CVSS: 10.0EPSS: 0%CPEs: 56EXPL: 0CVE-2017-18146
https://notcve.org/view.php?id=CVE-2017-18146
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, in some corner cases, ECDSA signature verification can fail. En Android, antes del nivel de parche de seguridad del 2018-04-05 en Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845 y SD 850, en algunos casos corner, la verificación de firmas ECDSA puede fallar. • http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01 • CWE-347: Improper Verification of Cryptographic Signature •
CVSS: 10.0EPSS: 0%CPEs: 8EXPL: 0CVE-2017-14915
https://notcve.org/view.php?id=CVE-2017-14915
In Android before 2018-01-05 on Qualcomm Snapdragon Mobile SD 625, SD 650/52, SD 835, accessing SPCOM functions with a compromised client structure can result in a Use After Free condition. En Android en versiones anteriores al 2018-01-05 en Qualcomm Snapdragon Mobile SD 625, SD 650/52 y SD 835, acceder a las funciones SPCOM con una estructura de cliente comprometida puede resultar en una condición de uso de memoria previamente liberada. • http://www.securityfocus.com/bid/102386 http://www.securitytracker.com/id/1040106 https://source.android.com/security/bulletin/2018-01-01 • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 44EXPL: 0CVE-2017-14912
https://notcve.org/view.php?id=CVE-2017-14912
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile [VERSION]: MDM9206, MDM9607, MDM9650, MSM8909W, SD 200, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 835, the attributes of buffers in Secure Display were not marked properly. En Android en versiones anteriores al 2018-01-05 en Qualcomm Snapdragon IoT, Snapdragon Mobile [VERSION]: MDM9206, MDM9607, MDM9650, MSM8909W, SD 200, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800 y SD 835, los atributos de los búfers en Secure Display no se han marcado correctamente. • http://www.securityfocus.com/bid/102386 http://www.securitytracker.com/id/1040106 https://source.android.com/security/bulletin/2018-01-01 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 12EXPL: 0CVE-2017-14913
https://notcve.org/view.php?id=CVE-2017-14913
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile MDM9206, SD 625, SD 650/52, SD 835, SD 845, DDR address input validation is being improperly truncated. En Android en versiones anteriores al 2018-01-05 en Qualcomm Snapdragon IoT y Snapdragon Mobile MDM9206, SD 625, SD 650/52, SD 835 y SD 845, la validación de entradas de la dirección DDR se está truncando incorrectamente. • http://www.securityfocus.com/bid/102386 http://www.securitytracker.com/id/1040106 https://source.android.com/security/bulletin/2018-01-01 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 28EXPL: 0CVE-2017-14911
https://notcve.org/view.php?id=CVE-2017-14911
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile, Snapdragon Automobile APQ8096AU, MDM9206, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 625, SD 650/52, SD 820, SD 835, it is possible for the XBL loader to skip the authentication of device config. En Android en versiones anteriores al 2018-01-05 en Qualcomm Snapdragon IoT, Snapdragon Mobile, Snapdragon Automobile APQ8096AU, MDM9206, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 625, SD 650/52, SD 820 y SD 835, es posible que el cargador XBL omita la autenticación de la configuración del dispositivo. • http://www.securityfocus.com/bid/102386 http://www.securitytracker.com/id/1040106 https://source.android.com/security/bulletin/2018-01-01 • CWE-287: Improper Authentication •