CVSS: 7.8EPSS: 0%CPEs: 84EXPL: 0CVE-2019-10489
https://notcve.org/view.php?id=CVE-2019-10489
30 Sep 2019 — Possible null-pointer dereference can occur while parsing avi clip during copy in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 73... • https://www.qualcomm.com/company/product-security/bulletins • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 86EXPL: 0CVE-2019-10497
https://notcve.org/view.php?id=CVE-2019-10497
30 Sep 2019 — Use after free issue occurs If another instance of open for voice_svc node has been called from application without closing the previous one. in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 6... • https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 88EXPL: 0CVE-2019-10498
https://notcve.org/view.php?id=CVE-2019-10498
30 Sep 2019 — Buffer overflow scenario if the client sends more than 5 io_vec requests to the server in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710... • https://www.qualcomm.com/company/product-security/bulletins • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 80EXPL: 0CVE-2019-10501
https://notcve.org/view.php?id=CVE-2019-10501
30 Sep 2019 — Possible use after free issue due to improper input validation in volume listener library in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 8... • https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin • CWE-20: Improper Input Validation CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 52EXPL: 0CVE-2019-10506
https://notcve.org/view.php?id=CVE-2019-10506
30 Sep 2019 — While processing QCA_NL80211_VENDOR_SUBCMD_AVOID_FREQUENCY vendor command, driver does not validate the data obtained from the user space which could be invalid and thus leads to an undesired behaviour in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS605, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 8... • https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 70EXPL: 0CVE-2019-10507
https://notcve.org/view.php?id=CVE-2019-10507
30 Sep 2019 — Lack of check of extscan change results received from firmware can lead to an out of buffer read in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS605, SD 210/SD 212/SD 205, SD 425, SD 430, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, S... • https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin • CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 64EXPL: 0CVE-2019-10509
https://notcve.org/view.php?id=CVE-2019-10509
30 Sep 2019 — Device record of the pairing device used after free during ACL disconnection in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM6... • https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin • CWE-416: Use After Free •
CVSS: 10.0EPSS: 0%CPEs: 54EXPL: 0CVE-2019-10538
https://notcve.org/view.php?id=CVE-2019-10538
30 Sep 2019 — Lack of check of address range received from firmware response allows modem to respond arbitrary pages into its address range which can compromise HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 845 / SD 850, SD 855, SDA660,... • https://www.codeaurora.org/security-bulletin/2019/08/05/august-2019-code-aurora-security-bulletin • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 98EXPL: 0CVE-2019-10539
https://notcve.org/view.php?id=CVE-2019-10539
30 Sep 2019 — Possible buffer overflow issue due to lack of length check when parsing the extended cap IE header length in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA8081, QCA9379, QCS404, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, ... • https://www.qualcomm.com/company/product-security/bulletins • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 10.0EPSS: 0%CPEs: 54EXPL: 0CVE-2019-10540
https://notcve.org/view.php?id=CVE-2019-10540
30 Sep 2019 — Buffer overflow in WLAN NAN function due to lack of check of count value received in NAN availability attribute in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MSM8996AU, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCS404, QCS405, QCS605, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, ... • https://www.qualcomm.com/company/product-security/bulletins • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •