Vulnerabilities > Google > High

DATE CVE VULNERABILITY TITLE RISK
2016-08-06 CVE-2015-8942 Permissions, Privileges, and Access Controls vulnerability in Google Android
drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814652 and Qualcomm internal bug CR803246.
local
low complexity
google CWE-264
7.8
2016-08-06 CVE-2015-8941 Permissions, Privileges, and Access Controls vulnerability in Google Android
drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814502 and Qualcomm internal bug CR792473.
local
low complexity
google CWE-264
7.8
2016-08-06 CVE-2015-8940 Permissions, Privileges, and Access Controls vulnerability in Google Android
Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and Qualcomm internal bug CR792367.
local
low complexity
google CWE-264
7.8
2016-08-06 CVE-2015-8939 Permissions, Privileges, and Access Controls vulnerability in Google Android
drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28398884 and Qualcomm internal bug CR779021.
local
low complexity
google CWE-264
7.8
2016-08-06 CVE-2015-8938 Permissions, Privileges, and Access Controls vulnerability in Google Android
The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804030 and Qualcomm internal bug CR766022.
local
low complexity
google CWE-264
7.8
2016-08-06 CVE-2015-8937 Data Processing Errors vulnerability in Google Android
drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803962 and Qualcomm internal bug CR770548.
local
low complexity
google CWE-19
7.8
2016-08-06 CVE-2014-9891 Permissions, Privileges, and Access Controls vulnerability in Google Android
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl call, aka Android internal bug 28749283 and Qualcomm internal bug CR550061.
local
low complexity
google CWE-264
7.8
2016-08-06 CVE-2014-9890 Permissions, Privileges, and Access Controls vulnerability in Google Android
Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that sends an I2C command, aka Android internal bug 28770207 and Qualcomm internal bug CR529177.
local
low complexity
google CWE-264
7.8
2016-08-06 CVE-2014-9889 Improper Input Validation vulnerability in Google Android
drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803645 and Qualcomm internal bug CR674712.
local
low complexity
google CWE-20
7.8
2016-08-06 CVE-2014-9887 Permissions, Privileges, and Access Controls vulnerability in Google Android
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804057 and Qualcomm internal bug CR636633.
local
low complexity
google CWE-264
7.8