CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0CVE-2018-11994
https://notcve.org/view.php?id=CVE-2018-11994
SMMU secure camera logic allows secure camera controllers to access HLOS memory during session in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130. La lógica segura de la cámara SMMU permite que los controladores seguros de cámara accedan a la memoria HLOS durante la sesión en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear en versiones MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/820, SD 820, SD 820A, SD 845, SD 850, SD 850 y SXR1130. • http://www.securityfocus.com/bid/105838 https://www.qualcomm.com/company/product-security/bulletins •
CVSS: 10.0EPSS: 0%CPEs: 24EXPL: 0CVE-2017-18318
https://notcve.org/view.php?id=CVE-2017-18318
Missing validation check on CRL issuer name in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU, SD 410/12, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A. Falta una comprobación de validación en el nombre del proveedor CRL en Snapdragon Automobile y Snapdragon Mobile en versiones MSM8996AU, SD 410/12, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 810, SD 820 y SD 820A. • http://www.securityfocus.com/bid/105838 https://www.qualcomm.com/company/product-security/bulletins • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 70EXPL: 0CVE-2018-5916
https://notcve.org/view.php?id=CVE-2018-5916
Buffer overread while decoding PDP modify request or network initiated secondary PDP activation in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX20, SXR1130. Sobrelectura de búfer al descifrar la petición de modificación de PDP o la activación secundaria de red iniciada en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear en versiones MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX20 y SXR1130. • http://www.securityfocus.com/bid/105838 https://www.qualcomm.com/company/product-security/bulletins • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 98EXPL: 0CVE-2018-11871
https://notcve.org/view.php?id=CVE-2018-11871
Buffer overwrite can happen in WLAN function while processing set pdev parameter command due to lack of input validation in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016. Puede ocurrir una sobrescritura de búfer en la función WLAN al procesar el comando set pdev paramter debido a la falta de validación de entradas en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear en versiones IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20 y Snapdragon_High_Med_2016. • http://www.securityfocus.com/bid/107681 https://www.qualcomm.com/company/product-security/bulletins • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 50EXPL: 0CVE-2018-11866
https://notcve.org/view.php?id=CVE-2018-11866
Integer overflow may happen in WLAN when calculating an internal structure size due to lack of validation of the input length in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016. Podría ocurrir un desbordamiento de enteros en WLAN al calcular un tamaño de estructura interna debido a la falta de validación de la longitud de las entradas en Snapdragon Mobile y Snapdragon Wear en versiones IPQ8074, MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710 y Snapdragon_High_Med_2016. • https://www.qualcomm.com/company/product-security/bulletins • CWE-190: Integer Overflow or Wraparound •