Vulnerabilities > Google

DATE CVE VULNERABILITY TITLE RISK
2016-07-11 CVE-2016-2505 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
mpeg2ts/ATSParser.cpp in libstagefright in mediaserver in Android 6.x before 2016-07-01 does not validate a certain section length, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 28333006.
local
low complexity
google CWE-119
7.8
2016-07-11 CVE-2016-2503 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Qualcomm GPU driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28084795 and Qualcomm internal bug CR1006067.
local
low complexity
google CWE-264
7.8
2016-07-11 CVE-2016-2502 Permissions, Privileges, and Access Controls vulnerability in Google Android
drivers/usb/gadget/f_serial.c in the Qualcomm USB driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a large size in a GSER_IOCTL ioctl call, aka Android internal bug 27657963 and Qualcomm internal bug CR997044.
local
low complexity
google CWE-264
7.8
2016-07-11 CVE-2016-2501 Permissions, Privileges, and Access Controls vulnerability in Google Android
The Qualcomm camera driver in Android before 2016-07-05 on Nexus 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 27890772 and Qualcomm internal bug CR1001092.
local
low complexity
google CWE-264
7.8
2016-07-11 CVE-2016-2068 Integer Overflow or Wraparound vulnerability in multiple products
The MSM QDSP6 audio driver (aka sound driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (integer overflow, and buffer overflow or buffer over-read) via a crafted application that performs a (1) AUDIO_EFFECTS_WRITE or (2) AUDIO_EFFECTS_READ operation, aka Qualcomm internal bug CR1006609.
local
low complexity
google linux CWE-190
7.8
2016-07-11 CVE-2016-2067 Improper Privilege Management vulnerability in multiple products
drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, mishandles the KGSL_MEMFLAGS_GPUREADONLY flag, which allows attackers to gain privileges by leveraging accidental read-write mappings, aka Qualcomm internal bug CR988993.
local
low complexity
google linux CWE-269
7.8
2016-07-11 CVE-2015-8893 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal bug 28822690 and Qualcomm internal bug CR822275.
local
low complexity
google CWE-119
5.5
2016-07-11 CVE-2015-8892 Permissions, Privileges, and Access Controls vulnerability in Google Android
platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug 28822807 and Qualcomm internal bug CR902998.
local
low complexity
google CWE-264
7.8
2016-07-11 CVE-2015-8891 Numeric Errors vulnerability in Google Android
Multiple integer overflows in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to bypass intended access restrictions via a crafted image, aka Android internal bug 28842418 and Qualcomm internal bug CR813930.
local
low complexity
google CWE-189
7.8
2016-07-11 CVE-2015-8890 Permissions, Privileges, and Access Controls vulnerability in Google Android
platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows attackers to bypass intended access restrictions via a crafted MultiMediaCard (MMC), aka Android internal bug 28822878 and Qualcomm internal bug CR823461.
local
low complexity
google CWE-264
7.8