National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:google:android:2.2.2
There are 1,218 matching records.
Displaying matches 561 through 580.
Vuln ID Summary CVSS Severity
CVE-2015-8892

platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug 28822807 and Qualcomm internal bug CR902998.

Published: July 10, 2016; 09:59:30 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2015-8891

Multiple integer overflows in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to bypass intended access restrictions via a crafted image, aka Android internal bug 28842418 and Qualcomm internal bug CR813930.

Published: July 10, 2016; 09:59:29 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2015-8890

platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows attackers to bypass intended access restrictions via a crafted MultiMediaCard (MMC), aka Android internal bug 28822878 and Qualcomm internal bug CR823461.

Published: July 10, 2016; 09:59:28 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2015-8889

The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm internal bug CR804067.

Published: July 10, 2016; 09:59:27 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2015-8888

Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and block size of a sparse header, aka Android internal bug 28822465 and Qualcomm internal bug CR813933.

Published: July 10, 2016; 09:59:25 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2014-9803

arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28557020.

Published: July 10, 2016; 09:59:24 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2014-9802

Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28821965 and Qualcomm internal bug CR705108.

Published: July 10, 2016; 09:59:23 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2014-9801

Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28822060 and Qualcomm internal bug CR705078.

Published: July 10, 2016; 09:59:22 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2014-9800

Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28822150 and Qualcomm internal bug CR692478.

Published: July 10, 2016; 09:59:21 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2014-9799

The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that leverages incorrect compiler optimization of an integer-overflow protection mechanism, aka Android internal bug 28821731 and Qualcomm internal bug CR691916.

Published: July 10, 2016; 09:59:20 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2014-9798

platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service (OS outage) via a crafted application, aka Android internal bug 28821448 and Qualcomm internal bug CR681965.

Published: July 10, 2016; 09:59:19 PM -04:00
V3.0: 5.5 MEDIUM
    V2: 7.1 HIGH
CVE-2014-9796

app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass intended access restrictions via a crafted boot image, aka Android internal bug 28820722 and Qualcomm internal bug CR684756.

Published: July 10, 2016; 09:59:18 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2014-9795

app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size values, aka Android internal bug 28820720 and Qualcomm internal bug CR681957, a related issue to CVE-2014-4325.

Published: July 10, 2016; 09:59:17 PM -04:00
V3.0: 7.8 HIGH
    V2: 10.0 HIGH
CVE-2014-9793

platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28821253 and Qualcomm internal bug CR580567.

Published: July 10, 2016; 09:59:16 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2014-9792

arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769399 and Qualcomm internal bug CR550606.

Published: July 10, 2016; 09:59:15 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2014-9790

drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate pointers used in read and write operations, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769136 and Qualcomm internal bug CR545716.

Published: July 10, 2016; 09:59:14 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2014-9789

The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749392 and Qualcomm internal bug CR556425.

Published: July 10, 2016; 09:59:13 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2014-9788

Multiple buffer overflows in the voice drivers in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28573112 and Qualcomm internal bug CR548872.

Published: July 10, 2016; 09:59:12 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2014-9787

Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28571496 and Qualcomm internal bug CR545764.

Published: July 10, 2016; 09:59:11 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH
CVE-2014-9786

Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28557260 and Qualcomm internal bug CR545979.

Published: July 10, 2016; 09:59:10 PM -04:00
V3.0: 7.8 HIGH
    V2: 9.3 HIGH