Vulnerabilities > Permissions, Privileges, and Access Controls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-16 | CVE-2016-5867 | Permissions, Privileges, and Access Controls vulnerability in Google Android In a sound driver in Android for MSM, Firefox OS for MSM, QRD Android, some variables are from userspace and values can be chosen that could result in stack overflow. | 7.0 |
| 2017-08-16 | CVE-2016-5864 | Permissions, Privileges, and Access Controls vulnerability in Google Android In an audio driver function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, some parameters are from userspace, and if they are set to a large value, integer overflow is possible followed by buffer overflow. | 7.8 |
| 2017-08-16 | CVE-2016-5863 | Permissions, Privileges, and Access Controls vulnerability in Google Android In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses. | 7.8 |
| 2017-08-16 | CVE-2016-5862 | Permissions, Privileges, and Access Controls vulnerability in Google Android When a control related to codec is issued from userspace in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, the type casting is done to the container structure instead of the codec's individual structure, resulting in a device restart after kernel crash occurs. | 7.0 |
| 2017-08-16 | CVE-2016-5861 | Permissions, Privileges, and Access Controls vulnerability in Google Android In a display driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable controlled by userspace is used to calculate offsets and sizes for copy operations, which could result in heap overflow. | 8.8 |
| 2017-08-16 | CVE-2016-5860 | Permissions, Privileges, and Access Controls vulnerability in Google Android In an audio driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a heap buffer overflow. | 7.0 |
| 2017-08-16 | CVE-2016-5859 | Permissions, Privileges, and Access Controls vulnerability in Google Android In a sound driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a buffer overflow. | 7.0 |
| 2017-08-16 | CVE-2016-5853 | Permissions, Privileges, and Access Controls vulnerability in Google Android In an audio driver in all Qualcomm products with Android releases from CAF using the Linux kernel, when a sanity check encounters a length value not in the correct range, an error message is printed, but code execution continues in the same way as for a correct length value. | 7.0 |
| 2017-08-09 | CVE-2015-4165 | Permissions, Privileges, and Access Controls vulnerability in Elasticsearch 1.5.2 The snapshot API in Elasticsearch before 1.6.0 when another application exists on the system that can read Lucene files and execute code from them, is accessible by the attacker, and the Java VM on which Elasticsearch is running can write to a location that the other application can read and execute from, allows remote authenticated users to write to and create arbitrary snapshot metadata files, and potentially execute arbitrary code. | 7.5 |
| 2017-08-07 | CVE-2015-5244 | Permissions, Privileges, and Access Controls vulnerability in MOD NSS Project MOD NSS The NSSCipherSuite option with ciphersuites enabled in mod_nss before 1.0.12 allows remote attackers to bypass application restrictions. | 9.8 |