Vulnerabilities > Permissions, Privileges, and Access Controls
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-11 | CVE-2015-8889 | Permissions, Privileges, and Access Controls vulnerability in Google Android The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm internal bug CR804067. | 7.8 |
| 2016-07-11 | CVE-2014-9802 | Permissions, Privileges, and Access Controls vulnerability in Google Android Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28821965 and Qualcomm internal bug CR705108. | 7.8 |
| 2016-07-11 | CVE-2014-9799 | Permissions, Privileges, and Access Controls vulnerability in Google Android The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that leverages incorrect compiler optimization of an integer-overflow protection mechanism, aka Android internal bug 28821731 and Qualcomm internal bug CR691916. | 7.8 |
| 2016-07-11 | CVE-2014-9796 | Permissions, Privileges, and Access Controls vulnerability in Google Android app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass intended access restrictions via a crafted boot image, aka Android internal bug 28820722 and Qualcomm internal bug CR684756. | 7.8 |
| 2016-07-11 | CVE-2014-9790 | Permissions, Privileges, and Access Controls vulnerability in Google Android drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate pointers used in read and write operations, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769136 and Qualcomm internal bug CR545716. | 7.8 |
| 2016-07-11 | CVE-2014-9789 | Permissions, Privileges, and Access Controls vulnerability in Google Android The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749392 and Qualcomm internal bug CR556425. | 7.8 |
| 2016-07-11 | CVE-2014-9785 | Permissions, Privileges, and Access Controls vulnerability in Google Android drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate addresses before copying data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28469042 and Qualcomm internal bug CR545747. | 7.8 |
| 2016-07-11 | CVE-2014-9783 | Permissions, Privileges, and Access Controls vulnerability in Google Android drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28441831 and Qualcomm internal bug CR511382. | 7.8 |
| 2016-07-11 | CVE-2014-9782 | Permissions, Privileges, and Access Controls vulnerability in Google Android drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28431531 and Qualcomm internal bug CR511349. | 7.8 |
| 2016-07-11 | CVE-2014-9780 | Permissions, Privileges, and Access Controls vulnerability in Google Android drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5, 5X, and 6P devices does not validate start and length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28602014 and Qualcomm internal bug CR542222. | 7.8 |