CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
901 CVE-2016-0806 264 +Priv 2016-02-06 2016-03-16
7.2
None Local Low Not required Complete Complete Complete
The Qualcomm Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25344453.
902 CVE-2016-0805 264 +Priv 2016-02-06 2016-03-11
7.2
None Local Low Not required Complete Complete Complete
The performance event manager for Qualcomm ARM processors in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows attackers to gain privileges via a crafted application, aka internal bug 25773204.
903 CVE-2016-0804 119 DoS Exec Code Overflow Mem. Corr. 2016-02-06 2016-03-14
10.0
None Remote Low Not required Complete Complete Complete
The NuPlayer::GenericSource::notifyPreparedAndCleanup function in media/libmediaplayerservice/nuplayer/GenericSource.cpp in mediaserver in Android 5.x before 5.1.1 LMY49G and 6.x before 2016-02-01 improperly manages mDrmManagerClient objects, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 25070434.
904 CVE-2016-0803 119 DoS Exec Code Overflow Mem. Corr. 2016-02-06 2016-03-09
10.0
None Remote Low Not required Complete Complete Complete
libstagefright in mediaserver in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file that triggers a large memory allocation in the (1) SoftMPEG4Encoder or (2) SoftVPXEncoder component, aka internal bug 25812794.
905 CVE-2016-0802 20 DoS Exec Code Mem. Corr. 2016-02-06 2016-12-02
8.3
None Local Network Low Not required Complete Complete Complete
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25306181.
906 CVE-2016-0801 20 DoS Exec Code Mem. Corr. 2016-02-06 2017-09-06
8.3
None Local Network Low Not required Complete Complete Complete
The Broadcom Wi-Fi driver in the kernel in Android 4.x before 4.4.4, 5.x before 5.1.1 LMY49G, and 6.x before 2016-02-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted wireless control message packets, aka internal bug 25662029.
907 CVE-2016-0774 20 DoS +Priv 2016-04-27 2016-12-02
5.6
None Local Low Not required Partial None Complete
The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in a certain Linux kernel backport in the linux package before 3.2.73-2+deb7u3 on Debian wheezy and the kernel package before 3.10.0-229.26.2 on Red Hat Enterprise Linux (RHEL) 7.1 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun." NOTE: this vulnerability exists because of an incorrect fix for CVE-2015-1805.
908 CVE-2016-0728 DoS Overflow +Priv 2016-02-07 2017-09-09
7.2
None Local Low Not required Complete Complete Complete
The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands.
909 CVE-2016-0705 DoS Mem. Corr. 2016-03-03 2017-09-07
10.0
None Remote Low Not required Complete Complete Complete
Double free vulnerability in the dsa_priv_decode function in crypto/dsa/dsa_ameth.c in OpenSSL 1.0.1 before 1.0.1s and 1.0.2 before 1.0.2g allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a malformed DSA private key.
910 CVE-2015-9073 476 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall.
911 CVE-2015-9072 476 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall.
912 CVE-2015-9071 119 Overflow 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall.
913 CVE-2015-9070 119 Overflow 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall.
914 CVE-2015-9069 20 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, the Secure File System can become corrupted.
915 CVE-2015-9068 20 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a mink syscall is not properly validated.
916 CVE-2015-9067 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a potential compiler optimization of memset() is addressed.
917 CVE-2015-9066 119 Overflow 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an Inter-RAT procedure.
918 CVE-2015-9065 254 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a UE can respond to a UEInformationRequest before Access Stratum security is established.
919 CVE-2015-9064 284 2017-08-18 2017-08-24
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send IMEI or IMEISV to the network on a network request before NAS security has been activated.
920 CVE-2015-9063 119 Overflow 2017-08-18 2017-08-24
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a procedure involving a remote UIM client.
921 CVE-2015-9062 190 Overflow 2017-08-18 2017-08-24
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an ELF file.
922 CVE-2015-9061 20 2017-08-18 2017-08-24
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, playReady DRM failed to check a length potentially leading to unauthorized access to secure memory.
923 CVE-2015-9060 20 2017-08-18 2017-08-24
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not properly validated in a QTEE system call.
924 CVE-2015-9055 20 2017-08-18 2017-08-24
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a memory management routine.
925 CVE-2015-9054 476 2017-08-18 2017-08-24
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced during GAL decoding.
926 CVE-2015-9053 119 Overflow 2017-08-18 2017-08-24
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the processing of certain responses from the USIM.
927 CVE-2015-9052 20 2017-08-18 2017-08-24
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached while processing a downlink message.
928 CVE-2015-9051 20 2017-08-18 2017-08-24
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on a length in a System Information message.
929 CVE-2015-9050 125 2017-08-18 2017-08-24
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists where an array out of bounds access can occur during a CA call.
930 CVE-2015-9049 20 2017-08-18 2017-08-24
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of certain responses from the USIM.
931 CVE-2015-9048 20 2017-08-18 2017-08-24
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of lost RTP packets.
932 CVE-2015-9047 284 2017-08-18 2017-08-24
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GNSS when performing a scan after bootup.
933 CVE-2015-9046 20 2017-08-18 2017-08-24
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list.
934 CVE-2015-9045 119 Overflow 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GERAN where a buffer can be overflown while taking power measurements.
935 CVE-2015-9044 20 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list.
936 CVE-2015-9043 476 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced upon the expiry of a timer.
937 CVE-2015-9042 119 Overflow 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when processing a QMI message.
938 CVE-2015-9041 119 Overflow 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when performing WCDMA radio tuning.
939 CVE-2015-9040 284 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in a GERAN API.
940 CVE-2015-9039 20 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in eMBMS where an assertion can be reached by a sequence of downlink messages.
941 CVE-2015-9038 476 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end.
942 CVE-2015-9037 119 Overflow 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read may occur in the processing of a downlink 3G NAS message.
943 CVE-2015-9036 119 Overflow 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, an incorrect length is used to clear a memory buffer resulting in adjacent memory getting corrupted.
944 CVE-2015-9035 119 Overflow 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a memory buffer fails to be freed after it is no longer needed potentially resulting in memory exhaustion.
945 CVE-2015-9034 119 Overflow 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a string can fail to be null-terminated in SIP leading to a buffer overflow.
946 CVE-2015-9033 20 2017-06-13 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a QTEE system call fails to validate a pointer.
947 CVE-2015-9032 200 +Info 2017-06-13 2017-07-07
4.3
None Remote Medium Not required Partial None None
In all Android releases from CAF using the Linux kernel, a DRM key was exposed to QTEE applications.
948 CVE-2015-9031 200 +Info 2017-06-13 2017-07-07
4.3
None Remote Medium Not required Partial None None
In all Android releases from CAF using the Linux kernel, a TZ memory address is exposed to HLOS by HDCP.
949 CVE-2015-9030 306 Bypass 2017-06-13 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, the Hypervisor API could be misused to bypass authentication.
950 CVE-2015-9029 284 2017-06-13 2017-07-07
9.3
None Remote Medium Not required Complete Complete Complete
In all Android releases from CAF using the Linux kernel, a vulnerability exists in the access control settings of modem memory.
Total number of vulnerabilities : 1092   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 (This Page)20 21 22
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.