The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2014-9890 | Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application that sends an I2C command, aka Android internal bug 28770207 and Qualcomm internal bug CR529177. | High | Aug 10, 2016 |
| CVE-2014-9889 | drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28803645 and Qualcomm internal bug CR674712. | Medium | Aug 9, 2016 |
| CVE-2014-9888 | arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might allow local users to gain privileges via a crafted application, aka Android internal bug 28803642 and Qualcomm internal bug CR642735. | High | Aug 12, 2016 |
| CVE-2014-9887 | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804057 and Qualcomm internal bug CR636633. | High | Aug 10, 2016 |
| CVE-2014-9886 | arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28815575 and Qualcomm internal bug CR555030. | Medium | Aug 9, 2016 |
| CVE-2014-9885 | Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application that provides format string specifiers in a name, aka Android internal bug 28769959 and Qualcomm internal bug CR562261. | Medium | Aug 9, 2016 |
| CVE-2014-9884 | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769920 and Qualcomm internal bug CR580740. | Medium | Aug 9, 2016 |
| CVE-2014-9883 | Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28769912 and Qualcomm internal bug CR565160. | Medium | Aug 9, 2016 |
| CVE-2014-9882 | Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug 28769546 and Qualcomm internal bug CR552329. | Medium | Aug 9, 2016 |
| CVE-2014-9881 | drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or cause a denial of service (buffer overflow) via a crafted application, aka Android internal bug 28769368 and Qualcomm internal bug CR539008. | Medium | Aug 9, 2016 |
| CVE-2014-9880 | drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769352 and Qualcomm internal bug CR556356. | Medium | Aug 9, 2016 |
| CVE-2014-9879 | The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769221 and Qualcomm internal bug CR524490. | Medium | Aug 9, 2016 |
| CVE-2014-9878 | drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769208 and Qualcomm internal bug CR547479. | Medium | Aug 9, 2016 |
| CVE-2014-9877 | drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28768281 and Qualcomm internal bug CR547231. | Medium | Aug 9, 2016 |
| CVE-2014-9876 | drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28767796 and Qualcomm internal bug CR483408. | Medium | Aug 9, 2016 |
| CVE-2014-9875 | drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal bug 28767589 and Qualcomm internal bug CR483310. | Medium | Aug 9, 2016 |
| CVE-2014-9874 | Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mach-msm/qdsp6v2/audio_utils.c and sound/soc/msm/qdsp6v2/q6asm.c, aka Android internal bug 28751152 and Qualcomm internal bug CR563086. | Medium | Aug 9, 2016 |
| CVE-2014-9873 | Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm internal bug CR556860. | Medium | Aug 9, 2016 |
| CVE-2014-9872 | The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug CR590721. | Medium | Aug 9, 2016 |
| CVE-2014-9871 | Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, aka Android internal bug 28749803 and Qualcomm internal bug CR514717. | High | Aug 9, 2016 |
| CVE-2014-9870 | The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allows local users to gain privileges via a crafted application, aka Android internal bug 28749743 and Qualcomm internal bug CR561044. | High | Aug 9, 2016 |
| CVE-2014-9869 | drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749728 and Qualcomm internal bug CR514711. | High | Aug 9, 2016 |
| CVE-2014-9868 | drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted mask value, aka Android internal bug 28749721 and Qualcomm internal bug CR511976. | Medium | Aug 9, 2016 |
| CVE-2014-9867 | drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749629 and Qualcomm internal bug CR514702. | High | Aug 10, 2016 |
| CVE-2014-9866 | drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747684 and Qualcomm internal bug CR511358. | High | Aug 10, 2016 |
| CVE-2014-9865 | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28748271 and Qualcomm internal bug CR550013. | High | Aug 9, 2016 |
| CVE-2014-9864 | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747998 and Qualcomm internal bug CR561841. | High | Aug 10, 2016 |
| CVE-2014-9863 | Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470. | High | Aug 10, 2016 |
| CVE-2014-9862 | Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file. | High | Jul 26, 2016 |
| CVE-2014-9854 | coders/tiff.c in ImageMagick allows remote attackers to cause a denial of service (application crash) via vectors related to the identification of image. | Medium | Mar 21, 2017 |
| CVE-2014-9853 | Memory leak in coders/rle.c in ImageMagick allows remote attackers to cause a denial of service (memory consumption) via a crafted rle file. | Medium | Mar 21, 2017 |
| CVE-2014-9852 | distribute-cache.c in ImageMagick re-uses objects after they have been destroyed, which allows remote attackers to have unspecified impact via unspecified vectors. | High | Mar 21, 2017 |
| CVE-2014-9851 | ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (application crash). | Medium | Mar 22, 2017 |
| CVE-2014-9850 | Logic error in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (resource consumption). | Medium | Mar 22, 2017 |
| CVE-2014-9849 | The png coder in ImageMagick allows remote attackers to cause a denial of service (crash). | Medium | Mar 22, 2017 |
| CVE-2014-9848 | Memory leak in ImageMagick allows remote attackers to cause a denial of service (memory consumption). | Medium | Mar 22, 2017 |
| CVE-2014-9847 | The jng decoder in ImageMagick 6.8.9.9 allows remote attackers to have an unspecified impact. | High | Mar 22, 2017 |
| CVE-2014-9846 | Buffer overflow in the ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact. | High | Mar 22, 2017 |
| CVE-2014-9845 | The ReadDIBImage function in coders/dib.c in ImageMagick allows remote attackers to cause a denial of service (crash) via a corrupted dib file. | Medium | Mar 22, 2017 |
| CVE-2014-9844 | The ReadRLEImage function in coders/rle.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted image file. | Medium | Mar 22, 2017 |
| CVE-2014-9843 | The DecodePSDPixels function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors. | High | Mar 22, 2017 |
| CVE-2014-9842 | Memory leak in the ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. | Medium | Mar 22, 2017 |
| CVE-2014-9841 | The ReadPSDLayers function in coders/psd.c in ImageMagick 6.8.9.9 allows remote attackers to have unspecified impact via unknown vectors, related to throwing of exceptions. | High | Mar 22, 2017 |
| CVE-2014-9840 | ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access) via a crafted palm file. | Medium | Mar 24, 2017 |
| CVE-2014-9839 | magick/colormap-private.h in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (out-of-bounds access). | Medium | Mar 24, 2017 |
| CVE-2014-9838 | magick/cache.c in ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service (crash). | Medium | Mar 24, 2017 |
| CVE-2014-9837 | coders/pnm.c in ImageMagick 6.9.0-1 Beta and earlier allows remote attackers to cause a denial of service (crash) via a crafted png file. | Medium | Apr 17, 2017 |
| CVE-2014-9836 | ImageMagick 6.8.9-9 allows remote attackers to cause a denial of service via a crafted xpm file. | Medium | Mar 24, 2017 |
| CVE-2014-9835 | Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file. | Medium | Mar 24, 2017 |
| CVE-2014-9834 | Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file. | Medium | Mar 24, 2017 |
