Total
417 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10484 | 1 Qualcomm | 66 Ipq4019, Ipq4019 Firmware, Mdm9206 and 63 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, and SDX20, if a RPMB listener is registered with a very small buffer size, the calculation of the maximum transfer size for read and write operations may underflow, resulting in buffer overflow. | |||||
| CVE-2014-10052 | 1 Qualcomm | 56 Fsm9055, Fsm9055 Firmware, Ipq4019 and 53 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 810, SD 835, and SDX20, the reserved memory of TZ subsystem (like TZ apps and some PIL image subsystem) is not cleared after being used. | |||||
| CVE-2015-9182 | 1 Qualcomm | 54 Mdm9206, Mdm9206 Firmware, Mdm9650 and 51 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of input validation in OEMCrypto_GenerateSignature() can cause buffer over read. | |||||
| CVE-2015-9159 | 1 Qualcomm | 54 Mdm9206, Mdm9206 Firmware, Mdm9650 and 51 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of input validation OEMCrypto_GetRandom can cause potential buffer overflow. | |||||
| CVE-2015-9141 | 1 Qualcomm | 38 Mdm9206, Mdm9206 Firmware, Mdm9607 and 35 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 800, SD 808, and SD 810, in HHO scenarios, during the ACQ procedure, there are possible instances where the search database is incorrectly updated resulting in memory corruption due to buffer overflow. | |||||
| CVE-2017-18125 | 1 Qualcomm | 18 Mdm9206, Mdm9206 Firmware, Mdm9607 and 15 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, when secure camera is activated it stores captured data in protected buffers. The TEE application which uses secure camera expects those buffers to contain data captured during the current camera session. It is possible though for HLOS to put aside and reuse one or more of the protected buffers with previously captured data during next camera session. Such data reuse must be prevented as the TEE applications expects to receive valid data captured during the current session only. | |||||
| CVE-2016-10501 | 1 Qualcomm | 52 Fsm9055, Fsm9055 Firmware, Mdm9206 and 49 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, MDM9206, MDM9607, MDM9635M, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, and SD 835, improper input validation can occur while parsing an image. | |||||
| CVE-2015-9222 | 1 Qualcomm | 48 Msm8909w, Msm8909w Firmware, Sd 205 and 45 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, processing erroneous bitstreams may result in a HW freeze. FW should detect the HW freeze based on watchdog timer, but because the watchdog timer is not enabled, an infinite loop occurs, resulting in a device freeze. | |||||
| CVE-2015-9127 | 1 Qualcomm | 22 Msm8909w, Msm8909w Firmware, Sd 205 and 19 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, and SD 810, possible null pointer dereference occurs due to failure of memory allocation when a large value is passed for buffer allocation in the Playready App. | |||||
| CVE-2016-10424 | 1 Qualcomm | 48 Mdm9206, Mdm9206 Firmware, Mdm9650 and 45 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 820, SD 820A, SD 835, SD 845, and SD 850, upgrading LibPNG from 1.6.12 to 1.6.21 fixes multiple issues with different CWEs. | |||||
| CVE-2018-5878 | 1 Qualcomm | 24 Mdm9206, Mdm9206 Firmware, Mdm9607 and 21 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear. | |||||
| CVE-2014-10043 | 1 Qualcomm | 16 Msm8909w, Msm8909w Firmware, Sd 205 and 13 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SD 800, while reading PlayReady rights string information from command buffer (which is sent from non-secure side), if length of rights string is very large, a buffer over read occurs, exposing TZ App memory to non-secure side. | |||||
| CVE-2016-10487 | 1 Qualcomm | 52 Mdm9206, Mdm9206 Firmware, Mdm9607 and 49 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, in a QuRT API function, an untrusted pointer dereference can occur. | |||||
| CVE-2017-14911 | 1 Qualcomm | 28 Apq8096au, Apq8096au Firmware, Mdm9206 and 25 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile, Snapdragon Automobile APQ8096AU, MDM9206, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 625, SD 650/52, SD 820, SD 835, it is possible for the XBL loader to skip the authentication of device config. | |||||
| CVE-2015-9180 | 1 Qualcomm | 52 Mdm9206, Mdm9206 Firmware, Mdm9650 and 49 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, the response pointer passed from user space to SDMX_process is not checked before it is used. If the given response buffer length is smaller than 16 bytes, the response values will be written to a memory outside the buffer, possibly in the secure memory area. | |||||
| CVE-2017-18130 | 1 Qualcomm | 44 Mdm9206, Mdm9206 Firmware, Mdm9607 and 41 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 820, SD 820A, SD 835, SD 845, while playing an ASF file, a buffer over-read can potentially occur. | |||||
| CVE-2016-10447 | 1 Qualcomm | 40 Mdm9206, Mdm9206 Firmware, Mdm9607 and 37 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, and SDX20, secure UI crash due to uninitialized link list entry in dynamic font module. | |||||
| CVE-2016-10472 | 1 Qualcomm | 54 Mdm9206, Mdm9206 Firmware, Mdm9607 and 51 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, address and size passed to SCM command 'TZ_INFO_GET_SECURE_STATE_LEGACY_ID' from HLOS Kernel were not being checked, so access outside DDR would occur. | |||||
| CVE-2016-10437 | 1 Qualcomm | 56 Fsm9055, Fsm9055 Firmware, Mdm9206 and 53 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon Mobile, and Snapdragon Wear FSM9055, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, and SDX20, while logging debug statements or ftrace events from rmnet_data, the socket buffer function uses normal format specifiers which may result in information exposure. | |||||
| CVE-2018-5885 | 1 Qualcomm | 24 Msm8909w, Msm8909w Firmware, Msm8996au and 21 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
| While loading dynamic fonts, a buffer overflow may occur if the number of segments in the font file is out of range in Snapdragon Mobile and Snapdragon Wear. | |||||