| ID: CVE-2015-8967 |
Title: arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access. |
Type: Mobile Devices |
Bulletins:
CVE-2015-8967 SFBID94680 |
Severity: High |
| Description: arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access. | ||||
| Applies to: |
Created: 2016-12-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-8956 |
Title: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8956 SFBID93326 |
Severity: Low |
| Description: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket. | ||||
| Applies to: |
Created: 2016-10-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-8951 |
Title: Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allow attackers to gain privileges via a... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8951 SFBID93317 |
Severity: High |
| Description: Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 30142668 and Qualcomm internal bug CR 948902. | ||||
| Applies to: |
Created: 2016-10-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-8955 |
Title: arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8955 SFBID93314 |
Severity: Medium |
| Description: arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs. | ||||
| Applies to: |
Created: 2016-10-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6393 |
Title: Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via malformed IPv4 DHCP packets to the DHCPv4 relay... |
Type: Hardware |
Bulletins:
CVE-2015-6393 SFBID93419 |
Severity: High |
| Description: Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 3000, 3500, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via malformed IPv4 DHCP packets to the DHCPv4 relay agent, aka Bug IDs CSCuq39250, CSCus21733, CSCus21739, CSCut76171, and CSCux67182. | ||||
| Applies to: |
Created: 2016-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-0721 |
Title: Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access... |
Type: Hardware |
Bulletins:
CVE-2015-0721 SFBID93410 |
Severity: High |
| Description: Cisco NX-OS 4.0 through 7.3 on Multilayer Director and Nexus 1000V, 2000, 3000, 3500, 4000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote authenticated users to bypass intended AAA restrictions and obtain privileged CLI access via crafted parameters in an SSH connection negotiation, aka Bug IDs CSCum35502, CSCuw78669, CSCuw79754, and CSCux88492. | ||||
| Applies to: |
Created: 2016-10-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6392 |
Title: Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or... |
Type: Hardware |
Bulletins:
CVE-2015-6392 SFBID93406 |
Severity: High |
| Description: Cisco NX-OS 4.1 through 7.3 and 11.0 through 11.2 on Nexus 2000, 5000, 5500, 5600, 6000, 7000, 7700, and 9000 devices allows remote attackers to cause a denial of service (device crash) via crafted IPv4 DHCP packets to the (1) DHCPv4 relay agent or (2) smart relay agent, aka Bug IDs CSCuq24603, CSCur93159, CSCus21693, and CSCut76171. | ||||
| Applies to: |
Created: 2016-10-05 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-2146 |
Title: The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access... |
Type: Hardware |
Bulletins:
CVE-2014-2146 SFBID93126 |
Severity: Medium |
| Description: The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attackers to bypass intended resource-access restrictions via spoofed traffic that matches one of these sessions, aka Bug IDs CSCun94946 and CSCun96847. | ||||
| Applies to: |
Created: 2016-09-22 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-3854 |
Title: packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug... |
Type: Mobile Devices |
Bulletins:
CVE-2015-3854 |
Severity: Medium |
| Description: packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug 20918350. | ||||
| Applies to: |
Created: 2016-08-07 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9892 |
Title: The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9892 SFBID92222 |
Severity: Medium |
| Description: The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a timestamp data structure, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28770164 and Qualcomm internal bug CR568717. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-8938 |
Title: The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8938 SFBID92219 |
Severity: High |
| Description: The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804030 and Qualcomm internal bug CR766022. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9879 |
Title: The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9879 SFBID92219 |
Severity: Medium |
| Description: The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221 and Qualcomm internal bug CR524490. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9870 |
Title: The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9870 SFBID92219 |
Severity: High |
| Description: The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal bug 28749743 and Qualcomm internal bug CR561044. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-8944 |
Title: The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8944 SFBID92222 |
Severity: Medium |
| Description: The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka Android internal bug 28814213 and Qualcomm internal bug CR786116. NOTE: the permissions may be intentional in most non-Android contexts. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9900 |
Title: The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9900 SFBID92222 |
Severity: Medium |
| Description: The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9872 |
Title: The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9872 SFBID92219 |
Severity: Medium |
| Description: The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug CR590721. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9897 |
Title: sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9897 SFBID92222 |
Severity: Medium |
| Description: sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28769856 and Qualcomm internal bug CR563752. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9890 |
Title: Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9890 SFBID92219 |
Severity: High |
| Description: Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that sends an I2C command, aka Android internal bug 28770207 and Qualcomm internal bug CR529177. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9871 |
Title: Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9871 SFBID92219 |
Severity: High |
| Description: Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28749803 and Qualcomm internal bug CR514717. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9863 |
Title: Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9863 SFBID92219 |
Severity: High |
| Description: Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9873 |
Title: Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application,... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9873 SFBID92219 |
Severity: Medium |
| Description: Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm internal bug CR556860. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-8940 |
Title: Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8940 SFBID92219 |
Severity: High |
| Description: Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and Qualcomm internal bug CR792367. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9883 |
Title: Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application,... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9883 SFBID92219 |
Severity: Medium |
| Description: Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28769912 and Qualcomm internal bug CR565160. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9885 |
Title: Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9885 SFBID92219 |
Severity: Medium |
| Description: Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug 28769959 and Qualcomm internal bug CR562261. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9880 |
Title: drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9880 SFBID92219 |
Severity: Medium |
| Description: drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769352 and Qualcomm internal bug CR556356. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-8943 |
Title: drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8943 SFBID92219 |
Severity: Medium |
| Description: drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815158 and Qualcomm internal bugs CR794217 and CR836226. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9893 |
Title: drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9893 SFBID92222 |
Severity: Medium |
| Description: drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28747914 and Qualcomm internal bug CR542223. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-8939 |
Title: drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8939 SFBID92219 |
Severity: High |
| Description: drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28398884 and Qualcomm internal bug CR779021. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9899 |
Title: drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9899 SFBID92222 |
Severity: Medium |
| Description: drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28803909 and Qualcomm internal bug CR547910. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9878 |
Title: drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9878 SFBID92219 |
Severity: Medium |
| Description: drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769208 and Qualcomm internal bug CR547479. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9894 |
Title: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\0' character, which allows attackers to obtain sensitive information via a... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9894 SFBID92222 |
Severity: Medium |
| Description: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\0' character, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28749708 and Qualcomm internal bug CR545736. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9891 |
Title: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9891 SFBID92219 |
Severity: High |
| Description: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl call, aka Android internal bug 28749283 and Qualcomm internal bug CR550061. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9864 |
Title: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9864 SFBID92219 |
Severity: High |
| Description: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747998 and Qualcomm internal bug CR561841. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9884 |
Title: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9884 SFBID92219 |
Severity: Medium |
| Description: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769920 and Qualcomm internal bug CR580740. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9887 |
Title: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9887 SFBID92219 |
Severity: High |
| Description: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804057 and Qualcomm internal bug CR636633. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9865 |
Title: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9865 SFBID92219 |
Severity: High |
| Description: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28748271 and Qualcomm internal bug CR550013. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9881 |
Title: drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or cause a denial of service (buffer... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9881 SFBID92219 |
Severity: Medium |
| Description: drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application, aka Android internal bug 28769368 and Qualcomm internal bug CR539008. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9868 |
Title: drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9868 SFBID92219 |
Severity: Medium |
| Description: drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted mask value, aka Android internal bug 28749721 and Qualcomm internal bug CR511976. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9866 |
Title: drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9866 SFBID92219 |
Severity: High |
| Description: drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747684 and Qualcomm internal bug CR511358. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9877 |
Title: drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9877 SFBID92219 |
Severity: Medium |
| Description: drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28768281 and Qualcomm internal bug CR547231. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-8942 |
Title: drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8942 SFBID92219 |
Severity: High |
| Description: drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814652 and Qualcomm internal bug CR803246. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9889 |
Title: drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9889 SFBID92219 |
Severity: Medium |
| Description: drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803645 and Qualcomm internal bug CR674712. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9869 |
Title: drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9869 SFBID92219 |
Severity: High |
| Description: drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749728 and Qualcomm internal bug CR514711. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-8941 |
Title: drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8941 SFBID92219 |
Severity: High |
| Description: drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814502 and Qualcomm internal bug CR792473. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9867 |
Title: drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9867 SFBID92219 |
Severity: High |
| Description: drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749629 and Qualcomm internal bug CR514702. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9895 |
Title: drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9895 SFBID92222 |
Severity: Medium |
| Description: drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28750150 and Qualcomm internal bug CR570757, a different vulnerability than CVE-2014-1739. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9876 |
Title: drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application,... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9876 SFBID92219 |
Severity: Medium |
| Description: drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28767796 and Qualcomm internal bug CR483408. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-8937 |
Title: drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8937 SFBID92219 |
Severity: Medium |
| Description: drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803962 and Qualcomm internal bug CR770548. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9875 |
Title: drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9875 SFBID92219 |
Severity: Medium |
| Description: drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal bug 28767589 and Qualcomm internal bug CR483310. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9896 |
Title: drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9896 SFBID92222 |
Severity: Medium |
| Description: drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28767593 and Qualcomm internal bug CR551795. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9874 |
Title: Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audio_utils.c and... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9874 SFBID92219 |
Severity: Medium |
| Description: Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audio_utils.c and sound/soc/msm/qdsp6v2/q6asm.c, aka Android internal bug 28751152 and Qualcomm internal bug CR563086. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9882 |
Title: Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9882 SFBID92219 |
Severity: Medium |
| Description: Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546 and Qualcomm internal bug CR552329. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9898 |
Title: arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9898 SFBID92222 |
Severity: Medium |
| Description: arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28814690 and Qualcomm internal bug CR554575. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9886 |
Title: arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9886 SFBID92219 |
Severity: Medium |
| Description: arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815575 and Qualcomm internal bug CR555030. | ||||
| Applies to: |
Created: 2016-08-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9901 |
Title: The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9901 SFBID92247 |
Severity: High |
| Description: The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via crafted frames, aka Android internal bug 28670333 and Qualcomm internal bug CR548711. | ||||
| Applies to: |
Created: 2016-08-05 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9902 |
Title: Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9902 SFBID92223 |
Severity: High |
| Description: Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android internal bug 28668638 and Qualcomm internal bugs CR553937 and CR553941. | ||||
| Applies to: |
Created: 2016-08-05 |
Updated: 2025-10-08 |
||
| ID: CVE-2013-7457 |
Title: Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers to gain privileges via a crafted application. |
Type: Mobile Devices |
Bulletins:
CVE-2013-7457 |
Severity: High |
| Description: Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers to gain privileges via a crafted application. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9777 |
Title: The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9777 SFBID91628 |
Severity: High |
| Description: The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598501 and Qualcomm internal bug CR563654. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9778 |
Title: The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9778 SFBID91628 |
Severity: High |
| Description: The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598515 and Qualcomm internal bug CR563694. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9799 |
Title: The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9799 SFBID91628 |
Severity: High |
| Description: The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that leverages incorrect compiler optimization of an integer-overflow protection mechanism, aka Android internal bug 28821731 and Qualcomm internal bug CR691916. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-8889 |
Title: The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8889 SFBID91628 |
Severity: High |
| Description: The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm internal bug CR804067. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9789 |
Title: The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attackers to gain privileges via a... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9789 SFBID91628 |
Severity: High |
| Description: The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749392 and Qualcomm internal bug CR556425. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-8890 |
Title: platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows attackers to bypass intended... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8890 SFBID91628 |
Severity: High |
| Description: platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows attackers to bypass intended access restrictions via a crafted MultiMediaCard (MMC), aka Android internal bug 28822878 and Qualcomm internal bug CR823461. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9793 |
Title: platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges via a crafted application, aka... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9793 SFBID91628 |
Severity: High |
| Description: platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28821253 and Qualcomm internal bug CR580567. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9798 |
Title: platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9798 |
Severity: High |
| Description: platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service (OS outage) via a crafted application, aka Android internal bug 28821448 and Qualcomm internal bug CR681965. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-8892 |
Title: platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8892 SFBID91628 |
Severity: High |
| Description: platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug 28822807 and Qualcomm internal bug CR902998. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9801 |
Title: Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28822060 and Qualcomm... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9801 SFBID91628 |
Severity: High |
| Description: Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28822060 and Qualcomm internal bug CR705078. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9802 |
Title: Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28821965... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9802 SFBID91628 |
Severity: High |
| Description: Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28821965 and Qualcomm internal bug CR705108. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-8891 |
Title: Multiple integer overflows in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to bypass intended access restrictions via a crafted image, aka Android internal... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8891 SFBID91628 |
Severity: High |
| Description: Multiple integer overflows in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to bypass intended access restrictions via a crafted image, aka Android internal bug 28842418 and Qualcomm internal bug CR813930. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9788 |
Title: Multiple buffer overflows in the voice drivers in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28573112 and Qualcomm... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9788 SFBID91628 |
Severity: High |
| Description: Multiple buffer overflows in the voice drivers in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28573112 and Qualcomm internal bug CR548872. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9784 |
Title: Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9784 SFBID91628 |
Severity: High |
| Description: Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28442449 and Qualcomm internal bug CR585147. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9800 |
Title: Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28822150 and Qualcomm... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9800 SFBID91628 |
Severity: High |
| Description: Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28822150 and Qualcomm internal bug CR692478. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9787 |
Title: Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28571496 and... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9787 SFBID91628 |
Severity: High |
| Description: Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28571496 and Qualcomm internal bug CR545764. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-8888 |
Title: Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and block size of a sparse header, aka... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8888 SFBID91628 |
Severity: High |
| Description: Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and block size of a sparse header, aka Android internal bug 28822465 and Qualcomm internal bug CR813933. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9786 |
Title: Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9786 SFBID91628 |
Severity: High |
| Description: Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28557260 and Qualcomm internal bug CR545979. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9780 |
Title: drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5, 5X, and 6P devices does not validate start and length values, which allows attackers to gain privileges via a crafted application,... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9780 SFBID91628 |
Severity: High |
| Description: drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5, 5X, and 6P devices does not validate start and length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28602014 and Qualcomm internal bug CR542222. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9790 |
Title: drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate pointers used in read and write operations, which allows attackers to gain privileges via a crafted... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9790 SFBID91628 |
Severity: High |
| Description: drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate pointers used in read and write operations, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769136 and Qualcomm internal bug CR545716. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9785 |
Title: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate addresses before copying data, which allows attackers to gain privileges via a crafted application, aka... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9785 SFBID91628 |
Severity: High |
| Description: drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate addresses before copying data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28469042 and Qualcomm internal bug CR545747. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9783 |
Title: drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9783 SFBID91628 |
Severity: High |
| Description: drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28441831 and Qualcomm internal bug CR511382. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9782 |
Title: drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step parameters, which allows attackers to... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9782 SFBID91628 |
Severity: High |
| Description: drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28431531 and Qualcomm internal bug CR511349. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9781 |
Title: Buffer overflow in drivers/video/fbcmap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28410333 and Qualcomm... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9781 SFBID91628 |
Severity: High |
| Description: Buffer overflow in drivers/video/fbcmap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28410333 and Qualcomm internal bug CR556471. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9803 |
Title: arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9803 |
Severity: High |
| Description: arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28557020. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9779 |
Title: arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to obtain sensitive information from kernel memory via a crafted offset, aka Android internal bug... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9779 SFBID91628 |
Severity: High |
| Description: arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to obtain sensitive information from kernel memory via a crafted offset, aka Android internal bug 28598347 and Qualcomm internal bug CR548679. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9792 |
Title: arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9792 SFBID91628 |
Severity: High |
| Description: arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769399 and Qualcomm internal bug CR550606. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9795 |
Title: app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9795 SFBID91628 |
Severity: High |
| Description: app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size values, aka Android internal bug 28820720 and Qualcomm internal bug CR681957, a related issue to CVE-2014-4325. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2014-9796 |
Title: app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass intended access restrictions via a... |
Type: Mobile Devices |
Bulletins:
CVE-2014-9796 SFBID91628 |
Severity: High |
| Description: app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass intended access restrictions via a crafted boot image, aka Android internal bug 28820722 and Qualcomm internal bug CR684756. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-8893 |
Title: app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal... |
Type: Mobile Devices |
Bulletins:
CVE-2015-8893 |
Severity: Medium |
| Description: app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal bug 28822690 and Qualcomm internal bug CR822275. | ||||
| Applies to: |
Created: 2016-07-10 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6289 |
Title: Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476. |
Type: Hardware |
Bulletins:
CVE-2015-6289 SFBID91322 |
Severity: Medium |
| Description: Cisco IOS 15.5(3)M on Integrated Services Router (ISR) 800, 819, and 829 devices allows remote attackers to cause a denial of service (memory consumption) via crafted TCP packets on the SSH port, aka Bug ID CSCuu13476. | ||||
| Applies to: |
Created: 2016-06-22 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6260 |
Title: Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645. |
Type: Hardware |
Bulletins:
CVE-2015-6260 |
Severity: High |
| Description: Cisco NX-OS 7.1(1)N1(1) on Nexus 5500, 5600, and 6000 devices does not properly validate PDUs in SNMP packets, which allows remote attackers to cause a denial of service (SNMP application restart) via a crafted packet, aka Bug ID CSCut84645. | ||||
| Applies to: |
Created: 2016-03-03 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6398 |
Title: Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512. |
Type: Hardware |
Bulletins:
CVE-2015-6398 |
Severity: High |
| Description: Cisco Nexus 9000 Application Centric Infrastructure (ACI) Mode switches with software before 11.0(1c) allow remote attackers to cause a denial of service (device reload) via an IPv4 ICMP packet with the IP Record Route option, aka Bug ID CSCuq57512. | ||||
| Applies to: |
Created: 2016-02-07 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6314 |
Title: Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bug ID CSCuw06153. |
Type: Hardware |
Bulletins:
CVE-2015-6314 |
Severity: High |
| Description: Cisco Wireless LAN Controller (WLC) devices with software 7.6.x, 8.0 before 8.0.121.0, and 8.1 before 8.1.131.0 allow remote attackers to change configuration settings via unspecified vectors, aka Bug ID CSCuw06153. | ||||
| Applies to: |
Created: 2016-01-14 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-7754 |
Title: Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation. |
Type: Hardware |
Bulletins:
CVE-2015-7754 SFBID79627 |
Severity: High |
| Description: Juniper ScreenOS before 6.3.0r21, when ssh-pka is configured and enabled, allows remote attackers to cause a denial of service (system crash) or execute arbitrary code via crafted SSH negotiation. | ||||
| Applies to: |
Created: 2016-01-08 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6433 |
Title: SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767. |
Type: Hardware |
Bulletins:
CVE-2015-6433 |
Severity: Medium |
| Description: SQL injection vulnerability in Cisco Unified Communications Manager 11.0(0.98000.225) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCut66767. | ||||
| Applies to: Unified Communications Manager |
Created: 2016-01-07 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-5310 |
Title: The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or... |
Type: Mobile Devices |
Bulletins:
CVE-2015-5310 SFBID77541 |
Severity: Low |
| Description: The WNM Sleep Mode code in wpa_supplicant 2.x before 2.6 does not properly ignore key data in response frames when management frame protection (MFP) was not negotiated, which allows remote attackers to inject arbitrary broadcast or multicast packets or cause a denial of service (ignored packets) via a WNM Sleep Mode response. | ||||
| Applies to: |
Created: 2016-01-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6639 |
Title: The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6639 |
Severity: High |
| Description: The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875. | ||||
| Applies to: |
Created: 2016-01-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6647 |
Title: The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6647 |
Severity: High |
| Description: The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554. | ||||
| Applies to: |
Created: 2016-01-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6646 |
Title: The System V IPC implementation in the kernel in Android before 6.0 2016-01-01 allows attackers to cause a denial of service (global kernel resource consumption) by leveraging improper interaction between IPC resource allocation and... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6646 |
Severity: High |
| Description: The System V IPC implementation in the kernel in Android before 6.0 2016-01-01 allows attackers to cause a denial of service (global kernel resource consumption) by leveraging improper interaction between IPC resource allocation and the memory manager, aka internal bug 22300191, a different vulnerability than CVE-2015-7613. | ||||
| Applies to: |
Created: 2016-01-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6640 |
Title: The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6640 |
Severity: High |
| Description: The prctl_set_vma_anon_name function in kernel/sys.c in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 does not ensure that only one vma is accessed in a certain update action, which allows attackers to gain privileges or cause a denial of service (vma list corruption) via a crafted application, aka internal bug 20017123. | ||||
| Applies to: |
Created: 2016-01-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6637 |
Title: The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6637 |
Severity: High |
| Description: The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013. | ||||
| Applies to: |
Created: 2016-01-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6642 |
Title: The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining... |
Type: Mobile Devices |
Bulletins:
CVE-2015-6642 |
Severity: High |
| Description: The kernel in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24157888. | ||||
| Applies to: |
Created: 2016-01-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6638 |
Title: The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6638 |
Severity: High |
| Description: The Imagination Technologies driver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 24673908. | ||||
| Applies to: |
Created: 2016-01-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6645 |
Title: SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6645 |
Severity: High |
| Description: SyncManager in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to cause a denial of service (continuous rebooting) via a crafted application, aka internal bug 23591205. | ||||
| Applies to: |
Created: 2016-01-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6643 |
Title: Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6643 |
Severity: High |
| Description: Setup Wizard in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows physically proximate attackers to modify settings or bypass a reset protection mechanism via unspecified vectors, aka internal bug 25290269. | ||||
| Applies to: |
Created: 2016-01-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6636 |
Title: mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6636 |
Severity: High |
| Description: mediaserver in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bugs 25070493 and 24686670. | ||||
| Applies to: |
Created: 2016-01-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6644 |
Title: Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6644 SFBID79865 |
Severity: Medium |
| Description: Bouncy Castle in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to obtain sensitive information via a crafted application, aka internal bug 24106146. | ||||
| Applies to: |
Created: 2016-01-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6641 |
Title: Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427. |
Type: Mobile Devices |
Bulletins:
CVE-2015-6641 |
Severity: Low |
| Description: Bluetooth in Android 6.0 before 2016-01-01 allows remote attackers to obtain sensitive Contacts information by leveraging pairing, aka internal bug 23607427. | ||||
| Applies to: |
Created: 2016-01-06 |
Updated: 2025-10-08 |
||
| ID: CVE-2015-6432 |
Title: Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service... |
Type: Hardware |
Bulletins:
CVE-2015-6432 |
Severity: Medium |
| Description: Cisco IOS XR 4.2.0, 4.3.0, 5.0.0, 5.1.0, 5.2.0, 5.2.2, 5.2.4, 5.3.0, and 5.3.2 does not properly restrict the number of Path Computation Elements (PCEs) for OSPF LSA opaque area updates, which allows remote attackers to cause a denial of service (device reload) via a crafted update, aka Bug ID CSCuw83486. | ||||
| Applies to: |
Created: 2016-01-04 |
Updated: 2025-10-08 |
||
