CVSS: 7.8EPSS: 0%CPEs: 14EXPL: 0CVE-2017-18297
https://notcve.org/view.php?id=CVE-2017-18297
Double memory free while closing TEE SE API Session management in Snapdragon Mobile in version SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820. Doble liberación (double free) de memoria al cerrar la gestión de la sesión de la API TEE SE en Snapdragon Mobile en la versión SD 425, SD 430, SD 450, SD 625, SD 650/52 y SD 820. • http://www.securitytracker.com/id/1041432 https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components https://www.qualcomm.com/company/product-security/bulletins • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 52EXPL: 0CVE-2017-18298
https://notcve.org/view.php?id=CVE-2017-18298
Lack of Input Validation in SDMX API can lead to NULL pointer access in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 . La falta de validación de entradas en la API SDMX puede conducir a un acceso de puntero NULL en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear en versiones MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850 y SDA660 . • http://www.securitytracker.com/id/1041432 https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components https://www.qualcomm.com/company/product-security/bulletins • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 42EXPL: 0CVE-2017-18292
https://notcve.org/view.php?id=CVE-2017-18292
Secure app running in non secure space can restart TZ by calling Widevine app API repeatedly in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A. Una aplicación segura ejecutándose en un espacio no seguro puede reiniciar TZ llamando a la API de la app Widevine repetidamente en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear en versiones MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820 y SD 820A. • http://www.securitytracker.com/id/1041432 https://source.android.com/security/bulletin/2018-08-01#qualcomm-closed-source-components https://www.qualcomm.com/company/product-security/bulletins • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 48EXPL: 0CVE-2018-5874
https://notcve.org/view.php?id=CVE-2018-5874
While parsing an mp4 file, a stack-based buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Al analizar un archivo MP4, podría ocurrir un desbordamiento de búfer basado en pila en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear. • https://www.qualcomm.com/company/product-security/bulletins • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 48EXPL: 0CVE-2018-5876
https://notcve.org/view.php?id=CVE-2018-5876
While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Al analizar un archivo MP4, podría ocurrir un desbordamiento de búfer en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear. • https://www.qualcomm.com/company/product-security/bulletins • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •