CVSS: 7.8EPSS: 0%CPEs: 30EXPL: 0CVE-2019-2278
https://notcve.org/view.php?id=CVE-2019-2278
25 Jul 2019 — User keystore signature is ignored in boot and can lead to bypass boot image signature verification in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in MDM9607, MDM9640, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SDM660 La firma del almacén de claves de usuario es ignorada en el arranque y puede conllevar a omitir la comprobación de la firma de la imagen de arranque en los productos Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mob... • https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 7.8EPSS: 0%CPEs: 42EXPL: 0CVE-2019-2293
https://notcve.org/view.php?id=CVE-2019-2293
25 Jul 2019 — Pointer dereference while freeing IFE resources due to lack of length check of in port resource. in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX24 Una desreferencia del puntero mientras se liberan recursos de IFE debido a la falta de comprobación de longitud del recu... • https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 78EXPL: 0CVE-2019-2307
https://notcve.org/view.php?id=CVE-2019-2307
25 Jul 2019 — Possible integer underflow due to lack of validation before calculation of data length in 802.11 Rx management configuration in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / ... • http://www.securityfocus.com/bid/109383 • CWE-125: Out-of-bounds Read CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.8EPSS: 0%CPEs: 82EXPL: 0CVE-2019-2326
https://notcve.org/view.php?id=CVE-2019-2326
25 Jul 2019 — Data token is received from ADSP and is used without validation as an index into the array leads to out of bound access in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665,... • https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin • CWE-129: Improper Validation of Array Index •
CVSS: 7.8EPSS: 0%CPEs: 88EXPL: 0CVE-2019-2334
https://notcve.org/view.php?id=CVE-2019-2334
25 Jul 2019 — Null pointer dereferencing can happen when playing the clip with wrong block group id in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 /... • https://www.qualcomm.com/company/product-security/bulletins • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 80EXPL: 0CVE-2019-2299
https://notcve.org/view.php?id=CVE-2019-2299
25 Jul 2019 — An out-of-bound write can be triggered by a specially-crafted command supplied by a userspace application. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435,... • https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 8.8EPSS: 0%CPEs: 42EXPL: 0CVE-2019-2316
https://notcve.org/view.php?id=CVE-2019-2316
25 Jul 2019 — When computing the digest a local variable is used after going out of scope in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9640, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 845 / SD 850, SD 855, SDM660, SDX24 Cuando se calcula la digest, es usada una variable local después de salir del ámbito en los productos Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon ... • https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 58EXPL: 0CVE-2019-2298
https://notcve.org/view.php?id=CVE-2019-2298
25 Jul 2019 — Protection is missing while accessing md sessions info via macro which can lead to use-after-free in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 845 / SD 850, SD 855, SDM660, SDX20, SDX24 La protección e... • https://www.qualcomm.com/company/product-security/bulletins • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 90EXPL: 0CVE-2019-2328
https://notcve.org/view.php?id=CVE-2019-2328
25 Jul 2019 — Possible buffer overflow when number of channels passed is more than size of channel mapping array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD ... • https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 76EXPL: 0CVE-2019-2330
https://notcve.org/view.php?id=CVE-2019-2330
25 Jul 2019 — improper input validation in allocation request for secure allocations can lead to page fault. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9150, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712... • https://www.codeaurora.org/security-bulletin/2019/07/01/july-2019-code-aurora-security-bulletin • CWE-20: Improper Input Validation •