CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0CVE-2017-18282
https://notcve.org/view.php?id=CVE-2017-18282
23 Oct 2018 — Non-secure SW can cause SDCC to generate secure bus accesses, which may expose RPM access in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660. Un software inseguro puede provocar que SDCC genere accesos seguros al bus, lo que podría exponer el acceso RPM en Snapdragon Mobile y Snapdragon Wear en versiones MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835 y ... • http://www.securitytracker.com/id/1041432 •
CVSS: 5.5EPSS: 0%CPEs: 46EXPL: 0CVE-2017-18301
https://notcve.org/view.php?id=CVE-2017-18301
20 Sep 2018 — In Small Cell SoC and Snapdragon (Automobile, Mobile, Wear) in version FSM9055, FSM9955, MDM9607, MDM9640, MDM9650, MSM8909W, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, providing the NULL argument of ICE regulator while processing create key IOCTL results in system restart. En Small Cell SoC and Snapdragon (Automobile, Mobile y Wear) en versiones FSM9055, FSM9955, MDM9607, MDM9640, MDM9650, MSM8... • http://www.securitytracker.com/id/1041432 • CWE-476: NULL Pointer Dereference •
CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 0CVE-2018-11277
https://notcve.org/view.php?id=CVE-2018-11277
20 Sep 2018 — In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, the com.qualcomm.embms is a vendor package deployed in the system image which has an inadequate permission level and allows any application installed from Play Store to request this permission at install-time. The system application interfaces with the Radio Interface Layer leading to potential access cont... • https://www.qualcomm.com/company/product-security/bulletins • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 7.5EPSS: 0%CPEs: 72EXPL: 0CVE-2018-11291
https://notcve.org/view.php?id=CVE-2018-11291
20 Sep 2018 — In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, cryptographic issues due to the random number generator was not a strong one in NAN. En Snapdragon (Automobile, Mobile y Wear) e... • http://www.securityfocus.com/bid/107681 • CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) •
CVSS: 10.0EPSS: 0%CPEs: 58EXPL: 0CVE-2018-11287
https://notcve.org/view.php?id=CVE-2018-11287
20 Sep 2018 — In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, incorrect control flow implementation in Video while checking buffer sufficiency. En Snapdragon (Automobile, Mobile y Wear) en versiones MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/S... • https://source.android.com/security/bulletin/2018-09-01#qualcomm-closed-source-components • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 70EXPL: 0CVE-2018-11268
https://notcve.org/view.php?id=CVE-2018-11268
20 Sep 2018 — In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, a potential buffer overflow exists when parsing TFTP options. En Snapdragon (Automobile, Mobile y Wear) en versiones MDM9206, MDM9607, MDM9635M, MDM... • http://www.securityfocus.com/bid/106845 • CWE-129: Improper Validation of Array Index •
CVSS: 7.8EPSS: 0%CPEs: 78EXPL: 0CVE-2018-11267
https://notcve.org/view.php?id=CVE-2018-11267
20 Sep 2018 — In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, when sending an malformed XML data to deviceprogrammer/firehose it may do an out of bounds buffer write allowing a region of memory to be f... • http://www.securityfocus.com/bid/106128 • CWE-129: Improper Validation of Array Index •
CVSS: 8.8EPSS: 0%CPEs: 56EXPL: 0CVE-2018-11982
https://notcve.org/view.php?id=CVE-2018-11982
20 Sep 2018 — In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016, a double free of ASN1 heap memory used for EUTRA CAP container occurs during UTRAN to LTE Capability inquiry procedure. En Snapdragon (Mobile y Wear) en versiones MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, ... • https://www.qualcomm.com/company/product-security/bulletins • CWE-415: Double Free •
CVSS: 7.8EPSS: 0%CPEs: 60EXPL: 0CVE-2018-11292
https://notcve.org/view.php?id=CVE-2018-11292
20 Sep 2018 — In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, lack of input validation in WLANWMI command handlers can lead to integer & heap overflows. En Snapdragon (Automobile, Mobile y Wear) en versiones MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W... • http://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000051618 • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 4.7EPSS: 0%CPEs: 38EXPL: 0CVE-2017-18302
https://notcve.org/view.php?id=CVE-2017-18302
20 Sep 2018 — In Snapdragon (Automobile ,Mobile) in version MSM8996AU, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, a crafted HLOS client can modify the structure in memory passed to a QSEE application between the time of check and the time of use, resulting in arbitrary writes to TZ kernel memory regions. En Snapdragon (Automobile y Mobile) en versiones MSM8996AU, SD 425, SD 427, SD 430, SD 435, SD 45... • http://www.securitytracker.com/id/1041432 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •