CVEs from 2014
Total
7,926
critical
critical 837
high
high 1,288
medium
medium 4,980
low
low 583
% Critical
10.6%
% with KEV
0.4%
% with exploit
0.6%
Top vendors
Top products
- chrome 3,804
- moodle 1,668
- flash_player 1,397
- firefox 1,239
- mediawiki 1,130
- ffmpeg 998
- acrobat 966
- acrobat_reader 944
| CVE | Severity | CVSS | Risk | Published | Description | Impact |
|---|---|---|---|---|---|---|
| CVE-2014-2828 | high | — | 7.8 | 4y ago | The V3 API in OpenStack Identity (Keystone) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to cause a denial of service (CPU consumption) via a large number of the sa… | |
| CVE-2014-8358 | high | 7.8 | 7.8 | 9y ago | Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the… | |
| CVE-2014-0047 | high | 7.8 | 7.8 | 9y ago | Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage. | |
| CVE-2014-8156 | high | 7.8 | 7.8 | 9y ago | The D-Bus security policy files in /etc/dbus-1/system.d/*.conf in fso-gsmd 0.12.0-3, fso-frameworkd 0.9.5.9+git20110512-4, and fso-usaged 0.12.0-2 as packaged in Debian, the upstream cornucopia.git (… | |
| CVE-2014-8872 | high | 7.8 | 7.8 | 9y ago | Improper Verification of Cryptographic Signature in AVM FRITZ!Box 6810 LTE after firmware 5.22, FRITZ!Box 6840 LTE after firmware 5.23, and other models with firmware 5.50. | |
| CVE-2014-8393 | high | 7.8 | 7.8 | 9y ago | DLL Hijacking vulnerability in CorelDRAW X7, Corel Photo-Paint X7, Corel PaintShop Pro X7, Corel Painter 2015, and Corel PDF Fusion. | |
| CVE-2014-0145 | high | 7.8 | 7.8 | 9y ago | Multiple buffer overflows in QEMU before 1.7.2 and 2.x before 2.0.0, allow local users to cause a denial of service (crash) or possibly execute arbitrary code via a large (1) L1 table in the qcow2_sn… | |
| CVE-2014-1235 | high | 7.8 | 7.8 | 9y ago | Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: … | |
| CVE-2014-9967 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM. | |
| CVE-2014-9965 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of an SCM call. | |
| CVE-2014-9964 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in debug functionality. | |
| CVE-2014-9963 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in WideVine DRM. | |
| CVE-2014-9962 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, a vulnerability exists in the parsing of a DRM provisioning command. | |
| CVE-2014-9961 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, a vulnerability in eMMC write protection exists that can be used to bypass power-on write protection. | |
| CVE-2014-9960 | high | 7.8 | 7.8 | 9y ago | In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the PlayReady API. | |
| CVE-2014-9952 | high | 7.8 | 7.8 | 9y ago | In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist. | |
| CVE-2014-9950 | high | 7.8 | 7.8 | 9y ago | In Core Kernel in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist. | |
| CVE-2014-9949 | high | 7.8 | 7.8 | 9y ago | In TrustZone in all Android releases from CAF using the Linux kernel, an Untrusted Pointer Dereference vulnerability could potentially exist. | |
| CVE-2014-9948 | high | 7.8 | 7.8 | 9y ago | In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Validation of Array Index vulnerability could potentially exist. | |
| CVE-2014-9946 | high | 7.8 | 7.8 | 9y ago | In Core Kernel in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist. | |
| CVE-2014-9945 | high | 7.8 | 7.8 | 9y ago | In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Authorization vulnerability could potentially exist. | |
| CVE-2014-9944 | high | 7.8 | 7.8 | 9y ago | In the Secure File System in all Android releases from CAF using the Linux kernel, an Integer Overflow to Buffer Overflow vulnerability could potentially exist. | |
| CVE-2014-9943 | high | 7.8 | 7.8 | 9y ago | In Core Kernel in all Android releases from CAF using the Linux kernel, a Null Pointer Dereference vulnerability could potentially exist. | |
| CVE-2014-9942 | high | 7.8 | 7.8 | 9y ago | In Boot in all Android releases from CAF using the Linux kernel, a Use of Uninitialized Variable vulnerability could potentially exist. | |
| CVE-2014-9930 | high | 7.8 | 7.8 | 9y ago | In WCDMA in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist. | |
| CVE-2014-9929 | high | 7.8 | 7.8 | 9y ago | In WCDMA in all Android releases from CAF using the Linux kernel, a Use of Out-of-range Pointer Offset vulnerability could potentially exist. | |
| CVE-2014-9928 | high | 7.8 | 7.8 | 9y ago | In GERAN in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. | |
| CVE-2014-9927 | high | 7.8 | 7.8 | 9y ago | In UIM in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. | |
| CVE-2014-9926 | high | 7.8 | 7.8 | 9y ago | In GNSS in all Android releases from CAF using the Linux kernel, a Use After Free vulnerability could potentially exist. | |
| CVE-2014-9925 | high | 7.8 | 7.8 | 9y ago | In HDR in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. | |
| CVE-2014-9924 | high | 7.8 | 7.8 | 9y ago | In 1x in all Android releases from CAF using the Linux kernel, a Signed to Unsigned Conversion Error could potentially occur. | |
| CVE-2014-9923 | high | 7.8 | 7.8 | 9y ago | In NAS in all Android releases from CAF using the Linux kernel, a Buffer Copy without Checking Size of Input vulnerability could potentially exist. | |
| CVE-2014-9937 | high | 7.8 | 7.8 | 9y ago | In TrustZone a buffer overflow vulnerability can potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. | |
| CVE-2014-9935 | high | 7.8 | 7.8 | 9y ago | In TrustZone an integer overflow vulnerability leading to a buffer overflow could potentially occur in a DRM routine in all Android releases from CAF using the Linux kernel. | |
| CVE-2014-9934 | high | 7.8 | 7.8 | 9y ago | A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding. | |
| CVE-2014-9933 | high | 7.8 | 7.8 | 9y ago | Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access. | |
| CVE-2014-9932 | high | 7.8 | 7.8 | 9y ago | In TrustZone, an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel due to an improper address range computation. | |
| CVE-2014-9931 | high | 7.8 | 7.8 | 9y ago | A buffer overflow vulnerability in all Android releases from CAF using the Linux kernel can potentially occur if an OEM performs an app region size customization due to a hard-coded value. | |
| CVE-2014-9922 | high | 7.8 | 7.8 | 9y ago | The eCryptfs subsystem in the Linux kernel before 3.18 allows local users to gain privileges via a large filesystem stack that includes an overlayfs layer, related to fs/ecryptfs/main.c and fs/overla… | |
| CVE-2014-9114 | high | 7.8 | 7.8 | 9y ago | Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. | |
| CVE-2014-9825 | high | 7.8 | 7.8 | 9y ago | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9824. | |
| CVE-2014-9824 | high | 7.8 | 7.8 | 9y ago | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted psd file, a different vulnerability than CVE-2014-9825. | |
| CVE-2014-9823 | high | 7.8 | 7.8 | 9y ago | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9819. | |
| CVE-2014-9822 | high | 7.8 | 7.8 | 9y ago | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted quantum file. | |
| CVE-2014-9821 | high | 7.8 | 7.8 | 9y ago | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted xpm file. | |
| CVE-2014-9820 | high | 7.8 | 7.8 | 9y ago | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pnm file. | |
| CVE-2014-9819 | high | 7.8 | 7.8 | 9y ago | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted palm file, a different vulnerability than CVE-2014-9823. | |
| CVE-2014-9817 | high | 7.8 | 7.8 | 9y ago | Heap-based buffer overflow in ImageMagick allows remote attackers to have unspecified impact via a crafted pdb file. | |
| CVE-2014-9835 | high | 7.8 | 7.8 | 9y ago | Heap overflow in ImageMagick 6.8.9-9 via a crafted wpf file. | |
| CVE-2014-9834 | high | 7.8 | 7.8 | 9y ago | Heap overflow in ImageMagick 6.8.9-9 via a crafted pict file. | |
| CVE-2014-9833 | high | 7.8 | 7.8 | 9y ago | Heap overflow in ImageMagick 6.8.9-9 via a crafted psd file. | |
| CVE-2014-9832 | high | 7.8 | 7.8 | 9y ago | Heap overflow in ImageMagick 6.8.9-9 via a crafted pcx file. | |
| CVE-2014-4677 | high | 7.8 | 7.8 | 9y ago | The installPackage function in the installerHelper subcomponent in Libmacgpg in GPG Suite before 2015.06 allows local users to execute arbitrary commands with root privileges via shell metacharacters… | |
| CVE-2014-9914 | high | 7.8 | 7.8 | 9y ago | Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by … | |
| CVE-2014-9891 | high | 7.8 | 7.8 | 10y ago | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate certain buffer addresses, which allows attackers to gain privileges via a crafted a… | |
| CVE-2014-9890 | high | 7.8 | 7.8 | 10y ago | Off-by-one error in drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileg… | |
| CVE-2014-9889 | high | 7.8 | 7.8 | 10y ago | drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate CPP frame messages, which allows attackers to gai… | |
| CVE-2014-9888 | high | 7.8 | 7.8 | 10y ago | arch/arm/mm/dma-mapping.c in the Linux kernel before 3.13 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not prevent executable DMA mappings, which might… | |
| CVE-2014-9887 | high | 7.8 | 7.8 | 10y ago | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain length values, which allows attackers to gain privileges via a… | |
| CVE-2014-9886 | high | 7.8 | 7.8 | 10y ago | arch/arm/mach-msm/qdsp6v2/ultrasound/usf.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate input parameters, which allows attackers … | |
| CVE-2014-9885 | high | 7.8 | 7.8 | 10y ago | Format string vulnerability in drivers/thermal/qpnp-adc-tm.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices allows attackers to gain privileges via a crafted application t… | |
| CVE-2014-9884 | high | 7.8 | 7.8 | 10y ago | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain pointers, which allows attackers to gain privileges via a craf… | |
| CVE-2014-9883 | high | 7.8 | 7.8 | 10y ago | Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive inform… | |
| CVE-2014-9882 | high | 7.8 | 7.8 | 10y ago | Buffer overflow in drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, ak… | |
| CVE-2014-9881 | high | 7.8 | 7.8 | 10y ago | drivers/media/radio/radio-iris.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices uses an incorrect integer data type, which allows attackers to gain privileges or ca… | |
| CVE-2014-9880 | high | 7.8 | 7.8 | 10y ago | drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attac… | |
| CVE-2014-9879 | high | 7.8 | 7.8 | 10y ago | The mdss mdp3 driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not validate user-space data, which allows attackers to gain privileges via a crafted application,… | |
| CVE-2014-9878 | high | 7.8 | 7.8 | 10y ago | drivers/mmc/card/mmc_block_test.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not reject kernel-space buffer addresses, which allows attackers to gain privileges v… | |
| CVE-2014-9877 | high | 7.8 | 7.8 | 10y ago | drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices mishandles a user-space pointer, which allo… | |
| CVE-2014-9876 | high | 7.8 | 7.8 | 10y ago | drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privi… | |
| CVE-2014-9875 | high | 7.8 | 7.8 | 10y ago | drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI reque… | |
| CVE-2014-9874 | high | 7.8 | 7.8 | 10y ago | Buffer overflow in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted application, related to arch/arm/mac… | |
| CVE-2014-9873 | high | 7.8 | 7.8 | 10y ago | Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive infor… | |
| CVE-2014-9872 | high | 7.8 | 7.8 | 10y ago | The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a cr… | |
| CVE-2014-9871 | high | 7.8 | 7.8 | 10y ago | Multiple buffer overflows in drivers/media/platform/msm/camera_v2/isp/msm_isp_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allow attackers to gain pr… | |
| CVE-2014-9870 | high | 7.8 | 7.8 | 10y ago | The Linux kernel before 3.11 on ARM platforms, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not properly consider user-space access to the TPIDRURW register, which allow… | |
| CVE-2014-9869 | high | 7.8 | 7.8 | 10y ago | drivers/media/platform/msm/camera_v2/isp/msm_isp_stats_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate certain index values, which all… | |
| CVE-2014-9868 | high | 7.8 | 7.8 | 10y ago | drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an appl… | |
| CVE-2014-9867 | high | 7.8 | 7.8 | 10y ago | drivers/media/platform/msm/camera_v2/isp/msm_isp_axi_util.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate the number of streams, which allo… | |
| CVE-2014-9866 | high | 7.8 | 7.8 | 10y ago | drivers/media/platform/msm/camera_v2/sensor/csid/msm_csid.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate a certain parameter, which allows… | |
| CVE-2014-9865 | high | 7.8 | 7.8 | 10y ago | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges v… | |
| CVE-2014-9864 | high | 7.8 | 7.8 | 10y ago | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not validate ioctl calls, which allows attackers to gain privileges via a crafted a… | |
| CVE-2014-9863 | high | 7.8 | 7.8 | 10y ago | Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a … | |
| CVE-2014-9862 | high | 7.8 | 7.8 | 10y ago | Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (he… | |
| CVE-2014-9803 | high | 7.8 | 7.8 | 10y ago | arch/arm64/include/asm/pgtable.h in the Linux kernel before 3.15-rc5-next-20140519, as used in Android before 2016-07-05 on Nexus 5X and 6P devices, mishandles execute-only pages, which allows attack… | |
| CVE-2014-9802 | high | 7.8 | 7.8 | 10y ago | Multiple integer overflows in lib/libfdt/fdt.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted application, ak… | |
| CVE-2014-9801 | high | 7.8 | 7.8 | 10y ago | Multiple integer overflows in lib/libfdt/fdt_rw.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android … | |
| CVE-2014-9800 | high | 7.8 | 7.8 | 10y ago | Integer overflow in lib/heap/heap.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android … | |
| CVE-2014-9799 | high | 7.8 | 7.8 | 10y ago | The makefile in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices omits the -fno-strict-overflow option to gcc, which might allow attackers to gain privileges via a… | |
| CVE-2014-9796 | high | 7.8 | 7.8 | 10y ago | app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate the page size in the kernel header, which allows attackers to bypass intend… | |
| CVE-2014-9795 | high | 7.8 | 7.8 | 10y ago | app/aboot/aboot.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices does not properly check for an integer overflow, which allows attackers to bypass intended access restrict… | |
| CVE-2014-9793 | high | 7.8 | 7.8 | 10y ago | platform/msm_shared/mmc.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices mishandles the power-on write-protect feature, which allows attackers to gain privileges vi… | |
| CVE-2014-9792 | high | 7.8 | 7.8 | 10y ago | arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted … | |
| CVE-2014-9790 | high | 7.8 | 7.8 | 10y ago | drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices does not validate pointers used in read and write operations, which allows attackers… | |
| CVE-2014-9789 | high | 7.8 | 7.8 | 10y ago | The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attack… | |
| CVE-2014-9788 | high | 7.8 | 7.8 | 10y ago | Multiple buffer overflows in the voice drivers in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices allow attackers to gain privileges via a crafted application, aka Android int… | |
| CVE-2014-9787 | high | 7.8 | 7.8 | 10y ago | Integer overflow in drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android… | |
| CVE-2014-9786 | high | 7.8 | 7.8 | 10y ago | Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attack… | |
| CVE-2014-9785 | high | 7.8 | 7.8 | 10y ago | drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate addresses before copying data, which allows attackers to gain privileges via… | |
| CVE-2014-9784 | high | 7.8 | 7.8 | 10y ago | Multiple buffer overflows in drivers/char/diag/diag_debugfs.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allow attackers to gain privileges via a crafted … |