CVSS: 7.8EPSS: 0%CPEs: 46EXPL: 0CVE-2018-11853
https://notcve.org/view.php?id=CVE-2018-11853
Lack of check on out of range for channels When processing channel list set command will lead to buffer flow in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016 La falta de comprobaciones fuera de límites para canales al procesar el comando channel list set conducirá a un flujo del búfer en Snapdragon Mobile y Snapdragon Wear en versiones IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710 y Snapdragon_High_Med_2016. • http://www.securityfocus.com/bid/107681 https://www.qualcomm.com/company/product-security/bulletins • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 50EXPL: 0CVE-2018-11305
https://notcve.org/view.php?id=CVE-2018-11305
When a series of FDAL messages are sent to the modem, a Use After Free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20. Cuando se envía una serie de mensajes FDAL al módem, puede ocurrir una condición de Uso de memoria previamente liberada en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear en versiones MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660 y SDX20. • http://www.securitytracker.com/id/1041432 https://www.qualcomm.com/company/product-security/bulletins • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 48EXPL: 0CVE-2018-11850
https://notcve.org/view.php?id=CVE-2018-11850
Lack of check on remaining length parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 625, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20 La falta de comprobaciones del comando length sobrante al procesar el comando scan start conducirá al flujo del búfer en Snapdragon Automobile, Snapdragon Mobile y Snapdragon Wear en versiones MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 625, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660 y SDX20. • http://www.securityfocus.com/bid/107681 https://www.qualcomm.com/company/product-security/bulletins • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2018-11950
https://notcve.org/view.php?id=CVE-2018-11950
Unapproved TrustZone applications can be loaded and executed in Snapdragon Mobile in version SD 845, SD 850 Las aplicaciones TrustZone no aprobadas pueden cargarse y ejecutarse en Snapdragon Mobile en versiones SD 845 y SD 850. • https://www.qualcomm.com/company/product-security/bulletins • CWE-20: Improper Input Validation •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2017-18309
https://notcve.org/view.php?id=CVE-2017-18309
A micro-core of QMP transportation may cause a macro-core to read from or write to arbitrary memory in Snapdragon Mobile in version SD 845, SD 850. Un micronúcleo del transporte QMP puede provocar que un macronúcleo lea o escriba en memoria arbitraria en Snapdragon Mobile en versiones SD 845 y SD 850. • http://www.securitytracker.com/id/1041432 https://www.qualcomm.com/company/product-security/bulletins • CWE-129: Improper Validation of Array Index •