26803208.

Published: August 05, 2016; 04:59:44 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.9 MEDIUM
CVE-2016-3852

The MediaTek Wi-Fi driver in Android before 2016-08-05 on Android One devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 29141147 and MediaTek internal bug ALPS02751738.

Published: August 05, 2016; 04:59:44 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2016-3851

The LG Electronics bootloader Android before 2016-08-05 on Nexus 5X devices allows attackers to gain privileges by leveraging access to a privileged process, aka internal bug 29189941.

Published: August 05, 2016; 04:59:43 PM -04:00
V3.0: 8.1 HIGH
    V2: 9.3 HIGH
CVE-2016-3850

Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted header field in a boot image, aka Android internal bug 27917291 and Qualcomm internal bug CR945164.

Published: August 05, 2016; 04:59:41 PM -04:00
V3.0: 7.3 HIGH
    V2: 6.9 MEDIUM
CVE-2016-3849

The ION driver in Android before 2016-08-05 on Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28939740.

Published: August 05, 2016; 04:59:40 PM -04:00
V3.0: 7.8 HIGH
    V2: 6.9 MEDIUM
CVE-2016-3848

The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28919417.

Published: August 05, 2016; 04:59:39 PM -04:00
V3.0: 7.0 HIGH
    V2: 7.6 HIGH
CVE-2016-3847

The NVIDIA media driver in Android before 2016-08-05 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 28871433.

Published: August 05, 2016; 04:59:38 PM -04:00
V3.0: 7.8 HIGH
    V2: 6.9 MEDIUM
CVE-2016-3846

The Serial Peripheral Interface driver in Android before 2016-08-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 28817378.

Published: August 05, 2016; 04:59:37 PM -04:00
V3.0: 7.0 HIGH
    V2: 7.6 HIGH
CVE-2016-3845

The video driver in the kernel in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application, aka internal bug 28399876.

Published: August 05, 2016; 04:59:36 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-3844

mediaserver in Android before 2016-08-05 on Nexus 9 and Pixel C devices allows attackers to gain privileges via a crafted application, aka internal bug 28299517.

Published: August 05, 2016; 04:59:34 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-3843

Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance subsystem and the Qualcomm performance component, aka Android internal bugs 28086229 and 29119870 and Qualcomm internal bug CR1011071.

Published: August 05, 2016; 04:59:34 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-3842

The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28377352 and Qualcomm internal bug CR1002974.

Published: August 05, 2016; 04:59:32 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-3827

codecs/hevcdec/SoftHEVC.cpp in libstagefright in mediaserver in Android 6.0.1 before 2016-08-01 mishandles decoder errors, which allows remote attackers to cause a denial of service (device hang or reboot) via a crafted media file, aka internal bug 28816956.

Published: August 05, 2016; 04:59:16 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 7.1 HIGH
CVE-2016-2504

The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and Qualcomm internal bug CR1002974.

Published: August 05, 2016; 04:59:05 PM -04:00
V3.0: 7.8 HIGH
    V2: 6.9 MEDIUM
CVE-2014-9902

Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android internal bug 28668638 and Qualcomm internal bugs CR553937 and CR553941.

Published: August 05, 2016; 04:59:02 PM -04:00
V3.0: 9.8 CRITICAL
    V2: 10.0 HIGH
CVE-2014-9901

The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android internal bug 28670333 and Qualcomm internal bug CR548711.

Published: August 05, 2016; 04:59:00 PM -04:00
V3.0: 7.5 HIGH
    V2: 7.8 HIGH
CVE-2016-5267

Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set.

Published: August 04, 2016; 09:59:23 PM -04:00
V3.0: 5.3 MEDIUM
    V2: 4.3 MEDIUM