Search
Total
8 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9142 | 1 Qualcomm | 52 Mdm9645, Mdm9645 Firmware, Mdm9650 and 49 more | 2018-05-09 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9645, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, bounds check is missing for vtable index in DAL-TO-QDI conversion framework. | |||||
| CVE-2016-10495 | 1 Qualcomm | 2 Mdm9635m, Mdm9635m Firmware | 2018-04-24 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, made changes to map the scan type value to an index value that is in range. | |||||
| CVE-2015-2000 | 1 Jumio | 1 Jumio Sdk | 2018-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| The Jumio SDK before 1.5.0 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. | |||||
| CVE-2015-2001 | 1 Metaio | 1 Metaio Sdk | 2018-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| The MetaIO SDK before 6.0.2.1 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. | |||||
| CVE-2015-2004 | 1 Gracenote | 1 Gnsdk | 2018-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| The GraceNote GNSDK SDK before SVN Changeset 1.1.7 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. | |||||
| CVE-2015-2003 | 1 Pjsip | 1 Pjsua2 Sdk | 2018-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. | |||||
| CVE-2015-2002 | 1 Esri | 1 Arcgisruntime Sdk | 2018-04-23 | 7.5 HIGH | 9.8 CRITICAL |
| The ESRI ArcGis Runtime SDK before 10.2.6-2 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. | |||||
| CVE-2014-9411 | 1 Google | 1 Android | 2017-08-23 | 10.0 HIGH | 9.8 CRITICAL |
| In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection. | |||||