CVSS: 7.8EPSS: 0%CPEs: 78EXPL: 0CVE-2017-18330
https://notcve.org/view.php?id=CVE-2017-18330
Buffer overflow in AES-CCM and AES-GCM encryption via initialization vector in snapdragon automobile, snapdragon mobile and snapdragon wear in versions IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016. Desbordamiento de búfer en el cifrado de AES-CCM y AES-GCM mediante el vector de inicialización en snapdragon automobile, snapdragon mobile y snapdragon wear en sus versiones IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24 y Snapdragon_High_Med_2016. • http://www.securityfocus.com/bid/106128 https://www.qualcomm.com/company/product-security/bulletins •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2017-18321
https://notcve.org/view.php?id=CVE-2017-18321
Security keys used by the terminal and NW for a session could be leaked in snapdragon mobile in versions MDM9650, MDM9655, SD 835, SDA660. Las claves de seguridad utilizadas por el terminal y NW para una sesión podrían filtrarse en snapdragon mobile en sus versiones MDM9650, MDM9655, SD 835 y SDA660. • http://www.securityfocus.com/bid/106128 https://www.qualcomm.com/company/product-security/bulletins • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 62EXPL: 0CVE-2017-18322
https://notcve.org/view.php?id=CVE-2017-18322
Cryptographic key material leaked in WCDMA debug messages in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016. Material de clave criptográfica filtrado en los mensajes de depuración de WCDMA en snapdragon mobile y snapdragon wear en sus versiones MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 835 y Snapdragon_High_Med_2016. • http://www.securityfocus.com/bid/106128 https://www.qualcomm.com/company/product-security/bulletins • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 68EXPL: 0CVE-2017-18326
https://notcve.org/view.php?id=CVE-2017-18326
Cryptographic keys are printed in modem debug messages in snapdragon mobile and snapdragon wear in versions MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 800, SD 810, SD 820, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016. Se imprimen claves criptográficas en los mensajes de depuración de los módems en snapdragon mobile y snapdragon wear en sus versiones MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 800, SD 810, SD 820, SD 835, SDA660, SDM630, SDM660 y Snapdragon_High_Med_2016. • http://www.securityfocus.com/bid/106128 https://www.qualcomm.com/company/product-security/bulletins • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 16EXPL: 0CVE-2016-10502
https://notcve.org/view.php?id=CVE-2016-10502
While generating trusted application id, An integer overflow can occur giving the trusted application an invalid identity in Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835 and SDA660. Mientras se genera un ID de aplicación de confianza, puede ocurrir un desbordamiento de enteros que otorga a la aplicación de confianza una identidad inválida en Snapdragon Mobile y Snapdragon Wear en versiones MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835 y SDA660. • http://www.securityfocus.com/bid/105838 https://source.android.com/security/bulletin/2018-11-01#qualcomm-components • CWE-190: Integer Overflow or Wraparound •