Total
393 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2016-10454 | 1 Qualcomm | 8 Sd 425, Sd 425 Firmware, Sd 430 and 5 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 425, SD 430, SD 450, and SD 625, in a QTEE API function, an array out-of-bounds index can occur. | |||||
CVE-2015-9213 | 1 Qualcomm | 70 Mdm9206, Mdm9206 Firmware, Mdm9607 and 67 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, the DIAG-EFS command EFS2_DIAG_DELTREE, which is handled by the function fs_diag_deltree_handler(), is used to delete files and directories only inside the /public folder. | |||||
CVE-2016-10472 | 1 Qualcomm | 54 Mdm9206, Mdm9206 Firmware, Mdm9607 and 51 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, address and size passed to SCM command 'TZ_INFO_GET_SECURE_STATE_LEGACY_ID' from HLOS Kernel were not being checked, so access outside DDR would occur. | |||||
CVE-2014-10057 | 1 Qualcomm | 28 Mdm9615, Mdm9615 Firmware, Mdm9625 and 25 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 435, SD 617, SD 625, and Snapdragon_High_Med_2016, binary Calibration files under data/misc/audio have 777 permissions. | |||||
CVE-2015-9163 | 1 Qualcomm | 54 Mdm9206, Mdm9206 Firmware, Mdm9650 and 51 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a PlayReady function, information exposure can occur. | |||||
CVE-2015-9180 | 1 Qualcomm | 52 Mdm9206, Mdm9206 Firmware, Mdm9650 and 49 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, the response pointer passed from user space to SDMX_process is not checked before it is used. If the given response buffer length is smaller than 16 bytes, the response values will be written to a memory outside the buffer, possibly in the secure memory area. | |||||
CVE-2014-9987 | 1 Qualcomm | 48 Mdm9206, Mdm9206 Firmware, Mdm9650 and 45 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, a buffer over-read can occur in a DRM API. | |||||
CVE-2016-10471 | 1 Qualcomm | 16 Sd 425, Sd 425 Firmware, Sd 430 and 13 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, an unsigned RTIC health report susceptible to tampering by malware executing in the context of the HLOS may be requested. | |||||
CVE-2017-18072 | 1 Qualcomm | 76 Mdm9206, Mdm9206 Firmware, Mdm9607 and 73 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the probe requests originated from user's phone contains the information elements which specifies the supported wifi features. This shall impact the user's privacy if someone sniffs the probe requests originated by this DUT. Hence, control the presence of which information elements is supported. | |||||
CVE-2015-9166 | 1 Qualcomm | 58 Ipq4019, Ipq4019 Firmware, Mdm9206 and 55 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, DRM provisioning mechanisms used in QSEE applications have a feature to prevent further provisioning. This is done by creating an SFS file called 'finalize_prov_flag.data' at the end of provisioning. When this feature is enabled, provisioning calls check for the existence of the file in order to decide whether to do provisioning or not. Current implementation allows provisioning without sufficient checks. | |||||
CVE-2015-9211 | 1 Qualcomm | 54 Mdm9206, Mdm9206 Firmware, Mdm9650 and 51 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, while provising the Playready module, a buffer overread may occur if the message passed is large. | |||||
CVE-2016-10455 | 1 Qualcomm | 68 Mdm9206, Mdm9206 Firmware, Mdm9607 and 65 more | 2024-02-04 | 7.8 HIGH | 7.5 HIGH |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, improper initialization of ike_sa_handle_ptr in IPSEC leads to system denial of service. | |||||
CVE-2015-9148 | 1 Qualcomm | 48 Mdm9625, Mdm9625 Firmware, Mdm9635m and 45 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, SD 400, SD 425, SD 430, SD 450, SD 600, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, in the Diag User-PD command registration function, a length variable used during buffer allocation is not checked, so if it is very large, an integer overflow followed by a buffer overflow occurs. | |||||
CVE-2016-10417 | 1 Qualcomm | 64 Ipq4019, Ipq4019 Firmware, Mdm9206 and 61 more | 2024-02-04 | 9.3 HIGH | 8.1 HIGH |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, and SDX20, in QTEE, a TOCTOU vulnerability exists due to improper access control. | |||||
CVE-2015-9159 | 1 Qualcomm | 54 Mdm9206, Mdm9206 Firmware, Mdm9650 and 51 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of input validation OEMCrypto_GetRandom can cause potential buffer overflow. | |||||
CVE-2018-5876 | 1 Qualcomm | 48 Mdm9206, Mdm9206 Firmware, Mdm9607 and 45 more | 2024-02-04 | 6.8 MEDIUM | 8.8 HIGH |
While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. | |||||
CVE-2015-9160 | 1 Qualcomm | 58 Mdm9206, Mdm9206 Firmware, Mdm9607 and 55 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, integer overflow may occur when values passed from HLOS (graphics driver busy time, and total time) in TZBSP_GFX_DCVS_UPDATE_ID are very large. | |||||
CVE-2016-10423 | 1 Qualcomm | 16 Sd 425, Sd 425 Firmware, Sd 430 and 13 more | 2024-02-04 | 5.0 MEDIUM | 7.5 HIGH |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, when a Trusted Application has opened the SPI interface to a particular device, it is possible for another Trusted Application to read the data on this open interface due to non-exclusive access of the SPI bus. | |||||
CVE-2016-10424 | 1 Qualcomm | 48 Mdm9206, Mdm9206 Firmware, Mdm9650 and 45 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 820, SD 820A, SD 835, SD 845, and SD 850, upgrading LibPNG from 1.6.12 to 1.6.21 fixes multiple issues with different CWEs. | |||||
CVE-2015-9145 | 1 Qualcomm | 52 Mdm9206, Mdm9206 Firmware, Mdm9607 and 49 more | 2024-02-04 | 10.0 HIGH | 9.8 CRITICAL |
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, lack of input validation in NPA driver functions leads to null pointer dereference. |