CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
12001 CVE-2014-9871 119 Overflow +Priv 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28749803 and Qualcomm internal bug CR514717.
12002 CVE-2014-9887 264 +Priv 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804057 and Qualcomm internal bug CR636633.
12003 CVE-2014-9890 264 +Priv 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that sends an I2C command, aka Android internal bug 28770207 and Qualcomm internal bug CR529177.
12004 CVE-2014-9891 264 +Priv 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl call, aka Android internal bug 28749283 and Qualcomm internal bug CR550061.
12005 CVE-2014-9909 264 Exec Code 2017-01-18 2017-01-19
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31676542. References: B-RB#26684.
12006 CVE-2014-9922 264 +Priv 2017-04-04 2017-07-10
9.3
None Remote Medium Not required Complete Complete Complete
The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.
12007 CVE-2014-9923 119 Overflow 2017-06-06 2017-06-09
9.3
None Remote Medium Not required Complete Complete Complete
In NAS in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
12008 CVE-2014-9924 189 2017-06-06 2017-06-09
9.3
None Remote Medium Not required Complete Complete Complete
In 1x in all Android releases from CAF using the Linux kernel, a Signed to Unsigned Conversion Error could potentially occur.
12009 CVE-2014-9925 119 Overflow 2017-06-06 2017-06-09
9.3
None Remote Medium Not required Complete Complete Complete
In HDR in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
12010 CVE-2014-9926 416 2017-06-06 2017-06-09
9.3
None Remote Medium Not required Complete Complete Complete
In GNSS in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.
12011 CVE-2014-9927 119 Overflow 2017-06-06 2017-06-09
9.3
None Remote Medium Not required Complete Complete Complete
In UIM in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
12012 CVE-2014-9928 119 Overflow 2017-06-06 2017-06-09
9.3
None Remote Medium Not required Complete Complete Complete
In GERAN in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
12013 CVE-2014-9929 119 Overflow 2017-06-06 2017-06-09
9.3
None Remote Medium Not required Complete Complete Complete
In WCDMA in all Android releases from CAF using the Linux kernel, a Use of Out-of-range Pointer Offset vulnerability could potentially exist.
12014 CVE-2014-9930 416 2017-06-06 2017-06-09
9.3
None Remote Medium Not required Complete Complete Complete
In WCDMA in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.
12015 CVE-2014-9931 119 Overflow 2017-05-16 2017-07-10
9.3
None Remote Medium Not required Complete Complete Complete
A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value.
12016 CVE-2014-9932 190 Overflow 2017-05-16 2017-07-10
9.3
None Remote Medium Not required Complete Complete Complete
In TrustZone, an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel due to an improper address range computation.
12017 CVE-2014-9933 20 2017-05-16 2017-07-10
9.3
None Remote Medium Not required Complete Complete Complete
Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access.
12018 CVE-2014-9934 347 2017-05-16 2017-07-10
9.3
None Remote Medium Not required Complete Complete Complete
A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding.
12019 CVE-2014-9935 190 Overflow 2017-05-16 2017-07-10
9.3
None Remote Medium Not required Complete Complete Complete
In TrustZone an integer overflow vulnerability leading to a buffer overflow could potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.
12020 CVE-2014-9937 119 Overflow 2017-05-16 2017-07-10
9.3
None Remote Medium Not required Complete Complete Complete
In TrustZone a buffer overflow vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.
12021 CVE-2014-9942 665 2017-06-06 2017-06-09
9.3
None Remote Medium Not required Complete Complete Complete
In Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vulnerability could potentially exist.
12022 CVE-2014-9943 476 2017-06-06 2017-06-09
9.3
None Remote Medium Not required Complete Complete Complete
In Core Kernel in all Android releases from CAF using the Linux kernel, a Null Pointer Dereference vulnerability could potentially exist.
12023 CVE-2014-9944 190 Overflow 2017-06-06 2017-06-09
9.3
None Remote Medium Not required Complete Complete Complete
In the Secure File System in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist.
12024 CVE-2014-9945 285 2017-06-06 2017-06-08
9.3
None Remote Medium Not required Complete Complete Complete
In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.
12025 CVE-2014-9946 416 2017-06-06 2017-06-09
9.3
None Remote Medium Not required Complete Complete Complete
In Core Kernel in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.
12026 CVE-2014-9948 129 2017-06-06 2017-06-08
9.3
None Remote Medium Not required Complete Complete Complete
In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Validation of Array Index vulnerability could potentially exist.
12027 CVE-2014-9949 476 2017-06-06 2017-06-08
9.3
None Remote Medium Not required Complete Complete Complete
In TrustZone in all Android releases from CAF using the Linux kernel, an Untrusted Pointer Dereference vulnerability could potentially exist.
12028 CVE-2014-9950 285 2017-06-06 2017-06-09
9.3
None Remote Medium Not required Complete Complete Complete
In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist.
12029 CVE-2014-9952 287 2017-06-06 2017-06-09
9.3
None Remote Medium Not required Complete Complete Complete
In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist.
12030 CVE-2014-9960 119 Overflow 2017-06-13 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API.
12031 CVE-2014-9961 284 Bypass 2017-06-13 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection.
12032 CVE-2014-9962 20 2017-06-13 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of a DRM provisioning command.
12033 CVE-2014-9963 119 Overflow 2017-06-13 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WideVine DRM.
12034 CVE-2014-9964 190 Overflow 2017-06-13 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in debug functionality.
12035 CVE-2014-9965 20 2017-06-13 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of an SCM call.
12036 CVE-2014-9967 476 2017-06-13 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.
12037 CVE-2015-0016 22 1 +Priv Dir. Trav. 2015-01-13 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability."
12038 CVE-2015-0017 399 DoS Exec Code Mem. Corr. 2015-02-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041.
12039 CVE-2015-0018 399 DoS Exec Code Mem. Corr. 2015-02-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0037, CVE-2015-0040, and CVE-2015-0066.
12040 CVE-2015-0019 399 DoS Exec Code Mem. Corr. 2015-02-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
12041 CVE-2015-0020 399 DoS Exec Code Mem. Corr. 2015-02-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0022, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041.
12042 CVE-2015-0021 399 DoS Exec Code Mem. Corr. 2015-02-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
12043 CVE-2015-0022 399 DoS Exec Code Mem. Corr. 2015-02-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0026, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041.
12044 CVE-2015-0023 399 DoS Exec Code Mem. Corr. 2015-02-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0025.
12045 CVE-2015-0025 399 DoS Exec Code Mem. Corr. 2015-02-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0023.
12046 CVE-2015-0026 399 DoS Exec Code Mem. Corr. 2015-02-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0030, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041.
12047 CVE-2015-0027 399 DoS Exec Code Mem. Corr. 2015-02-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0035, CVE-2015-0039, CVE-2015-0052, and CVE-2015-0068.
12048 CVE-2015-0028 399 DoS Exec Code Mem. Corr. 2015-02-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0048.
12049 CVE-2015-0029 399 DoS Exec Code Mem. Corr. 2015-02-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
12050 CVE-2015-0030 399 DoS Exec Code Mem. Corr. 2015-02-10 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-0017, CVE-2015-0020, CVE-2015-0022, CVE-2015-0026, CVE-2015-0031, CVE-2015-0036, and CVE-2015-0041.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.