Vulnerabilities > Google > High

DATE CVE VULNERABILITY TITLE RISK
2016-07-11 CVE-2014-9799 Permissions, Privileges, and Access Controls vulnerability in Google Android
The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that leverages incorrect compiler optimization of an integer-overflow protection mechanism, aka Android internal bug 28821731 and Qualcomm internal bug CR691916.
local
low complexity
google CWE-264
7.8
2016-07-11 CVE-2014-9796 Permissions, Privileges, and Access Controls vulnerability in Google Android
app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass intended access restrictions via a crafted boot image, aka Android internal bug 28820722 and Qualcomm internal bug CR684756.
local
low complexity
google CWE-264
7.8
2016-07-11 CVE-2014-9795 Numeric Errors vulnerability in Google Android
app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size values, aka Android internal bug 28820720 and Qualcomm internal bug CR681957, a related issue to CVE-2014-4325.
local
low complexity
google CWE-189
7.8
2016-07-11 CVE-2014-9793 7PK - Security Features vulnerability in Google Android
platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28821253 and Qualcomm internal bug CR580567.
local
low complexity
google CWE-254
7.8
2016-07-11 CVE-2014-9792 Numeric Errors vulnerability in Google Android
arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769399 and Qualcomm internal bug CR550606.
local
low complexity
google CWE-189
7.8
2016-07-11 CVE-2014-9790 Permissions, Privileges, and Access Controls vulnerability in Google Android
drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate pointers used in read and write operations, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769136 and Qualcomm internal bug CR545716.
local
low complexity
google CWE-264
7.8
2016-07-11 CVE-2014-9789 Permissions, Privileges, and Access Controls vulnerability in Google Android
The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749392 and Qualcomm internal bug CR556425.
local
low complexity
google CWE-264
7.8
2016-07-11 CVE-2014-9788 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
Multiple buffer overflows in the voice drivers in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28573112 and Qualcomm internal bug CR548872.
local
low complexity
google CWE-119
7.8
2016-07-11 CVE-2014-9787 Numeric Errors vulnerability in Google Android
Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28571496 and Qualcomm internal bug CR545764.
local
low complexity
google CWE-189
7.8
2016-07-11 CVE-2014-9786 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28557260 and Qualcomm internal bug CR545979.
local
low complexity
google CWE-119
7.8