Vulnerabilities (CVE)

Filtered by CWE-20
Total 11664 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-9110 1 Qualcomm 16 Sd 425, Sd 425 Firmware, Sd 430 and 13 more 2026-06-17 10.0 HIGH 9.8 CRITICAL
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, no address argument validation is performed on calls to the qsee_get_secure_state syscall.
CVE-2015-9108 1 Qualcomm 18 Mdm9625, Mdm9625 Firmware, Sd 425 and 15 more 2026-06-17 10.0 HIGH 9.8 CRITICAL
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, no address argument validation performed on calls to a QSEE syscall may lead to arbitrary read/write or NULL Pointer exception when calling a downstream function.
CVE-2015-9069 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, the Secure File System can become corrupted.
CVE-2015-9068 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a mink syscall is not properly validated.
CVE-2015-9061 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, playReady DRM failed to check a length potentially leading to unauthorized access to secure memory.
CVE-2015-9060 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not properly validated in a QTEE system call.
CVE-2015-9055 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a memory management routine.
CVE-2015-9052 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached while processing a downlink message.
CVE-2015-9051 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on a length in a System Information message.
CVE-2015-9049 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of certain responses from the USIM.
CVE-2015-9048 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of lost RTP packets.
CVE-2015-9046 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list.
CVE-2015-9044 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency list.
CVE-2015-9039 1 Google 1 Android 2026-06-17 10.0 HIGH 9.8 CRITICAL
In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in eMBMS where an assertion can be reached by a sequence of downlink messages.
CVE-2015-9033 1 Google 1 Android 2026-06-17 9.3 HIGH 7.8 HIGH
In all Android releases from CAF using the Linux kernel, a QTEE system call fails to validate a pointer.
CVE-2015-8980 4 Fedoraproject, Opensuse, Php-gettext Project and 1 more 4 Fedora, Leap, Php-gettext and 1 more 2026-06-17 7.5 HIGH 9.8 CRITICAL
The plural form formula in ngettext family of calls in php-gettext before 1.0.12 allows remote attackers to execute arbitrary code.
CVE-2015-8946 2 Canonical, Ecryptfs 2 Ubuntu Linux, Ecryptfs-utils 2026-06-17 2.1 LOW 3.3 LOW
ecryptfs-setup-swap in eCryptfs before 111 does not prevent the unencrypted swap partition from activating during boot when using GPT partitioning and certain versions of systemd, which allows local users to obtain sensitive information via unspecified vectors.
CVE-2015-8932 4 Canonical, Debian, Libarchive and 1 more 6 Ubuntu Linux, Debian Linux, Libarchive and 3 more 2026-06-17 4.3 MEDIUM 5.5 MEDIUM
The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.
CVE-2015-8930 3 Canonical, Libarchive, Suse 5 Ubuntu Linux, Libarchive, Linux Enterprise Desktop and 2 more 2026-06-17 5.0 MEDIUM 7.5 HIGH
bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.
CVE-2015-8923 3 Canonical, Libarchive, Novell 5 Ubuntu Linux, Libarchive, Suse Linux Enterprise Desktop and 2 more 2026-06-17 4.3 MEDIUM 6.5 MEDIUM
The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.