Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2016-08-06 CVE-2014-9889 Improper Input Validation vulnerability in Google Android
drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803645 and Qualcomm internal bug CR674712.
local
low complexity
google CWE-20
7.8
2016-08-06 CVE-2014-9888 Permissions, Privileges, and Access Controls vulnerability in Linux Kernel
arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android internal bug 28803642 and Qualcomm internal bug CR642735.
local
low complexity
linux CWE-264
7.8
2016-08-06 CVE-2014-9887 Permissions, Privileges, and Access Controls vulnerability in Google Android
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804057 and Qualcomm internal bug CR636633.
local
low complexity
google CWE-264
7.8
2016-08-06 CVE-2014-9886 Improper Input Validation vulnerability in Google Android
arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815575 and Qualcomm internal bug CR555030.
local
low complexity
google CWE-20
7.8
2016-08-06 CVE-2014-9885 Permissions, Privileges, and Access Controls vulnerability in Google Android
Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug 28769959 and Qualcomm internal bug CR562261.
local
low complexity
google CWE-264
7.8
2016-08-06 CVE-2014-9884 Improper Input Validation vulnerability in Google Android
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769920 and Qualcomm internal bug CR580740.
local
low complexity
google CWE-20
7.8
2016-08-06 CVE-2014-9883 Integer Underflow (Wrap or Wraparound) vulnerability in Google Android
Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28769912 and Qualcomm internal bug CR565160.
local
low complexity
google CWE-191
7.8
2016-08-06 CVE-2014-9882 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Google Android
Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546 and Qualcomm internal bug CR552329.
local
low complexity
google CWE-119
7.8
2016-08-06 CVE-2014-9881 Permissions, Privileges, and Access Controls vulnerability in Google Android
drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application, aka Android internal bug 28769368 and Qualcomm internal bug CR539008.
local
low complexity
google CWE-264
7.8
2016-08-06 CVE-2014-9880 Permissions, Privileges, and Access Controls vulnerability in Google Android
drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769352 and Qualcomm internal bug CR556356.
local
low complexity
google CWE-264
7.8