Vulnerabilities > Google > Android > High

DATE CVE VULNERABILITY TITLE RISK
2016-07-11 CVE-2015-8892 Permissions, Privileges, and Access Controls vulnerability in Google Android
platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug 28822807 and Qualcomm internal bug CR902998.
local
low complexity
google CWE-264
7.8
2016-07-11 CVE-2015-8891 Numeric Errors vulnerability in Google Android
Multiple integer overflows in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to bypass intended access restrictions via a crafted image, aka Android internal bug 28842418 and Qualcomm internal bug CR813930.
local
low complexity
google CWE-189
7.8
2016-07-11 CVE-2015-8890 Permissions, Privileges, and Access Controls vulnerability in Google Android
platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows attackers to bypass intended access restrictions via a crafted MultiMediaCard (MMC), aka Android internal bug 28822878 and Qualcomm internal bug CR823461.
local
low complexity
google CWE-264
7.8
2016-07-11 CVE-2015-8889 Permissions, Privileges, and Access Controls vulnerability in Google Android
The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm internal bug CR804067.
local
low complexity
google CWE-264
7.8
2016-07-11 CVE-2015-8888 Numeric Errors vulnerability in Google Android
Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and block size of a sparse header, aka Android internal bug 28822465 and Qualcomm internal bug CR813933.
local
low complexity
google CWE-189
7.8
2016-07-11 CVE-2014-9803 Data Processing Errors vulnerability in multiple products
arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28557020.
local
low complexity
linux google CWE-19
7.8
2016-07-11 CVE-2014-9802 Permissions, Privileges, and Access Controls vulnerability in Google Android
Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28821965 and Qualcomm internal bug CR705108.
local
low complexity
google CWE-264
7.8
2016-07-11 CVE-2014-9801 Numeric Errors vulnerability in Google Android
Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28822060 and Qualcomm internal bug CR705078.
local
low complexity
google CWE-189
7.8
2016-07-11 CVE-2014-9800 Numeric Errors vulnerability in Google Android
Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28822150 and Qualcomm internal bug CR692478.
local
low complexity
google CWE-189
7.8
2016-07-11 CVE-2014-9799 Permissions, Privileges, and Access Controls vulnerability in Google Android
The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that leverages incorrect compiler optimization of an integer-overflow protection mechanism, aka Android internal bug 28821731 and Qualcomm internal bug CR691916.
local
low complexity
google CWE-264
7.8