Skip to main content

Qualcomm

1142 CVEs vendor

Monthly

CVE-2016-3856 HIGH PATCH This Week

netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application, aka. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Denial Of Service Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-3855 HIGH PATCH This Week

drivers/thermal/supply_lm_core.c in the Qualcomm components in Android before 2016-08-05 does not validate a certain count parameter, which allows attackers to cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Google Buffer Overflow Qualcomm +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-3854 HIGH PATCH This Week

drivers/media/video/msm/msm_mctl_buf.c in the Qualcomm components in Android before 2016-08-05 does not validate the image mode, which allows attackers to cause a denial of service (out-of-bounds. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Google Buffer Overflow Qualcomm +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8944 MEDIUM PATCH This Month

The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Qualcomm Google Information Disclosure Android +1
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-8943 HIGH PATCH This Week

drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8942 HIGH PATCH This Week

drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8941 HIGH PATCH This Week

drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8940 HIGH PATCH This Week

Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8939 HIGH PATCH This Week

drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8938 HIGH PATCH This Week

The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8937 HIGH PATCH This Week

drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9900 MEDIUM PATCH This Month

The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Qualcomm Google Information Disclosure Android +1
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2014-9899 MEDIUM PATCH This Month

drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2014-9898 MEDIUM PATCH This Month

arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2014-9897 MEDIUM PATCH This Month

sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2014-9896 MEDIUM PATCH This Month

drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2014-9895 MEDIUM PATCH This Month

drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Qualcomm Google Information Disclosure Android +1
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2014-9894 MEDIUM PATCH This Month

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\0' character, which allows attackers to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2014-9893 MEDIUM PATCH This Month

drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2014-9892 MEDIUM PATCH This Month

The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Qualcomm Google Information Disclosure Android +1
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2014-9891 HIGH PATCH This Week

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9890 HIGH PATCH This Week

Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9889 HIGH PATCH This Week

drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9888 HIGH PATCH This Week

arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Privilege Escalation Linux Google Linux Kernel
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9887 HIGH PATCH This Week

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9886 HIGH PATCH This Week

arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9885 HIGH PATCH This Week

Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9884 HIGH PATCH This Week

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9883 HIGH PATCH This Week

Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9882 HIGH PATCH This Week

Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9881 HIGH PATCH This Week

drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Buffer Overflow Qualcomm Privilege Escalation +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9880 HIGH PATCH This Week

drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9879 HIGH PATCH This Week

The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9878 HIGH PATCH This Week

drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9877 HIGH PATCH This Week

drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9876 HIGH PATCH This Week

drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9875 HIGH PATCH This Week

drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9874 HIGH PATCH This Week

Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9873 HIGH PATCH This Week

Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9872 HIGH PATCH This Week

The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9871 HIGH PATCH This Week

Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9870 HIGH PATCH This Week

The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Linux Google Android +1
NVD GitHub
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9869 HIGH PATCH This Week

drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9868 HIGH PATCH This Week

drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2014-9867 HIGH PATCH This Week

drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9866 HIGH PATCH This Week

drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9865 HIGH PATCH This Week

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Authentication Bypass Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9864 HIGH PATCH This Week

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9863 HIGH PATCH This Week

Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-3850 HIGH PATCH This Week

Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted header field. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.3
EPSS
0.0%
CVE-2016-3843 HIGH PATCH This Week

Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation RCE Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-3842 HIGH PATCH This Week

The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28377352 and Qualcomm. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2504 HIGH PATCH This Week

The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2014-9902 CRITICAL PATCH Act Now

Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Google Buffer Overflow RCE Android
NVD
CVSS 3.0
9.8
EPSS
3.9%
CVE-2014-9901 HIGH PATCH This Week

The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Google Denial Of Service Authentication Bypass Android
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-3813 MEDIUM PATCH This Month

The Qualcomm USB driver in Android before 2016-07-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28172322. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-3797 HIGH This Week

The Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28085680 and Qualcomm internal bug. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-3792 HIGH This Week

CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles userspace data copying, which allows attackers to gain privileges via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-3768 HIGH PATCH This Week

The Qualcomm performance component in Android before 2016-07-05 on Nexus 5, 6, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2503 HIGH PATCH This Week

The Qualcomm GPU driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28084795 and Qualcomm internal. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2502 HIGH This Week

drivers/usb/gadget/f_serial.c in the Qualcomm USB driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a large size in a GSER_IOCTL ioctl call, aka. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2501 HIGH PATCH This Week

The Qualcomm camera driver in Android before 2016-07-05 on Nexus 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 27890772 and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-2068 HIGH PATCH This Week

The MSM QDSP6 audio driver (aka sound driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Google Linux Buffer Overflow +3
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2016-2067 HIGH PATCH This Week

drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Qualcomm Privilege Escalation Linux Google Android +1
NVD
CVSS 3.1
7.8
EPSS
0.1%
CVE-2015-8893 MEDIUM This Month

app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Qualcomm Google Buffer Overflow Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-8892 HIGH This Week

platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8891 HIGH This Week

Multiple integer overflows in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to bypass intended access restrictions via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8890 HIGH This Week

platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8889 HIGH This Week

The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2015-8888 HIGH This Week

Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9802 HIGH This Week

Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9801 HIGH This Week

Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9800 HIGH This Week

Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9799 HIGH This Week

The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9798 MEDIUM This Month

platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Denial Of Service Authentication Bypass Android
NVD
CVSS 3.0
5.5
EPSS
0.0%
CVE-2014-9796 HIGH This Week

app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9795 HIGH This Week

app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9793 HIGH This Week

platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9792 HIGH This Week

arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9790 HIGH This Week

drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate pointers used in read and write operations, which allows attackers. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9789 HIGH PATCH This Week

The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9788 HIGH PATCH This Week

Multiple buffer overflows in the voice drivers in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9787 HIGH This Week

Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9786 HIGH This Week

Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9785 HIGH This Week

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate addresses before copying data, which allows attackers to gain privileges via. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9784 HIGH This Week

Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9783 HIGH This Week

drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9782 HIGH This Week

drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9781 HIGH This Week

Buffer overflow in drivers/video/fbcmap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Buffer Overflow Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2014-9780 HIGH This Week

drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5, 5X, and 6P devices does not validate start and length values, which allows attackers to gain. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Google Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
EPSS 0% CVSS 7.8
HIGH PATCH This Week

netd in Android before 2016-08-05 mishandles tethering and stdio streams, which allows attackers to cause a denial of service or possibly have unspecified other impact via a crafted application, aka. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Denial Of Service +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

drivers/thermal/supply_lm_core.c in the Qualcomm components in Android before 2016-08-05 does not validate a certain count parameter, which allows attackers to cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Google +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

drivers/media/video/msm/msm_mctl_buf.c in the Qualcomm components in Android before 2016-08-05 does not validate the image mode, which allows attackers to cause a denial of service (out-of-bounds. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Google +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The ioresources_init function in kernel/resource.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices, uses weak permissions for /proc/iomem, which. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Qualcomm Google +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

drivers/video/msm/mdss/mdss_mdp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not verify that a mapping exists before proceeding with an unmap operation,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate the stream state, which allows attackers to gain. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 and 7 (2013) devices does not properly validate array indexes, which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Integer overflow in sound/soc/msm/qdsp6v2/q6lsm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices allows attackers to gain privileges via a crafted application, aka Android. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

drivers/video/msm/mdp4_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate r stages, g stages, or b stages data, which allows attackers to gain. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The MSM camera driver in the Qualcomm components in Android before 2016-08-05 on Nexus 6 devices does not validate input parameters, which allows attackers to gain privileges via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

drivers/char/diag/diagchar_core.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 6, and 7 (2013) devices mishandles a socket process, which allows attackers to gain privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure,. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Qualcomm Google +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

drivers/usb/host/ehci-msm2.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices omits certain minimum calculations before copying data, which allows attackers to obtain. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

sound/soc/msm/qdsp6v2/msm-lsm-client.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain user-space data, which allows attackers to obtain sensitive. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

drivers/media/media-device.c in the Linux kernel before 3.11, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize certain data structures, which allows. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Qualcomm Google +3
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not ensure that certain name strings end in a '\0' character, which allows attackers to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

drivers/video/msm/mdss/mdss_mdp_pp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not properly determine the size of Gamut LUT data, which allows attackers to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The snd_compr_tstamp function in sound/core/compress_offload.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly initialize a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Linux Qualcomm Google +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

Qualcomm Privilege Escalation Linux +2
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Google Buffer Overflow +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Linux +3
NVD GitHub
EPSS 0% CVSS 7.8
HIGH PATCH This Week

drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Authentication Bypass +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted header field. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Android before 2016-08-05 does not properly restrict code execution in a kernel context, which allows attackers to gain privileges via a crafted application, as demonstrated by the kernel performance. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation RCE +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5X, 6, and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28377352 and Qualcomm. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The Qualcomm GPU driver in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28026365 and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Google Buffer Overflow +2
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

The Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices makes incorrect snprintf calls, which allows remote attackers to cause a denial of service (device hang or reboot) via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Qualcomm Google Denial Of Service +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The Qualcomm USB driver in Android before 2016-07-05 on Nexus 5, 5X, 6, and 6P devices allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28172322. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 5X devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28085680 and Qualcomm internal bug. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

CORE/HDD/src/wlan_hdd_hostapd.c in the Qualcomm Wi-Fi driver in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles userspace data copying, which allows attackers to gain privileges via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The Qualcomm performance component in Android before 2016-07-05 on Nexus 5, 6, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The Qualcomm GPU driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28084795 and Qualcomm internal. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

drivers/usb/gadget/f_serial.c in the Qualcomm USB driver in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to gain privileges via a large size in a GSER_IOCTL ioctl call, aka. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The Qualcomm camera driver in Android before 2016-07-05 on Nexus 5X, 6, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 27890772 and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The MSM QDSP6 audio driver (aka sound driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow Denial Of Service Google +5
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

drivers/gpu/msm/kgsl.c in the MSM graphics driver (aka GPU driver) for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Qualcomm Privilege Escalation Linux +3
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to cause a denial of service (OS outage or buffer over-read) via a crafted. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Qualcomm Google +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

platform/msm_shared/boot_verifier.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5X and 6P devices allows attackers to bypass intended access restrictions via a digest with. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Multiple integer overflows in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to bypass intended access restrictions via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

platform/msm_shared/partition_parser.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate certain GUID Partition Table (GPT) data, which allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The aboot implementation in the Qualcomm components in Android before 2016-07-05 on Nexus 6P devices omits the recovery PIN feature, which has unspecified impact and attack vectors, aka Android. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Integer overflow in app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allows attackers to bypass intended access restrictions via a crafted block count and. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application,. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Denial Of Service +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate pointers used in read and write operations, which allows attackers. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Multiple buffer overflows in the voice drivers in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate addresses before copying data, which allows attackers to gain privileges via. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate direction and step. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Google +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Buffer overflow in drivers/video/fbcmap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

drivers/video/msm/mdss/mdp3_ctrl.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5, 5X, and 6P devices does not validate start and length values, which allows attackers to gain. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Privilege Escalation Google +1
NVD
Prev Page 12 of 13 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy