Total
163 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9212 | 1 Qualcomm | 16 Msm8909w, Msm8909w Firmware, Sd 205 and 13 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SD 800, lack of input validation while processing TZ_PR_CMD_SAVE_KEY command could lead to a buffer overread. | |||||
| CVE-2015-9199 | 1 Qualcomm | 40 Ipq4019, Ipq4019 Firmware, Mdm9625 and 37 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile IPQ4019, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, SD 810, SD 820, and SD 820A, A non-secure region check is done while registering QSEE buffer address which is passed by HLOS but not while logging in the QSEE buffer, so corruption of dynamically protected secure region can occur if the non-secure buffer is changed between the time it's checked and when it's used. | |||||
| CVE-2015-9158 | 1 Qualcomm | 54 Mdm9206, Mdm9206 Firmware, Mdm9650 and 51 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a QTEE crypto function, a buffer overflow can occur. | |||||
| CVE-2016-10467 | 1 Qualcomm | 32 Sd 205, Sd 205 Firmware, Sd 210 and 29 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 820, and SD 820A, function ce_pkcs1_pss_padding_verify_auto_recover_saltlen assumes that the size of the encoded message is equal to the size of the RSA modulus. This assumption is true for most RSA keys, but it fails when modulus_bitlen % 8 == 1. | |||||
| CVE-2015-9137 | 1 Qualcomm | 70 Mdm9206, Mdm9206 Firmware, Mdm9607 and 67 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, several EFS2 DIAG command handlers are not calling fs_diag_access_check(). | |||||
| CVE-2016-10485 | 1 Qualcomm | 52 Ipq4019, Ipq4019 Firmware, Mdm9206 and 49 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 810, and SDX20, lack of proper bounds checking may lead to a buffer overflow. | |||||
| CVE-2015-9163 | 1 Qualcomm | 54 Mdm9206, Mdm9206 Firmware, Mdm9650 and 51 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a PlayReady function, information exposure can occur. | |||||
| CVE-2016-10414 | 1 Qualcomm | 68 Mdm9206, Mdm9206 Firmware, Mdm9607 and 65 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, when a hash is passed with zero datalength, the code returns an error, even though zero data length is valid. | |||||
| CVE-2016-10410 | 1 Qualcomm | 68 Mdm9206, Mdm9206 Firmware, Mdm9607 and 65 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, buffer overflow vulnerability in RTP during Volte call. | |||||
| CVE-2015-9174 | 1 Qualcomm | 16 Sd 410, Sd 410 Firmware, Sd 412 and 13 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 617, SD 650/52, SD 800, SD 808, and SD 810, lack of validation of the return value prior to using for buffer allocation in QSEE application, TQS, may result in memory overwrite. | |||||
| CVE-2015-9198 | 1 Qualcomm | 70 Ipq4019, Ipq4019 Firmware, Mdm9206 and 67 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, integer underflow vulnerability in function qsee_register_log_buff may lead to arbitrary writing of secure memory. | |||||
| CVE-2015-9207 | 1 Qualcomm | 32 Msm8909w, Msm8909w Firmware, Sd 205 and 29 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810, lack of input validation in playready_getadditional_responsedata could lead to a buffer overread. | |||||
| CVE-2016-10457 | 1 Qualcomm | 52 Mdm9206, Mdm9206 Firmware, Mdm9607 and 49 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, app is requesting more permissions than required. | |||||
| CVE-2015-9171 | 1 Qualcomm | 52 Mdm9206, Mdm9206 Firmware, Mdm9650 and 49 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, if OEMCrypto_Dash_InstallEncapKeybox() is called with keyBoxLength set to a value higher than TZ_WV_MAX_DATA_LEN (20k), a buffer over-read occurs. | |||||
| CVE-2015-9140 | 1 Qualcomm | 54 Fsm9055, Fsm9055 Firmware, Mdm9206 and 51 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 810, and SDX20, unauthorized memory access possible in online memory dump feature. | |||||
| CVE-2016-10416 | 1 Qualcomm | 58 Mdm9206, Mdm9206 Firmware, Mdm9607 and 55 more | 2023-12-10 | 7.8 HIGH | 7.5 HIGH |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, and SD 820, UE crash is seen due to IPCMem exhaustion, when UDP data is pumped to UE's ULP (UserPlane Location protocol) UDP port 7275. | |||||
| CVE-2015-9176 | 1 Qualcomm | 54 Mdm9206, Mdm9206 Firmware, Mdm9650 and 51 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, Input_address is registered as a shared buffer and is not properly checked before use in OEMCrypto_Generic_Sign(). This allows addresses to be accessed that reside in secure/CP memory. | |||||
| CVE-2016-10476 | 1 Qualcomm | 52 Mdm9206, Mdm9206 Firmware, Mdm9607 and 49 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, missing array index checks on app index in function qcril_uim_clear_encrypted_pin results in accessing addresses outside the bounds of the buffer when app index is too large. | |||||
| CVE-2015-9160 | 1 Qualcomm | 58 Mdm9206, Mdm9206 Firmware, Mdm9607 and 55 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, integer overflow may occur when values passed from HLOS (graphics driver busy time, and total time) in TZBSP_GFX_DCVS_UPDATE_ID are very large. | |||||
| CVE-2016-10490 | 1 Qualcomm | 68 Mdm9206, Mdm9206 Firmware, Mdm9607 and 65 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
| In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, if a negative value is passed as argument "max" to qurt_qdi_state_local_new_handle_from_obj, an buffer overflow occurs, due to typecasting the signed integer to unsigned. | |||||