Information Technology Laboratory
National Vulnerability Database
National Vulnerability Database
NVD
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2015-9002 |
In TrustZone an out-of-range pointer offset vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. Published: May 16, 2017; 10:29:01 AM -0400 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
| CVE-2015-9001 |
In TrustZone an information exposure vulnerability can potentially occur in all Android releases from CAF using the Linux kernel. Published: May 16, 2017; 10:29:01 AM -0400 |
V3.0: 5.5 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2015-9000 |
In TrustZone an untrusted pointer dereference vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. Published: May 16, 2017; 10:29:00 AM -0400 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
| CVE-2015-8999 |
In TrustZone a buffer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel while loading an ELF file. Published: May 16, 2017; 10:29:00 AM -0400 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
| CVE-2015-8998 |
In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel. Published: May 16, 2017; 10:29:00 AM -0400 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
| CVE-2015-8997 |
In TrustZone a time-of-check time-of-use race condition could potentially exist in a listener routine in all Android releases from CAF using the Linux kernel. Published: May 16, 2017; 10:29:00 AM -0400 |
V3.0: 7.0 HIGH V2.0: 7.6 HIGH |
| CVE-2015-8996 |
In TrustZone a time-of-check time-of-use race condition could potentially exist in a QFPROM routine in all Android releases from CAF using the Linux kernel. Published: May 16, 2017; 10:29:00 AM -0400 |
V3.0: 7.0 HIGH V2.0: 7.6 HIGH |
| CVE-2015-8995 |
In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel. Published: May 16, 2017; 10:29:00 AM -0400 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
| CVE-2014-9937 |
In TrustZone a buffer overflow vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. Published: May 16, 2017; 10:29:00 AM -0400 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
| CVE-2014-9936 |
In TrustZone a time-of-check time-of-use race condition could potentially exist in an authentication routine in all Android releases from CAF using the Linux kernel. Published: May 16, 2017; 10:29:00 AM -0400 |
V3.0: 7.0 HIGH V2.0: 7.6 HIGH |
| CVE-2014-9935 |
In TrustZone an integer overflow vulnerability leading to a buffer overflow could potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. Published: May 16, 2017; 10:29:00 AM -0400 |
V3.0: 7.8 HIGH V2.0: 9.3 HIGH |
| CVE-2016-5267 |
Mozilla Firefox before 48.0 on Android allows remote attackers to spoof the address bar via left-to-right characters in conjunction with a right-to-left character set. Published: August 04, 2016; 9:59:23 PM -0400 |
V3.0: 5.3 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-4163 |
Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, and CVE-2016-4162. Published: June 16, 2016; 10:59:46 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2016-4162 |
Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4161, and CVE-2016-4163. Published: June 16, 2016; 10:59:44 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2016-4161 |
Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4160, CVE-2016-4162, and CVE-2016-4163. Published: June 16, 2016; 10:59:43 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2016-4160 |
Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4120, CVE-2016-4161, CVE-2016-4162, and CVE-2016-4163. Published: June 16, 2016; 10:59:43 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2016-4121 |
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1097, CVE-2016-1106, CVE-2016-1107, CVE-2016-1108, CVE-2016-1109, CVE-2016-1110, CVE-2016-4108, and CVE-2016-4110. Published: June 16, 2016; 10:59:01 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2016-4120 |
Adobe Flash Player before 18.0.0.352 and 19.x through 21.x before 21.0.0.242 on Windows and OS X and before 11.2.202.621 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1096, CVE-2016-1098, CVE-2016-1099, CVE-2016-1100, CVE-2016-1102, CVE-2016-1104, CVE-2016-4109, CVE-2016-4111, CVE-2016-4112, CVE-2016-4113, CVE-2016-4114, CVE-2016-4115, CVE-2016-4160, CVE-2016-4161, CVE-2016-4162, and CVE-2016-4163. Published: June 16, 2016; 10:59:00 AM -0400 |
V3.0: 9.8 CRITICAL V2.0: 7.5 HIGH |
| CVE-2016-1671 |
Google Chrome before 50.0.2661.102 on Android mishandles / (slash) and \ (backslash) characters, which allows attackers to conduct directory traversal attacks via a file: URL, related to net/base/escape.cc and net/base/filename_util.cc. Published: May 14, 2016; 5:59:11 PM -0400 |
V3.0: 8.1 HIGH V2.0: 6.8 MEDIUM |
| CVE-2016-2813 |
Mozilla Firefox before 46.0 on Android does not properly restrict JavaScript access to orientation and motion data, which allows remote attackers to obtain sensitive information about a device's physical environment, and possibly discover PIN values, via a crafted web site, a similar issue to CVE-2016-1780. Published: April 30, 2016; 1:59:11 PM -0400 |
V3.0: 6.5 MEDIUM V2.0: 4.3 MEDIUM |