National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:google:android:2.2.2
There are 1,226 matching records.
Displaying matches 561 through 580.
Vuln ID Summary CVSS Severity
CVE-2016-3767

The MediaTek Wi-Fi driver in Android before 2016-07-05 on Android One devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28169363 and MediaTek internal bug ALPS02689526.

Published: July 10, 2016; 10:00:08 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-2505

mpeg2ts/ATSParser.cpp in libstagefright in mediaserver in Android 6.x before 2016-07-01 does not validate a certain section length, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28333006.

Published: July 10, 2016; 09:59:37 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-2503

The Qualcomm GPU driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28084795 and Qualcomm internal bug CR1006067.

Published: July 10, 2016; 09:59:36 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-2502

drivers/usb/gadget/f_serial.c in the Qualcomm USB driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a large size in a GSER_IOCTL ioctl call, aka Android internal bug 27657963 and Qualcomm internal bug CR997044.

Published: July 10, 2016; 09:59:35 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-2501

The Qualcomm camera driver in Android before 2016-07-05 on Nexus 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 27890772 and Qualcomm internal bug CR1001092.

Published: July 10, 2016; 09:59:34 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-2068

The MSM QDSP6 audio driver (aka sound driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (integer overflow, and buffer overflow or buffer over-read) via a crafted application that performs a (1) AUDIO_EFFECTS_WRITE or (2) AUDIO_EFFECTS_READ operation, aka Qualcomm internal bug CR1006609.

Published: July 10, 2016; 09:59:33 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2016-2067

drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, mishandles the KGSL_MEMFLAGS_GPUREADONLY flag, which allows attackers to gain privileges by leveraging accidental read-write mappings, aka Qualcomm internal bug CR988993.

Published: July 10, 2016; 09:59:32 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2015-8893

app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal bug 28822690 and Qualcomm internal bug CR822275.

Published: July 10, 2016; 09:59:31 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-8892

platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug 28822807 and Qualcomm internal bug CR902998.

Published: July 10, 2016; 09:59:30 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2015-8891

Multiple integer overflows in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to bypass intended access restrictions via a crafted image, aka Android internal bug 28842418 and Qualcomm internal bug CR813930.

Published: July 10, 2016; 09:59:29 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2015-8890

platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows attackers to bypass intended access restrictions via a crafted MultiMediaCard (MMC), aka Android internal bug 28822878 and Qualcomm internal bug CR823461.

Published: July 10, 2016; 09:59:28 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2015-8889

The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm internal bug CR804067.

Published: July 10, 2016; 09:59:27 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2015-8888

Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and block size of a sparse header, aka Android internal bug 28822465 and Qualcomm internal bug CR813933.

Published: July 10, 2016; 09:59:25 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2014-9803

arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28557020.

Published: July 10, 2016; 09:59:24 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2014-9802

Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28821965 and Qualcomm internal bug CR705108.

Published: July 10, 2016; 09:59:23 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2014-9801

Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28822060 and Qualcomm internal bug CR705078.

Published: July 10, 2016; 09:59:22 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2014-9800

Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28822150 and Qualcomm internal bug CR692478.

Published: July 10, 2016; 09:59:21 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2014-9799

The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that leverages incorrect compiler optimization of an integer-overflow protection mechanism, aka Android internal bug 28821731 and Qualcomm internal bug CR691916.

Published: July 10, 2016; 09:59:20 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2014-9798

platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service (OS outage) via a crafted application, aka Android internal bug 28821448 and Qualcomm internal bug CR681965.

Published: July 10, 2016; 09:59:19 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 7.1 HIGH
CVE-2014-9796

app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass intended access restrictions via a crafted boot image, aka Android internal bug 28820722 and Qualcomm internal bug CR684756.

Published: July 10, 2016; 09:59:18 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH