Vulnerabilities > Google > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-07-11 | CVE-2014-9783 | Permissions, Privileges, and Access Controls vulnerability in Google Android drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28441831 and Qualcomm internal bug CR511382. | 9.3 |
| 2016-07-11 | CVE-2014-9782 | Permissions, Privileges, and Access Controls vulnerability in Google Android drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28431531 and Qualcomm internal bug CR511349. | 9.3 |
| 2016-07-11 | CVE-2014-9781 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android Buffer overflow in drivers/video/fbcmap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28410333 and Qualcomm internal bug CR556471. | 9.3 |
| 2016-07-11 | CVE-2014-9780 | Permissions, Privileges, and Access Controls vulnerability in Google Android drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5, 5X, and 6P devices does not validate start and length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28602014 and Qualcomm internal bug CR542222. | 9.3 |
| 2016-07-11 | CVE-2014-9779 | Permissions, Privileges, and Access Controls vulnerability in Google Android arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to obtain sensitive information from kernel memory via a crafted offset, aka Android internal bug 28598347 and Qualcomm internal bug CR548679. | 9.3 |
| 2016-07-11 | CVE-2014-9778 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598515 and Qualcomm internal bug CR563694. | 9.3 |
| 2016-07-11 | CVE-2014-9777 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598501 and Qualcomm internal bug CR563654. | 9.3 |
| 2016-07-11 | CVE-2013-7457 | Unspecified vulnerability in Google Android Unspecified vulnerability in the Qualcomm components in Android before 2016-07-05 allows attackers to gain privileges via a crafted application. | 10.0 |
| 2016-06-13 | CVE-2016-2496 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Google Android 6.0/6.0.1 The Framework UI permission-dialog implementation in Android 6.x before 2016-06-01 allows attackers to conduct tapjacking attacks and access arbitrary private-storage files by creating a partially overlapping window, aka internal bug 26677796. | 9.8 |
| 2016-06-13 | CVE-2016-2494 | Permissions, Privileges, and Access Controls vulnerability in Google Android Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28085658. | 9.3 |