Vulnerabilities > Google > Android > High

DATE CVE VULNERABILITY TITLE RISK
2016-08-06 CVE-2014-9878 Permissions, Privileges, and Access Controls vulnerability in Google Android
drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769208 and Qualcomm internal bug CR547479.
local
low complexity
google CWE-264
7.8
2016-08-06 CVE-2014-9877 Data Processing Errors vulnerability in Google Android
drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28768281 and Qualcomm internal bug CR547231.
local
low complexity
google CWE-19
7.8
2016-08-06 CVE-2014-9876 Numeric Errors vulnerability in Google Android
drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28767796 and Qualcomm internal bug CR483408.
local
low complexity
google CWE-189
7.8
2016-08-06 CVE-2014-9875 Permissions, Privileges, and Access Controls vulnerability in Google Android
drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal bug 28767589 and Qualcomm internal bug CR483310.
local
low complexity
google CWE-264
7.8
2016-08-06 CVE-2014-9874 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audio_utils.c and sound/soc/msm/qdsp6v2/q6asm.c, aka Android internal bug 28751152 and Qualcomm internal bug CR563086.
local
low complexity
google CWE-119
7.8
2016-08-06 CVE-2014-9873 Permissions, Privileges, and Access Controls vulnerability in Google Android
Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm internal bug CR556860.
local
low complexity
google CWE-264
7.8
2016-08-06 CVE-2014-9872 Improper Input Validation vulnerability in Google Android
The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug CR590721.
local
low complexity
google CWE-20
7.8
2016-08-06 CVE-2014-9871 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28749803 and Qualcomm internal bug CR514717.
local
low complexity
google CWE-119
7.8
2016-08-06 CVE-2014-9870 Permissions, Privileges, and Access Controls vulnerability in multiple products
The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal bug 28749743 and Qualcomm internal bug CR561044.
local
low complexity
linux google CWE-264
7.8
2016-08-06 CVE-2014-9869 Permissions, Privileges, and Access Controls vulnerability in Google Android
drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749728 and Qualcomm internal bug CR514711.
local
low complexity
google CWE-264
7.8