# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2011-2344 |
310 |
|
+Priv |
2011-07-08 |
2011-07-08 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Android Picasa in Android 3.0 and 2.x through 2.3.4 uses a cleartext HTTP session when transmitting the authToken obtained from ClientLogin, which allows remote attackers to gain privileges and access private pictures and web albums by sniffing the token from connections with picasaweb.google.com. |
2 |
CVE-2013-7457 |
|
|
+Priv |
2016-07-10 |
2016-07-11 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers to gain privileges via a crafted application. |
3 |
CVE-2014-7915 |
189 |
|
Overflow |
2015-09-30 |
2015-10-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15328708. |
4 |
CVE-2014-7916 |
189 |
|
Overflow |
2015-09-30 |
2015-10-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751. |
5 |
CVE-2014-7917 |
189 |
|
Overflow |
2015-09-30 |
2015-10-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342615. |
6 |
CVE-2014-7920 |
264 |
|
+Priv |
2017-04-13 |
2017-04-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921. |
7 |
CVE-2014-7921 |
264 |
|
+Priv |
2017-04-13 |
2017-04-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920. |
8 |
CVE-2014-9411 |
118 |
|
|
2017-08-18 |
2017-08-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection. |
9 |
CVE-2014-9795 |
189 |
|
Overflow Bypass |
2016-07-10 |
2016-11-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size values, aka Android internal bug 28820720 and Qualcomm internal bug CR681957, a related issue to CVE-2014-4325. |
10 |
CVE-2014-9902 |
119 |
|
Exec Code Overflow |
2016-08-05 |
2016-11-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android internal bug 28668638 and Qualcomm internal bugs CR553937 and CR553941. |
11 |
CVE-2014-9968 |
119 |
|
Overflow |
2017-08-18 |
2017-08-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface. |
12 |
CVE-2014-9969 |
327 |
|
|
2017-08-18 |
2017-08-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm. |
13 |
CVE-2014-9971 |
20 |
|
|
2017-08-18 |
2018-04-06 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow. |
14 |
CVE-2014-9972 |
476 |
|
|
2017-08-18 |
2018-04-06 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition. |
15 |
CVE-2014-9973 |
119 |
|
Overflow |
2017-08-18 |
2017-08-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine. |
16 |
CVE-2014-9974 |
119 |
|
Overflow |
2017-08-18 |
2017-08-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths was missing in Keymaster. |
17 |
CVE-2014-9975 |
326 |
|
|
2017-08-18 |
2017-08-23 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption. |
18 |
CVE-2014-9976 |
119 |
|
Overflow |
2017-08-18 |
2018-04-06 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. |
19 |
CVE-2014-9977 |
119 |
|
Overflow |
2017-08-18 |
2017-08-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in PlayReady DRM. |
20 |
CVE-2014-9978 |
119 |
|
Overflow |
2017-08-18 |
2017-08-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE service. |
21 |
CVE-2014-9979 |
119 |
|
Overflow |
2017-08-18 |
2017-08-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In all Qualcomm products with Android releases from CAF using the Linux kernel, a variable is uninitialized in a TrustZone system call potentially leading to the compromise of secure memory. |
22 |
CVE-2014-9980 |
119 |
|
Overflow |
2017-08-18 |
2017-08-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In all Qualcomm products with Android releases from CAF using the Linux kernel, a Sample App failed to check a length potentially leading to unauthorized access to secure memory. |
23 |
CVE-2014-9981 |
119 |
|
Overflow |
2017-08-18 |
2018-04-06 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot. |
24 |
CVE-2015-0574 |
20 |
|
|
2017-08-18 |
2018-04-06 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In all Qualcomm products with Android releases from CAF using the Linux kernel, the validation of filesystem access was insufficient. |
25 |
CVE-2015-0575 |
326 |
|
|
2017-08-18 |
2017-08-21 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration. |
26 |
CVE-2015-1474 |
189 |
|
DoS Overflow +Priv Mem. Corr. |
2015-02-15 |
2017-09-28 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple integer overflows in the GraphicBuffer::unflatten function in platform/frameworks/native/libs/ui/GraphicBuffer.cpp in Android through 5.0 allow attackers to gain privileges or cause a denial of service (memory corruption) via vectors that trigger a large number of (1) file descriptors or (2) integer values. |
27 |
CVE-2015-1538 |
189 |
|
Exec Code Overflow |
2015-09-30 |
2017-09-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Integer overflow in the SampleTable::setSampleToChunkParams function in SampleTable.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code via crafted atoms in MP4 data that trigger an unchecked multiplication, aka internal bug 20139950, a related issue to CVE-2015-4496. |
28 |
CVE-2015-1539 |
189 |
|
Exec Code |
2015-09-30 |
2017-09-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple integer underflows in the ESDS::parseESDescriptor function in ESDS.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via crafted ESDS atoms, aka internal bug 20139950, a related issue to CVE-2015-4493. |
29 |
CVE-2015-3100 |
119 |
|
Exec Code Overflow |
2015-06-09 |
2016-12-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Stack-based buffer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors. |
30 |
CVE-2015-3103 |
|
|
Exec Code |
2015-06-09 |
2016-12-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3106 and CVE-2015-3107. |
31 |
CVE-2015-3104 |
189 |
|
Exec Code Overflow |
2015-06-09 |
2016-12-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Integer overflow in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors. |
32 |
CVE-2015-3105 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-06-09 |
2016-12-30 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. |
33 |
CVE-2015-3106 |
|
|
Exec Code |
2015-06-09 |
2017-09-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3107. |
34 |
CVE-2015-3107 |
416 |
|
Exec Code |
2015-06-09 |
2017-09-16 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3106. |
35 |
CVE-2015-3823 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-06 |
2015-10-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 21335999. |
36 |
CVE-2015-3824 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-09-30 |
2017-09-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not properly restrict size addition, which allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via a crafted MPEG-4 tx3g atom, aka internal bug 20923261. |
37 |
CVE-2015-3828 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-09-30 |
2017-09-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The MPEG4Extractor::parse3GPPMetaData function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I does not enforce a minimum size for UTF-16 strings containing a Byte Order Mark (BOM), which allows remote attackers to execute arbitrary code or cause a denial of service (integer underflow and memory corruption) via crafted 3GPP metadata, aka internal bug 20923261, a related issue to CVE-2015-3826. |
38 |
CVE-2015-3829 |
189 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-09-30 |
2017-09-20 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Off-by-one error in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allows remote attackers to execute arbitrary code or cause a denial of service (integer overflow and memory corruption) via crafted MPEG-4 covr atoms with a size equal to SIZE_MAX, aka internal bug 20923261. |
39 |
CVE-2015-3832 |
119 |
|
Exec Code Overflow |
2015-09-30 |
2015-10-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple buffer overflows in MPEG4Extractor.cpp in libstagefright in Android before 5.1.1 LMY48I allow remote attackers to execute arbitrary code via invalid size values of NAL units in MP4 data, aka internal bug 19641538. |
40 |
CVE-2015-3834 |
189 |
|
Exec Code Overflow |
2015-09-30 |
2015-10-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple integer overflows in the BnHDCP::onTransact function in media/libmedia/IHDCP.cpp in libstagefright in Android before 5.1.1 LMY48I allow attackers to execute arbitrary code via a crafted application that uses HDCP encryption, leading to a heap-based buffer overflow, aka internal bug 20222489. |
41 |
CVE-2015-3836 |
189 |
|
DoS Exec Code Overflow |
2015-09-30 |
2015-10-01 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The Parse_wave function in arm-wt-22k/lib_src/eas_mdls.c in the Sonivox DLS-to-EAS converter in Android before 5.1.1 LMY48I does not reject a negative value for a certain size field, which allows remote attackers to execute arbitrary code or cause a denial of service (buffer overflow) via crafted XMF data, aka internal bug 21132860. |
42 |
CVE-2015-3864 |
189 |
|
Exec Code |
2015-09-30 |
2017-09-15 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3824. |
43 |
CVE-2015-3867 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-06 |
2015-10-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23213430. |
44 |
CVE-2015-3868 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-06 |
2016-12-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23270724. |
45 |
CVE-2015-3869 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-06 |
2015-10-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23036083. |
46 |
CVE-2015-3870 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-06 |
2015-10-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 22771132. |
47 |
CVE-2015-3871 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-06 |
2015-10-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23031033. |
48 |
CVE-2015-3872 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-06 |
2015-10-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23346388. |
49 |
CVE-2015-3873 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-06 |
2015-10-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
libstagefright in Android before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23016072, 23248776, 23247055, 22845824, 22008959, 21814993, 21048776, 20718524, 20674674, 22388975, 20674086, 21443020, and 22077698, a different vulnerability than CVE-2015-7716. |
50 |
CVE-2015-3874 |
119 |
|
DoS Exec Code Overflow Mem. Corr. |
2015-10-06 |
2015-10-07 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The Sonivox components in Android before 5.1.1 LMY48T allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 23335715, 23307276, and 23286323. |