U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/o:google:android:2.2.2
There are 753 matching records.
Displaying matches 541 through 560.
Vuln ID Summary CVSS Severity
CVE-2016-2445

The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27253079.

Published: May 09, 2016; 6:59:23 AM -0400
V3.0: 7.0 HIGH
V2.0: 7.6 HIGH
CVE-2016-2444

The NVIDIA media driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27208332.

Published: May 09, 2016; 6:59:21 AM -0400
V3.0: 7.0 HIGH
V2.0: 7.6 HIGH
CVE-2016-2443

The Qualcomm MDP driver in Android before 2016-05-01 on Nexus 5 and Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka internal bug 26404525.

Published: May 09, 2016; 6:59:20 AM -0400
V3.0: 7.0 HIGH
V2.0: 7.6 HIGH
CVE-2016-2442

The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 26494907.

Published: May 09, 2016; 6:59:19 AM -0400
V3.0: 7.0 HIGH
V2.0: 7.6 HIGH
CVE-2016-2441

The Qualcomm buspm driver in Android before 2016-05-01 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka internal bug 26354602.

Published: May 09, 2016; 6:59:18 AM -0400
V3.0: 7.0 HIGH
V2.0: 7.6 HIGH
CVE-2016-2437

The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27436822.

Published: May 09, 2016; 6:59:14 AM -0400
V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-2436

The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27299111.

Published: May 09, 2016; 6:59:13 AM -0400
V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-2435

The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27297988.

Published: May 09, 2016; 6:59:11 AM -0400
V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-2434

The NVIDIA video driver in Android before 2016-05-01 on Nexus 9 devices allows attackers to gain privileges via a crafted application, aka internal bug 27251090.

Published: May 09, 2016; 6:59:10 AM -0400
V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-2432

The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 6 and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 25913059.

Published: May 09, 2016; 6:59:09 AM -0400
V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-2431

The Qualcomm TrustZone component in Android before 2016-05-01 on Nexus 5, Nexus 6, Nexus 7 (2013), and Android One devices allows attackers to gain privileges via a crafted application, aka internal bug 24968809.

Published: May 09, 2016; 6:59:08 AM -0400
V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-2060

server/TetherController.cpp in the tethering controller in netd, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate upstream interface names, which allows attackers to bypass intended access restrictions via a crafted application.

Published: May 09, 2016; 6:59:03 AM -0400
V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2016-2059

The msm_ipc_router_bind_control_port function in net/ipc_router/ipc_router_core.c in the IPC router kernel module for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify that a port is a client port, which allows attackers to gain privileges or cause a denial of service (race condition and list corruption) by making many BIND_CONTROL_PORT ioctl calls.

Published: May 05, 2016; 5:59:07 PM -0400
V3.1: 7.0 HIGH
V2.0: 4.4 MEDIUM
CVE-2016-2810

Mozilla Firefox before 46.0 on Android before 5.0 allows attackers to bypass intended Signature access requirements via a crafted application that leverages content-provider permissions, as demonstrated by reading the browser history or a saved password.

Published: April 30, 2016; 1:59:07 PM -0400
V3.0: 5.0 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-0774

The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805.

Published: April 27, 2016; 1:59:06 PM -0400
V3.0: 6.8 MEDIUM
V2.0: 5.6 MEDIUM
CVE-2015-8505

mediaserver in Android before 5.1.1 LMY48Z allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 17769851, a different vulnerability than CVE-2015-6616, CVE-2015-8506, and CVE-2015-8507.

Published: December 08, 2015; 6:59:19 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2015-6634

The display drivers in Android before 5.1.1 LMY48Z allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24163261.

Published: December 08, 2015; 6:59:18 PM -0500
V3.x:(not available)
V2.0: 9.3 HIGH
CVE-2015-6629

Wi-Fi in Android 5.x before 5.1.1 LMY48Z allows attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 22667667.

Published: December 08, 2015; 6:59:14 PM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-7190

The Search feature in Mozilla Firefox before 42.0 on Android through 4.4 supports search-engine URL registration through an intent and can access this URL in a privileged context in conjunction with the crash reporter, which allows attackers to read log files and visit file: URLs of HTML documents via a crafted application.

Published: November 05, 2015; 12:59:14 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-8074

mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23540907 and 23515142, a different vulnerability than CVE-2015-6611.

Published: November 03, 2015; 6:59:10 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM