CVSS: 7.8EPSS: 0%CPEs: 52EXPL: 0CVE-2017-18303
https://notcve.org/view.php?id=CVE-2017-18303
23 Oct 2018 — While processing the sensors registry configuration file, if inputs are not validated a buffer overflow will occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MMDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SDA660, SDX20. Al procesar el archivo de configuración de registro del sensor, si las entradas no se validan, ocurrirá un desbordamiento... • http://www.securitytracker.com/id/1041432 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 52EXPL: 0CVE-2017-18304
https://notcve.org/view.php?id=CVE-2017-18304
23 Oct 2018 — Insufficient memory allocation in boot due to incorrect size being passed could result in out of bounds access in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660 and SDX20 Asignación de memoria insuficiente en boot debido a que se pasa el tamaño incorrecto podría resultar en... • http://www.securitytracker.com/id/1041432 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 18EXPL: 0CVE-2017-18312
https://notcve.org/view.php?id=CVE-2017-18312
23 Oct 2018 — While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking of same state transitions in Snapdragon Automobile, Snapdragon Mobile in version MSM8996AU, SD 410/12, SD 617, SD 650/52, SD 810, SD 820, SD 820A Al acceder a los servicios SafeSwitch, los terceros pueden manipular un dispositivo determinado y realizar operaciones no autorizadas debido a la falta de comprobaciones de algunas transiciones del mismo estado en Snapdragon Aut... • https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components • CWE-862: Missing Authorization •
CVSS: 5.7EPSS: 0%CPEs: 20EXPL: 0CVE-2017-18313
https://notcve.org/view.php?id=CVE-2017-18313
23 Oct 2018 — Under certain mode of operations, HLOS may be able get direct or indirect access through DXE channels to tamper with the authenticated WCNSS firmware stored in DDR because DXE-accessible memory is located within the authenticated image in Snapdragon Mobile and Snapdragon Wear in version MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 617. En ciertos modos de operaciones, HLOS podría ser capaz de obtener acceso directo o indirecto mediante los canales DXE para manipular el firmware WCNSS aute... • https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components •
CVSS: 9.8EPSS: 0%CPEs: 28EXPL: 0CVE-2017-11088
https://notcve.org/view.php?id=CVE-2017-11088
06 Jul 2018 — Improper Input Validation in Linux io-prefetch in Snapdragon Mobile and Snapdragon Wear, A SQL injection vulnerability exists in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 835, SD 845. Validación de entradas incorrecta en Linux io-prefetch en Snapdragon Mobile y Snapdragon Wear. Existe una vulnerabilidad de inyección SQL en las versiones MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 835 y SD 845... • https://www.qualcomm.com/company/product-security/bulletins • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.7EPSS: 0%CPEs: 76EXPL: 0CVE-2018-11259
https://notcve.org/view.php?id=CVE-2018-11259
06 Jul 2018 — Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the modem boots and configures the EFS partition addresses in its MPU partition. Debido al control de acceso incorrecto del EFS basado en NAND en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear, se puede eliminar la partición EFS... • https://www.qualcomm.com/company/product-security/bulletins • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.8EPSS: 0%CPEs: 52EXPL: 0CVE-2018-5838
https://notcve.org/view.php?id=CVE-2018-5838
06 Jul 2018 — Improper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur in SurfaceFlinger. Validación incorrecta del índice de arrays en el controlador adreno OpenGL en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear por la que un acceso fuera de límites podría incurrir en SurfaceFlinger. • https://www.qualcomm.com/company/product-security/bulletins • CWE-129: Improper Validation of Array Index •
CVSS: 8.8EPSS: 0%CPEs: 48EXPL: 0CVE-2018-5874
https://notcve.org/view.php?id=CVE-2018-5874
06 Jul 2018 — While parsing an mp4 file, a stack-based buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Al analizar un archivo MP4, podría ocurrir un desbordamiento de búfer basado en pila en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear. • https://www.qualcomm.com/company/product-security/bulletins • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 48EXPL: 0CVE-2018-5875
https://notcve.org/view.php?id=CVE-2018-5875
06 Jul 2018 — While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Al analizar un archivo MP4, podría ocurrir un desbordamiento de enteros que dé lugar a un desbordamiento de búfer en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear. • https://www.qualcomm.com/company/product-security/bulletins • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 48EXPL: 0CVE-2018-5876
https://notcve.org/view.php?id=CVE-2018-5876
06 Jul 2018 — While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Al analizar un archivo MP4, podría ocurrir un desbordamiento de búfer en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear. • https://www.qualcomm.com/company/product-security/bulletins • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •