CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2017-18297
https://notcve.org/view.php?id=CVE-2017-18297
23 Oct 2018 — Double memory free while closing TEE SE API Session management in Snapdragon Mobile in version SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820. Doble liberación (double free) de memoria al cerrar la gestión de la sesión de la API TEE SE en Snapdragon Mobile en la versión SD 425, SD 430, SD 450, SD 625, SD 650/52 y SD 820. • http://www.securitytracker.com/id/1041432 • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 48EXPL: 0CVE-2017-18294
https://notcve.org/view.php?id=CVE-2017-18294
23 Oct 2018 — While reading file class type from ELF header, a buffer overread may happen if the ELF file size is less than the size of ELF64 header size in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20. Al leer el tipo de clase de archivo de la cabecera ELF, podría ocurrir un desbordamiento de búfe... • http://www.securitytracker.com/id/1041432 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2017-18293
https://notcve.org/view.php?id=CVE-2017-18293
23 Oct 2018 — When a particular GPIO is protected by blocking access to the corresponding GPIO resource registers, the protection can be bypassed using the corresponding banked GPIO registers instead in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660. Cuando un GPIO en concreto está protegido bloqueando el acceso a los registros de recursos GPIO correspondientes, la protección se puede omitir mediante los registros GP... • http://www.securitytracker.com/id/1041432 •
CVSS: 7.8EPSS: 0%CPEs: 48EXPL: 0CVE-2017-18172
https://notcve.org/view.php?id=CVE-2017-18172
23 Oct 2018 — In a device, with screen size 1440x2560, the check of contiguous buffer will overflow on certain buffer size resulting in an Integer Overflow or Wraparound in System UI in Snapdragon Automobile, Snapdragon Mobile in version MDM9635M, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016. En un dispositivo, con un tamaño de pantalla de 1440x2560, la comprobación de un bú... • https://source.android.com/security/bulletin/2018-07-01#qualcomm-closed-source-components • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 50EXPL: 0CVE-2017-18170
https://notcve.org/view.php?id=CVE-2017-18170
23 Oct 2018 — Improper input validation in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD 850, SDM630, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016. Validación de entradas incorrecta en la función Bluetooth Controller puede conducir a una posible corrupción de memoria en Snapdragon Mobile en versiones QCA9379, SD 210/SD ... • https://source.android.com/security/bulletin/2018-07-01#qualcomm-closed-source-components • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 38EXPL: 0CVE-2017-18295
https://notcve.org/view.php?id=CVE-2017-18295
23 Oct 2018 — Possible buffer overflow if input is not null terminated in DSP Service module in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDX20. Posible desbordamiento de búfer si la entrada no está acabada en null en el módulo del servicio DSP en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear en la versión MDM9206, MDM9607, MDM9650, MSM8909W, M... • http://www.securitytracker.com/id/1041432 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 42EXPL: 0CVE-2017-18292
https://notcve.org/view.php?id=CVE-2017-18292
23 Oct 2018 — Secure app running in non secure space can restart TZ by calling Widevine app API repeatedly in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A. Una aplicación segura ejecutándose en un espacio no seguro puede reiniciar TZ llamando a la API de la app Widevine repetidamente en Snapdragon Automobile, Snapdragon Mobile y Snapdragon W... • http://www.securitytracker.com/id/1041432 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 52EXPL: 0CVE-2017-18304
https://notcve.org/view.php?id=CVE-2017-18304
23 Oct 2018 — Insufficient memory allocation in boot due to incorrect size being passed could result in out of bounds access in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660 and SDX20 Asignación de memoria insuficiente en boot debido a que se pasa el tamaño incorrecto podría resultar en... • http://www.securitytracker.com/id/1041432 • CWE-125: Out-of-bounds Read •
CVSS: 8.8EPSS: 0%CPEs: 48EXPL: 0CVE-2018-5874
https://notcve.org/view.php?id=CVE-2018-5874
06 Jul 2018 — While parsing an mp4 file, a stack-based buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Al analizar un archivo MP4, podría ocurrir un desbordamiento de búfer basado en pila en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear. • https://www.qualcomm.com/company/product-security/bulletins • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 28EXPL: 0CVE-2017-11088
https://notcve.org/view.php?id=CVE-2017-11088
06 Jul 2018 — Improper Input Validation in Linux io-prefetch in Snapdragon Mobile and Snapdragon Wear, A SQL injection vulnerability exists in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 835, SD 845. Validación de entradas incorrecta en Linux io-prefetch en Snapdragon Mobile y Snapdragon Wear. Existe una vulnerabilidad de inyección SQL en las versiones MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 835 y SD 845... • https://www.qualcomm.com/company/product-security/bulletins • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •