CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Google » Android : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3701 CVE-2015-9010 264 2018-04-04 2018-05-08
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393101.
3702 CVE-2015-9009 264 2018-04-04 2018-05-08
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393600.
3703 CVE-2015-9008 264 2018-04-04 2018-05-08
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384689.
3704 CVE-2015-9007 415 2017-06-06 2017-06-08
9.3
None Remote Medium Not required Complete Complete Complete
In TrustZone in all Android releases from CAF using the Linux kernel, a Double Free vulnerability could potentially exist.
3705 CVE-2015-9006 284 2017-06-06 2017-06-09
9.3
None Remote Medium Not required Complete Complete Complete
In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist.
3706 CVE-2015-9005 190 Overflow 2017-06-06 2017-06-08
9.3
None Remote Medium Not required Complete Complete Complete
In TrustZone in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist.
3707 CVE-2015-9004 264 +Priv 2017-05-02 2017-05-12
9.3
None Remote Medium Not required Complete Complete Complete
kernel/events/core.c in the Linux kernel before 3.19 mishandles counter grouping, which allows local users to gain privileges via a crafted application, related to the perf_pmu_register and perf_event_open functions.
3708 CVE-2015-9003 310 2017-05-16 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
In TrustZone a cryptographic issue can potentially occur in all Android releases from CAF using the Linux kernel.
3709 CVE-2015-9002 189 2017-05-16 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
In TrustZone an out-of-range pointer offset vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.
3710 CVE-2015-9001 200 +Info 2017-05-16 2017-07-11
4.3
None Remote Medium Not required Partial None None
In TrustZone an information exposure vulnerability can potentially occur in all Android releases from CAF using the Linux kernel.
3711 CVE-2015-9000 476 2017-05-16 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
In TrustZone an untrusted pointer dereference vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel.
3712 CVE-2015-8999 119 Overflow 2017-05-16 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
In TrustZone a buffer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel while loading an ELF file.
3713 CVE-2015-8998 190 Overflow 2017-05-16 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel.
3714 CVE-2015-8997 362 2017-05-16 2017-07-11
7.6
None Remote High Not required Complete Complete Complete
In TrustZone a time-of-check time-of-use race condition could potentially exist in a listener routine in all Android releases from CAF using the Linux kernel.
3715 CVE-2015-8996 362 2017-05-16 2017-07-11
7.6
None Remote High Not required Complete Complete Complete
In TrustZone a time-of-check time-of-use race condition could potentially exist in a QFPROM routine in all Android releases from CAF using the Linux kernel.
3716 CVE-2015-8995 190 Overflow 2017-05-16 2017-07-11
9.3
None Remote Medium Not required Complete Complete Complete
In TrustZone an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel.
3717 CVE-2015-8967 264 +Priv Bypass 2016-12-08 2016-12-10
9.3
None Remote Medium Not required Complete Complete Complete
arch/arm64/kernel/sys.c in the Linux kernel before 4.0 allows local users to bypass the "strict page permissions" protection mechanism and modify the system-call table, and consequently gain privileges, by leveraging write access.
3718 CVE-2015-8956 476 DoS +Info 2016-10-10 2018-01-05
3.6
None Local Low Not required Partial None Partial
The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel before 4.2 allows local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket.
3719 CVE-2015-8955 264 DoS +Priv 2016-10-10 2016-11-28
6.9
None Local Medium Not required Complete Complete Complete
arch/arm64/kernel/perf_event.c in the Linux kernel before 4.1 on arm64 platforms allows local users to gain privileges or cause a denial of service (invalid pointer dereference) via vectors involving events that are mishandled during a span of multiple HW PMUs.
3720 CVE-2015-8951 264 +Priv 2016-10-10 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple use-after-free vulnerabilities in sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm sound driver in Android before 2016-10-05 on Nexus 5X, Nexus 6P, and Android One devices allow attackers to gain privileges via a crafted application, aka Android internal bug 30142668 and Qualcomm internal bug CR 948902.
3721 CVE-2015-8944 200 +Info 2016-08-06 2016-11-28
4.3
None Remote Medium Not required Partial None None
The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which allows local users to obtain sensitive information by reading this file, aka Android internal bug 28814213 and Qualcomm internal bug CR786116. NOTE: the permissions may be intentional in most non-Android contexts.
3722 CVE-2015-8943 264 +Priv 2016-08-06 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815158 and Qualcomm internal bugs CR794217 and CR836226.
3723 CVE-2015-8942 264 +Priv 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814652 and Qualcomm internal bug CR803246.
3724 CVE-2015-8941 264 +Priv 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28814502 and Qualcomm internal bug CR792473.
3725 CVE-2015-8940 264 Overflow +Priv 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28813987 and Qualcomm internal bug CR792367.
3726 CVE-2015-8939 264 +Priv 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28398884 and Qualcomm internal bug CR779021.
3727 CVE-2015-8938 264 +Priv 2016-08-06 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804030 and Qualcomm internal bug CR766022.
3728 CVE-2015-8937 19 +Priv 2016-08-06 2016-11-28
6.8
None Remote Medium Not required Partial Partial Partial
drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803962 and Qualcomm internal bug CR770548.
3729 CVE-2015-8893 119 DoS Overflow 2016-07-11 2016-07-11
4.3
None Remote Medium Not required None None Partial
app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted application, aka Android internal bug 28822690 and Qualcomm internal bug CR822275.
3730 CVE-2015-8892 264 Bypass 2016-07-11 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with trailing data, aka Android internal bug 28822807 and Qualcomm internal bug CR902998.
3731 CVE-2015-8891 189 Overflow Bypass 2016-07-11 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Multiple integer overflows in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to bypass intended access restrictions via a crafted image, aka Android internal bug 28842418 and Qualcomm internal bug CR813930.
3732 CVE-2015-8890 264 Bypass 2016-07-11 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows attackers to bypass intended access restrictions via a crafted MultiMediaCard (MMC), aka Android internal bug 28822878 and Qualcomm internal bug CR823461.
3733 CVE-2015-8889 264 2016-07-11 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android internal bug 28822677 and Qualcomm internal bug CR804067.
3734 CVE-2015-8888 264 Overflow Bypass 2016-07-11 2016-11-28
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and block size of a sparse header, aka Android internal bug 28822465 and Qualcomm internal bug CR813933.
3735 CVE-2015-8596 119 Overflow 2017-08-18 2017-08-24
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths is missing in malware protection.
3736 CVE-2015-8595 119 Overflow 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in digital television/digital radio DRM.
3737 CVE-2015-8594 119 Overflow 2017-08-18 2018-04-19
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in RFA-1x.
3738 CVE-2015-8593 119 Overflow 2017-08-18 2018-04-19
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing.
3739 CVE-2015-8592 476 Mem. Corr. 2017-08-18 2017-08-23
10.0
None Remote Low Not required Complete Complete Complete
In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption.
3740 CVE-2015-8507 119 DoS Exec Code Overflow Mem. Corr. 2015-12-08 2015-12-09
9.3
None Remote Medium Not required Complete Complete Complete
mediaserver in Android 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24157524, a different vulnerability than CVE-2015-6616, CVE-2015-8505, and CVE-2015-8506.
3741 CVE-2015-8506 119 DoS Exec Code Overflow Mem. Corr. 2015-12-08 2019-02-14
9.3
None Remote Medium Not required Complete Complete Complete
mediaserver in Android before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 24441553, a different vulnerability than CVE-2015-6616, CVE-2015-8505, and CVE-2015-8507.
3742 CVE-2015-8505 119 DoS Exec Code Overflow Mem. Corr. 2015-12-08 2015-12-09
9.3
None Remote Medium Not required Complete Complete Complete
mediaserver in Android before 5.1.1 LMY48Z allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 17769851, a different vulnerability than CVE-2015-6616, CVE-2015-8506, and CVE-2015-8507.
3743 CVE-2015-8074 200 Bypass +Info 2015-11-03 2015-11-03
5.0
None Remote Low Not required Partial None None
mediaserver in Android before 5.1.1 LMY48X allows remote attackers to obtain sensitive information, and consequently bypass an unspecified protection mechanism, via unknown vectors, aka internal bugs 23540907 and 23515142, a different vulnerability than CVE-2015-6611.
3744 CVE-2015-8073 119 DoS Exec Code Overflow Mem. Corr. 2015-11-03 2015-11-03
10.0
None Remote Low Not required Complete Complete Complete
mediaserver in Android 4.4 and 5.1 before 5.1.1 LMY48X allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 14388161, a different vulnerability than CVE-2015-6608 and CVE-2015-8072.
3745 CVE-2015-8072 119 DoS Exec Code Overflow Mem. Corr. 2015-11-03 2015-11-03
10.0
None Remote Low Not required Complete Complete Complete
mediaserver in Android 4.4 through 5.x before 5.1.1 LMY48X and 6.0 before 2015-11-01 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 23881715, a different vulnerability than CVE-2015-6608 and CVE-2015-8073.
3746 CVE-2015-7718 DoS 2015-10-06 2015-10-07
5.0
None Remote Low Not required None None Partial
mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to cause a denial of service (process crash) via unspecified vectors, aka internal bug 22278703, a different vulnerability than CVE-2015-6605.
3747 CVE-2015-7717 264 +Priv 2015-10-06 2015-10-07
9.3
None Remote Medium Not required Complete Complete Complete
mediaserver in Android 5.x before 5.1.1 LMY48T and 6.0 before 2015-10-01 allows attackers to gain privileges via a crafted application, aka internal bug 19573085, a different vulnerability than CVE-2015-6596.
3748 CVE-2015-7716 119 DoS Exec Code Overflow Mem. Corr. 2015-10-06 2015-10-07
10.0
None Remote Low Not required Complete Complete Complete
libstagefright in Android 5.x before 5.1.1 LMY48T allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted media file, aka internal bug 20721050, a different vulnerability than CVE-2015-3873.
3749 CVE-2015-6647 264 +Priv 2016-01-06 2016-12-07
9.3
None Remote Medium Not required Complete Complete Complete
The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24441554.
3750 CVE-2015-6646 399 DoS 2016-01-06 2016-12-07
7.8
None Remote Low Not required None None Complete
The System V IPC implementation in the kernel in Android before 6.0 2016-01-01 allows attackers to cause a denial of service (global kernel resource consumption) by leveraging improper interaction between IPC resource allocation and the memory manager, aka internal bug 22300191, a different vulnerability than CVE-2015-7613.
Total number of vulnerabilities : 3865   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 (This Page)76 77 78
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.