CVSS: 9.8EPSS: 0%CPEs: 24EXPL: 0CVE-2018-5878
https://notcve.org/view.php?id=CVE-2018-5878
While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. Al enviar la respuesta a un mensaje RIL_REQUEST_GET_SMSC_ADDRESS, podría ocurrir un desbordamiento de búfer en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear. • https://www.qualcomm.com/company/product-security/bulletins • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.7EPSS: 0%CPEs: 76EXPL: 0CVE-2018-11259
https://notcve.org/view.php?id=CVE-2018-11259
Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased. Apps processor then has non-secure world full read/write access to the partition until the modem boots and configures the EFS partition addresses in its MPU partition. Debido al control de acceso incorrecto del EFS basado en NAND en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear, se puede eliminar la partición EFS desde el fastboot en un dispositivo basado en NAND. El procesador de apps que tiene acceso global completo e inseguro de lectura/escritura a la partición hasta que el módem arranca y configura la partición EFS en su partición MPU. • https://www.qualcomm.com/company/product-security/bulletins • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 0%CPEs: 68EXPL: 0CVE-2016-10410
https://notcve.org/view.php?id=CVE-2016-10410
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, buffer overflow vulnerability in RTP during Volte call. En Android, antes del nivel de parche de seguridad del 2018-04-05 o antes en Qualcomm Snapdragon Mobile y Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850 y SDX20, hay una vulnerabilidad de desbordamiento de búfer en RTP durante una llamada Volte. • http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 16EXPL: 0CVE-2016-10428
https://notcve.org/view.php?id=CVE-2016-10428
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, HMAC verification in counter file uses an insecure memcmp which may assist a timing attack. En Android antes del nivel de parcheo de seguridad del 2018-04-05 o antes en Qualcomm Snapdragon Automobile y Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820 y SD 820A, la verificación HMAC en el archivo counter emplea un memcmp inseguro, lo que podría ayudar a realizar un ataque de sincronización. • http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 10.0EPSS: 0%CPEs: 54EXPL: 0CVE-2016-10473
https://notcve.org/view.php?id=CVE-2016-10473
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, in a supplementary services function, a buffer overflow can occur. En Android, antes del nivel de parche de seguridad del 2018-04-05 o antes en Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835 y SDX20, en una función de servicios suplementarios, puede ocurrir un desbordamiento de búfer. • http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •