Vulnerabilities > Google

DATE CVE VULNERABILITY TITLE RISK
2016-07-11 CVE-2015-8889 Permissions, Privileges, and Access Controls vulnerability in Google Android
The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm internal bug CR804067.
local
low complexity
google CWE-264
7.8
2016-07-11 CVE-2015-8888 Numeric Errors vulnerability in Google Android
Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and block size of a sparse header, aka Android internal bug 28822465 and Qualcomm internal bug CR813933.
local
low complexity
google CWE-189
7.8
2016-07-11 CVE-2014-9803 Data Processing Errors vulnerability in multiple products
arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28557020.
local
low complexity
linux google CWE-19
7.8
2016-07-11 CVE-2014-9802 Permissions, Privileges, and Access Controls vulnerability in Google Android
Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28821965 and Qualcomm internal bug CR705108.
local
low complexity
google CWE-264
7.8
2016-07-11 CVE-2014-9801 Numeric Errors vulnerability in Google Android
Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28822060 and Qualcomm internal bug CR705078.
local
low complexity
google CWE-189
7.8
2016-07-11 CVE-2014-9800 Numeric Errors vulnerability in Google Android
Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28822150 and Qualcomm internal bug CR692478.
local
low complexity
google CWE-189
7.8
2016-07-11 CVE-2014-9799 Permissions, Privileges, and Access Controls vulnerability in Google Android
The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that leverages incorrect compiler optimization of an integer-overflow protection mechanism, aka Android internal bug 28821731 and Qualcomm internal bug CR691916.
local
low complexity
google CWE-264
7.8
2016-07-11 CVE-2014-9798 Improper Access Control vulnerability in Google Android
platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service (OS outage) via a crafted application, aka Android internal bug 28821448 and Qualcomm internal bug CR681965.
local
low complexity
google CWE-284
5.5
2016-07-11 CVE-2014-9796 Permissions, Privileges, and Access Controls vulnerability in Google Android
app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass intended access restrictions via a crafted boot image, aka Android internal bug 28820722 and Qualcomm internal bug CR684756.
local
low complexity
google CWE-264
7.8
2016-07-11 CVE-2014-9795 Numeric Errors vulnerability in Google Android
app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size values, aka Android internal bug 28820720 and Qualcomm internal bug CR681957, a related issue to CVE-2014-4325.
local
low complexity
google CWE-189
7.8