CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
801 CVE-2014-9876 189 +Priv 2016-08-06 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28767796 and Qualcomm internal bug CR483408.
802 CVE-2014-9875 264 +Priv 2016-08-06 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal bug 28767589 and Qualcomm internal bug CR483310.
803 CVE-2014-9874 119 Overflow +Priv 2016-08-06 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audio_utils.c and sound/soc/msm/qdsp6v2/q6asm.c, aka Android internal bug 28751152 and Qualcomm internal bug CR563086.
804 CVE-2014-9873 264 +Priv +Info 2016-08-06 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm internal bug CR556860.
805 CVE-2014-9872 20 +Priv 2016-08-06 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug CR590721.
806 CVE-2014-9871 119 Overflow +Priv 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28749803 and Qualcomm internal bug CR514717.
807 CVE-2014-9870 264 +Priv 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal bug 28749743 and Qualcomm internal bug CR561044.
808 CVE-2014-9869 264 +Priv 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749728 and Qualcomm internal bug CR514711.
809 CVE-2014-9868 264 +Priv 2016-08-06 2016-11-28
6.9
None Local Medium Not required Complete Complete Complete
drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted mask value, aka Android internal bug 28749721 and Qualcomm internal bug CR511976.
810 CVE-2014-9867 264 +Priv 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749629 and Qualcomm internal bug CR514702.
811 CVE-2014-9866 20 +Priv 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747684 and Qualcomm internal bug CR511358.
812 CVE-2014-9865 284 +Priv 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28748271 and Qualcomm internal bug CR550013.
813 CVE-2014-9864 20 +Priv 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747998 and Qualcomm internal bug CR561841.
814 CVE-2014-9863 190 +Priv +Info 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470.
815 CVE-2014-9803 19 +Priv 2016-07-10 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28557020.
816 CVE-2014-9802 264 Overflow +Priv 2016-07-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28821965 and Qualcomm internal bug CR705108.
817 CVE-2014-9801 189 Overflow +Priv 2016-07-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28822060 and Qualcomm internal bug CR705078.
818 CVE-2014-9800 264 Overflow +Priv 2016-07-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28822150 and Qualcomm internal bug CR692478.
819 CVE-2014-9799 264 Overflow +Priv 2016-07-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that leverages incorrect compiler optimization of an integer-overflow protection mechanism, aka Android internal bug 28821731 and Qualcomm internal bug CR691916.
820 CVE-2014-9798 284 DoS 2016-07-10 2016-07-11
7.1
None Remote Medium Not required None None Complete
platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service (OS outage) via a crafted application, aka Android internal bug 28821448 and Qualcomm internal bug CR681965.
821 CVE-2014-9796 264 Bypass 2016-07-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass intended access restrictions via a crafted boot image, aka Android internal bug 28820722 and Qualcomm internal bug CR684756.
822 CVE-2014-9795 189 Overflow Bypass 2016-07-10 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size values, aka Android internal bug 28820720 and Qualcomm internal bug CR681957, a related issue to CVE-2014-4325.
823 CVE-2014-9793 254 +Priv 2016-07-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28821253 and Qualcomm internal bug CR580567.
824 CVE-2014-9792 189 +Priv 2016-07-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769399 and Qualcomm internal bug CR550606.
825 CVE-2014-9790 264 +Priv 2016-07-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate pointers used in read and write operations, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769136 and Qualcomm internal bug CR545716.
826 CVE-2014-9789 264 +Priv 2016-07-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749392 and Qualcomm internal bug CR556425.
827 CVE-2014-9788 119 Overflow +Priv 2016-07-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the voice drivers in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28573112 and Qualcomm internal bug CR548872.
828 CVE-2014-9787 189 Overflow +Priv 2016-07-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28571496 and Qualcomm internal bug CR545764.
829 CVE-2014-9786 119 Overflow +Priv 2016-07-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28557260 and Qualcomm internal bug CR545979.
830 CVE-2014-9785 264 +Priv 2016-07-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate addresses before copying data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28469042 and Qualcomm internal bug CR545747.
831 CVE-2014-9784 119 Overflow +Priv 2016-07-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28442449 and Qualcomm internal bug CR585147.
832 CVE-2014-9783 264 +Priv 2016-07-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28441831 and Qualcomm internal bug CR511382.
833 CVE-2014-9782 264 +Priv 2016-07-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28431531 and Qualcomm internal bug CR511349.
834 CVE-2014-9781 119 Overflow +Priv 2016-07-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in drivers/video/fbcmap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28410333 and Qualcomm internal bug CR556471.
835 CVE-2014-9780 264 +Priv 2016-07-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5, 5X, and 6P devices does not validate start and length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28602014 and Qualcomm internal bug CR542222.
836 CVE-2014-9779 264 +Info 2016-07-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to obtain sensitive information from kernel memory via a crafted offset, aka Android internal bug 28598347 and Qualcomm internal bug CR548679.
837 CVE-2014-9778 119 Overflow +Priv 2016-07-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598515 and Qualcomm internal bug CR563694.
838 CVE-2014-9777 119 Overflow +Priv 2016-07-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598501 and Qualcomm internal bug CR563654.
839 CVE-2014-9322 264 1 +Priv 2014-12-17 2016-08-22
7.2
User Local Low Not required Complete Complete Complete
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by triggering an IRET instruction that leads to access to a GS Base address from the wrong space.
840 CVE-2014-8610 264 2014-12-15 2014-12-16
3.3
None Local Medium Not required Partial Partial None
AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitrary new draft SMS messages or trigger additional per-message charges from a network operator for old messages, via a crafted application that broadcasts an intent with the com.android.mms.transaction.MESSAGE_SENT action, aka Bug 17671795.
841 CVE-2014-8609 264 2014-12-15 2014-12-16
7.2
Admin Local Low Not required Complete Complete Complete
The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers to use the SYSTEM uid for broadcasting an intent with arbitrary component, action, or category information via a third-party authenticator in a crafted application, aka Bug 17356824.
842 CVE-2014-8507 89 Exec Code Sql 2014-12-15 2015-08-06
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135.
843 CVE-2014-7921 264 +Priv 2017-04-13 2017-04-20
10.0
None Remote Low Not required Complete Complete Complete
mediaserver in Android 4.0.3 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7920.
844 CVE-2014-7920 264 +Priv 2017-04-13 2017-04-20
10.0
None Remote Low Not required Complete Complete Complete
mediaserver in Android 2.2 through 5.x before 5.1 allows attackers to gain privileges. NOTE: This is a different vulnerability than CVE-2014-7921.
845 CVE-2014-7917 189 Overflow 2015-09-30 2015-10-01
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342615.
846 CVE-2014-7916 189 Overflow 2015-09-30 2015-10-01
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15342751.
847 CVE-2014-7915 189 Overflow 2015-09-30 2015-10-01
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in SampleTable.cpp in libstagefright in Android before 5.0.0 has unspecified impact and attack vectors, aka internal bug 15328708.
848 CVE-2014-7911 264 Exec Code 2014-12-15 2014-12-16
7.2
None Local Low Not required Complete Complete Complete
luni/src/main/java/java/io/ObjectInputStream.java in the java.io.ObjectInputStream implementation in Android before 5.0.0 does not verify that deserialization will result in an object that met the requirements for serialization, which allows attackers to execute arbitrary code via a crafted finalize method for a serialized object in an ArrayMap Parcel within an intent sent to system_service, as demonstrated by the finalize method of android.os.BinderProxy, aka Bug 15874291.
849 CVE-2014-6060 399 DoS 2014-09-04 2016-06-23
3.3
None Local Network Low Not required None None Partial
The get_option function in dhcpcd 4.0.0 through 6.x before 6.4.3 allows remote DHCP servers to cause a denial of service by resetting the DHO_OPTIONSOVERLOADED option in the (1) bootfile or (2) servername section, which triggers the option to be processed again.
850 CVE-2014-3100 119 Exec Code Overflow Bypass +Info 2014-07-02 2015-10-08
5.1
None Remote High Not required Partial Partial Partial
Stack-based buffer overflow in the encode_key function in /system/bin/keystore in the KeyStore service in Android 4.3 allows attackers to execute arbitrary code, and consequently obtain sensitive key information or bypass intended restrictions on cryptographic operations, via a long key name.
Total number of vulnerabilities : 884   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 (This Page)18
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.