CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google : Security Vulnerabilities (CVSS score >= 9)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
901 CVE-2014-9934 347 2017-05-16 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding.
902 CVE-2014-9933 20 2017-05-16 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access.
903 CVE-2014-9932 190 Overflow 2017-05-16 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
In TrustZone, an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel due to an improper address range computation.
904 CVE-2014-9931 119 Overflow 2017-05-16 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value.
905 CVE-2014-9930 416 2017-06-06 2017-06-09
9.3
None Remote Medium Not required Complete Complete Complete
In WCDMA in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.
906 CVE-2014-9929 119 Overflow 2017-06-06 2017-06-09
9.3
None Remote Medium Not required Complete Complete Complete
In WCDMA in all Android releases from CAF using the Linux kernel, a Use of Out-of-range Pointer Offset vulnerability could potentially exist.
907 CVE-2014-9928 119 Overflow 2017-06-06 2017-06-09
9.3
None Remote Medium Not required Complete Complete Complete
In GERAN in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
908 CVE-2014-9927 119 Overflow 2017-06-06 2017-06-09
9.3
None Remote Medium Not required Complete Complete Complete
In UIM in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
909 CVE-2014-9926 416 2017-06-06 2017-06-09
9.3
None Remote Medium Not required Complete Complete Complete
In GNSS in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist.
910 CVE-2014-9925 119 Overflow 2017-06-06 2017-06-09
9.3
None Remote Medium Not required Complete Complete Complete
In HDR in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
911 CVE-2014-9924 189 2017-06-06 2017-06-09
9.3
None Remote Medium Not required Complete Complete Complete
In 1x in all Android releases from CAF using the Linux kernel, a Signed to Unsigned Conversion Error could potentially occur.
912 CVE-2014-9923 119 Overflow 2017-06-06 2017-06-09
9.3
None Remote Medium Not required Complete Complete Complete
In NAS in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist.
913 CVE-2014-9922 264 +Priv 2017-04-04 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overlayfs/super.c.
914 CVE-2014-9909 264 Exec Code 2017-01-18 2017-01-20
9.3
None Remote Medium Not required Complete Complete Complete
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-31676542. References: B-RB#26684.
915 CVE-2014-9902 119 Exec Code Overflow 2016-08-05 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android internal bug 28668638 and Qualcomm internal bugs CR553937 and CR553941.
916 CVE-2014-9891 264 +Priv 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted application that makes an ioctl call, aka Android internal bug 28749283 and Qualcomm internal bug CR550061.
917 CVE-2014-9890 264 +Priv 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that sends an I2C command, aka Android internal bug 28770207 and Qualcomm internal bug CR529177.
918 CVE-2014-9887 264 +Priv 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804057 and Qualcomm internal bug CR636633.
919 CVE-2014-9871 119 Overflow +Priv 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28749803 and Qualcomm internal bug CR514717.
920 CVE-2014-9870 264 +Priv 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal bug 28749743 and Qualcomm internal bug CR561044.
921 CVE-2014-9869 264 +Priv 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749728 and Qualcomm internal bug CR514711.
922 CVE-2014-9867 264 +Priv 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749629 and Qualcomm internal bug CR514702.
923 CVE-2014-9866 20 +Priv 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747684 and Qualcomm internal bug CR511358.
924 CVE-2014-9865 284 +Priv 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28748271 and Qualcomm internal bug CR550013.
925 CVE-2014-9864 20 +Priv 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747998 and Qualcomm internal bug CR561841.
926 CVE-2014-9863 190 +Priv +Info 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470.
927 CVE-2014-9803 19 +Priv 2016-07-11 2016-07-12
9.3
None Remote Medium Not required Complete Complete Complete
arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28557020.
928 CVE-2014-9802 264 Overflow +Priv 2016-07-11 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28821965 and Qualcomm internal bug CR705108.
929 CVE-2014-9801 189 Overflow +Priv 2016-07-11 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28822060 and Qualcomm internal bug CR705078.
930 CVE-2014-9800 264 Overflow +Priv 2016-07-11 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28822150 and Qualcomm internal bug CR692478.
931 CVE-2014-9799 264 Overflow +Priv 2016-07-11 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a crafted application that leverages incorrect compiler optimization of an integer-overflow protection mechanism, aka Android internal bug 28821731 and Qualcomm internal bug CR691916.
932 CVE-2014-9796 264 Bypass 2016-07-11 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass intended access restrictions via a crafted boot image, aka Android internal bug 28820722 and Qualcomm internal bug CR684756.
933 CVE-2014-9795 189 Overflow Bypass 2016-07-11 2016-11-28
10.0
None Remote Low Not required Complete Complete Complete
app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrictions via crafted start and size values, aka Android internal bug 28820720 and Qualcomm internal bug CR681957, a related issue to CVE-2014-4325.
934 CVE-2014-9793 254 +Priv 2016-07-11 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28821253 and Qualcomm internal bug CR580567.
935 CVE-2014-9792 189 +Priv 2016-07-11 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769399 and Qualcomm internal bug CR550606.
936 CVE-2014-9790 264 +Priv 2016-07-11 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate pointers used in read and write operations, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769136 and Qualcomm internal bug CR545716.
937 CVE-2014-9789 264 +Priv 2016-07-11 2019-04-09
9.3
None Remote Medium Not required Complete Complete Complete
The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749392 and Qualcomm internal bug CR556425.
938 CVE-2014-9788 119 Overflow +Priv 2016-07-11 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in the voice drivers in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28573112 and Qualcomm internal bug CR548872.
939 CVE-2014-9787 189 Overflow +Priv 2016-07-11 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28571496 and Qualcomm internal bug CR545764.
940 CVE-2014-9786 119 Overflow +Priv 2016-07-11 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28557260 and Qualcomm internal bug CR545979.
941 CVE-2014-9785 264 +Priv 2016-07-11 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate addresses before copying data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28469042 and Qualcomm internal bug CR545747.
942 CVE-2014-9784 119 Overflow +Priv 2016-07-11 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28442449 and Qualcomm internal bug CR585147.
943 CVE-2014-9783 264 +Priv 2016-07-11 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28441831 and Qualcomm internal bug CR511382.
944 CVE-2014-9782 264 +Priv 2016-07-11 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28431531 and Qualcomm internal bug CR511349.
945 CVE-2014-9781 119 Overflow +Priv 2016-07-11 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in drivers/video/fbcmap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28410333 and Qualcomm internal bug CR556471.
946 CVE-2014-9780 264 +Priv 2016-07-11 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5, 5X, and 6P devices does not validate start and length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28602014 and Qualcomm internal bug CR542222.
947 CVE-2014-9779 264 +Info 2016-07-11 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to obtain sensitive information from kernel memory via a crafted offset, aka Android internal bug 28598347 and Qualcomm internal bug CR548679.
948 CVE-2014-9778 119 Overflow +Priv 2016-07-11 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598515 and Qualcomm internal bug CR563694.
949 CVE-2014-9777 119 Overflow +Priv 2016-07-11 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The vid_dec_set_meta_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598501 and Qualcomm internal bug CR563654.
950 CVE-2014-9411 118 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection.
Total number of vulnerabilities : 1095   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 (This Page)20 21 22
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.