Total
6434 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-15826 | 1 Google | 1 Android | 2018-04-23 | 4.4 MEDIUM | 7.8 HIGH |
| Due to a race condition in MDSS rotator in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-20, a double free vulnerability may potentially exist when two threads free the same perf structures. | |||||
| CVE-2017-9691 | 1 Google | 1 Android | 2018-04-23 | 1.9 LOW | 4.7 MEDIUM |
| There is a race condition in Android for MSM, Firefox OS for MSM, and QRD Android that allows to access to already free'd memory in the debug message output functionality contained within the mobicore driver. | |||||
| CVE-2017-17769 | 1 Google | 1 Android | 2018-04-23 | 2.1 LOW | 5.5 MEDIUM |
| Information leakage in Android for MSM, Firefox OS for MSM, and QRD Android can occur in the audio driver. | |||||
| CVE-2017-9692 | 1 Google | 1 Android | 2018-04-23 | 4.6 MEDIUM | 7.8 HIGH |
| When an atomic commit is issued on a writeback panel with a NULL output_layer parameter in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-06-03, a NULL pointer dereference may potentially occur. | |||||
| CVE-2017-9681 | 1 Google | 1 Android | 2018-04-20 | 4.0 MEDIUM | 6.5 MEDIUM |
| In Android before 2017-08-05 on Qualcomm MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel, if kernel memory address is passed from userspace through iris_vidioc_s_ext_ctrls ioctl, it will print kernel address data. A user could set it to an arbitrary kernel address, hence information disclosure (for kernel) could occur. | |||||
| CVE-2016-10390 | 1 Google | 1 Android | 2018-04-18 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, when downloading a file, an excessive amount of memory may be consumed. | |||||
| CVE-2015-8593 | 1 Google | 1 Android | 2018-04-18 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. | |||||
| CVE-2015-8594 | 1 Google | 1 Android | 2018-04-18 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in RFA-1x. | |||||
| CVE-2016-5348 | 1 Google | 1 Android | 2018-04-18 | 7.1 HIGH | 5.9 MEDIUM |
| The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows man-in-the-middle attackers to cause a denial of service (memory consumption, and device hang or reboot) via a large xtra.bin or xtra2.bin file on a spoofed Qualcomm gpsonextra.net or izatcloud.net host, aka internal bug 29555864. | |||||
| CVE-2015-9063 | 1 Google | 1 Android | 2018-04-18 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a procedure involving a remote UIM client. | |||||
| CVE-2015-9064 | 1 Google | 1 Android | 2018-04-18 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send IMEI or IMEISV to the network on a network request before NAS security has been activated. | |||||
| CVE-2015-9065 | 1 Google | 1 Android | 2018-04-18 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a UE can respond to a UEInformationRequest before Access Stratum security is established. | |||||
| CVE-2015-9066 | 1 Google | 1 Android | 2018-04-18 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an Inter-RAT procedure. | |||||
| CVE-2014-9971 | 1 Google | 1 Android | 2018-04-18 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow. | |||||
| CVE-2014-9972 | 1 Google | 1 Android | 2018-04-18 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition. | |||||
| CVE-2014-9976 | 1 Google | 1 Android | 2018-04-18 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. | |||||
| CVE-2014-9981 | 1 Google | 1 Android | 2018-04-18 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot. | |||||
| CVE-2015-0576 | 1 Google | 1 Android | 2018-04-18 | 7.6 HIGH | 7.0 HIGH |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in HSDPA. | |||||
| CVE-2016-10392 | 1 Google | 1 Android | 2018-04-18 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, a driver can potentially leak kernel memory. | |||||
| CVE-2016-10380 | 1 Google | 1 Android | 2018-04-18 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location. | |||||