National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/o:google:android:2.2.2
There are 628 matching records.
Displaying matches 61 through 80.
Vuln ID Summary CVSS Severity
CVE-2017-3749

On Lenovo VIBE mobile phones, the Idea Friend Android application allows private data to be backed up and restored via Android Debug Bridge, which allows tampering leading to privilege escalation in conjunction with CVE-2017-3748 and CVE-2017-3750.

Published: June 29, 2017; 11:29:00 AM -04:00
V3: 6.4 MEDIUM
V2: 6.9 MEDIUM
CVE-2017-3748

On Lenovo VIBE mobile phones, improper access controls on the nac_server component can be abused in conjunction with CVE-2017-3749 and CVE-2017-3750 to elevate privileges to the root user (commonly known as 'rooting' or "jail breaking" a device).

Published: June 29, 2017; 11:29:00 AM -04:00
V3: 7.8 HIGH
V2: 7.2 HIGH
CVE-2015-3840

The MessageStatusReceiver service in the AndroidManifest.XML in Android 5.1.1 and earlier allows local users to alter sent/received statuses of SMS and MMS messages without the associated "WRITE_SMS" permission.

Published: June 27, 2017; 04:29:00 PM -04:00
V3: 5.5 MEDIUM
V2: 2.1 LOW
CVE-2017-0625

An information disclosure vulnerability in the MediaTek command queue driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as High because it could be used to access sensitive data without explicit user permission. Product: Android. Versions: N/A. Android ID: A-35142799. References: M-ALPS03161531.

Published: May 12, 2017; 11:29:02 AM -04:00
V3: 5.5 MEDIUM
V2: 4.3 MEDIUM
CVE-2017-0620

An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-35401052. References: QC-CR#1081711.

Published: May 12, 2017; 11:29:02 AM -04:00
V3: 7.0 HIGH
V2: 7.6 HIGH
CVE-2017-0619

An elevation of privilege vulnerability in the Qualcomm pin controller driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10. Android ID: A-35401152. References: QC-CR#826566.

Published: May 12, 2017; 11:29:02 AM -04:00
V3: 7.0 HIGH
V2: 7.6 HIGH
CVE-2017-0618

An elevation of privilege vulnerability in the MediaTek command queue driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-35100728. References: M-ALPS03161536.

Published: May 12, 2017; 11:29:02 AM -04:00
V3: 7.0 HIGH
V2: 7.6 HIGH
CVE-2017-0617

An elevation of privilege vulnerability in the MediaTek video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34471002. References: M-ALPS03149173.

Published: May 12, 2017; 11:29:02 AM -04:00
V3: 7.0 HIGH
V2: 7.6 HIGH
CVE-2017-0616

An elevation of privilege vulnerability in the MediaTek system management interrupt driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34470286. References: M-ALPS03149160.

Published: May 12, 2017; 11:29:02 AM -04:00
V3: 7.0 HIGH
V2: 7.6 HIGH
CVE-2017-0615

An elevation of privilege vulnerability in the MediaTek power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34259126. References: M-ALPS03150278.

Published: May 12, 2017; 11:29:02 AM -04:00
V3: 7.0 HIGH
V2: 7.6 HIGH
CVE-2017-0604

An elevation of privilege vulnerability in the kernel Qualcomm power driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-35392981. References: QC-CR#826589.

Published: May 12, 2017; 11:29:01 AM -04:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2017-0465

An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-34112914. References: QC-CR#1110747.

Published: May 12, 2017; 11:29:00 AM -04:00
V3: 7.0 HIGH
V2: 7.6 HIGH
CVE-2016-10282

An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-33939045. References: M-ALPS03149189.

Published: May 12, 2017; 11:29:00 AM -04:00
V3: 7.0 HIGH
V2: 7.6 HIGH
CVE-2016-10281

An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175647. References: M-ALPS02696475.

Published: May 12, 2017; 11:29:00 AM -04:00
V3: 7.0 HIGH
V2: 7.6 HIGH
CVE-2016-10280

An elevation of privilege vulnerability in the MediaTek thermal driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-28175767. References: M-ALPS02696445.

Published: May 12, 2017; 11:29:00 AM -04:00
V3: 7.0 HIGH
V2: 7.6 HIGH
CVE-2016-10276

An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-32952839. References: QC-CR#1094105.

Published: May 12, 2017; 11:29:00 AM -04:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2016-10275

An elevation of privilege vulnerability in the Qualcomm bootloader could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-34514954. References: QC-CR#1009111.

Published: May 12, 2017; 11:29:00 AM -04:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2016-10274

An elevation of privilege vulnerability in the MediaTek touchscreen driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: N/A. Android ID: A-30202412. References: M-ALPS02897901.

Published: May 12, 2017; 11:29:00 AM -04:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2017-0331

An elevation of privilege vulnerability in the NVIDIA video driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel 3.10. Android ID: A-34113000. References: N-CVE-2017-0331.

Published: May 02, 2017; 05:59:00 PM -04:00
V3: 7.8 HIGH
V2: 9.3 HIGH
CVE-2015-9004

kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions.

Published: May 02, 2017; 05:59:00 PM -04:00
V3: 7.8 HIGH
V2: 9.3 HIGH