U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
  • CPE Name Search: true
There are 731 matching records.
Displaying matches 561 through 580.
Vuln ID Summary CVSS Severity
CVE-2018-5837

In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG which produced repeating output much earlier than expected.

Published: September 20, 2018; 9:29:02 AM -0400 		V4.0:(not available)
 V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-11982

In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016, a double free of ASN1 heap memory used for EUTRA CAP container occurs during UTRAN to LTE Capability inquiry procedure.

Published: September 20, 2018; 9:29:02 AM -0400 		V4.0:(not available)
 V3.0: 8.8 HIGH
V2.0: 8.3 HIGH
CVE-2018-11292

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, lack of input validation in WLANWMI command handlers can lead to integer & heap overflows.

Published: September 20, 2018; 9:29:01 AM -0400 		V4.0:(not available)
 V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2018-11291

In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, cryptographic issues due to the random number generator was not a strong one in NAN.

Published: September 20, 2018; 9:29:01 AM -0400 		V4.0:(not available)
 V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-11290

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG in use.

Published: September 20, 2018; 9:29:01 AM -0400 		V4.0:(not available)
 V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-11287

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, incorrect control flow implementation in Video while checking buffer sufficiency.

Published: September 20, 2018; 9:29:01 AM -0400 		V4.0:(not available)
 V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2018-11285

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, while parsing FLAC file with corrupted picture block, a buffer over-read can occur.

Published: September 20, 2018; 9:29:01 AM -0400 		V4.0:(not available)
 V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2018-11269

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, a potential buffer overflow exists when parsing TFTP options.

Published: September 20, 2018; 9:29:01 AM -0400 		V4.0:(not available)
 V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2018-11268

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, a potential buffer overflow exists when parsing TFTP options.

Published: September 20, 2018; 9:29:00 AM -0400 		V4.0:(not available)
 V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2018-11267

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, when sending an malformed XML data to deviceprogrammer/firehose it may do an out of bounds buffer write allowing a region of memory to be filled with 0x20.

Published: September 20, 2018; 9:29:00 AM -0400 		V4.0:(not available)
 V3.0: 7.8 HIGH
V2.0: 7.2 HIGH
CVE-2017-18314

In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, on TZ cold boot the CNOC_QDSS RG0 locked by xBL_SEC is cleared by TZ.

Published: September 20, 2018; 9:29:00 AM -0400 		V4.0:(not available)
 V3.0: 9.8 CRITICAL
V2.0: 10.0 HIGH
CVE-2018-5894

Improper Validation of Array Index in Multimedia While parsing an mp4 file in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur.

Published: July 06, 2018; 1:29:02 PM -0400 		V4.0:(not available)
 V3.0: 6.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2018-5892

The Touch Pal application can collect user behavior data without awareness by the user in Snapdragon Mobile and Snapdragon Wear.

Published: July 06, 2018; 1:29:02 PM -0400 		V4.0:(not available)
 V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2018-5884

Improper Access Control in Multimedia in Snapdragon Mobile and Snapdragon Wear, Non-standard applications without permission may acquire permission of Qualcomm-specific proprietary intents.

Published: July 06, 2018; 1:29:01 PM -0400 		V4.0:(not available)
 V3.0: 8.4 HIGH
V2.0: 4.6 MEDIUM
CVE-2018-5882

While parsing a Flac file with a corrupted comment block, a buffer over-read can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.

Published: July 06, 2018; 1:29:01 PM -0400 		V4.0:(not available)
 V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-5878

While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.

Published: July 06, 2018; 1:29:01 PM -0400 		V4.0:(not available)
 V3.0: 9.8 CRITICAL
V2.0: 7.5 HIGH
CVE-2018-5876

While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.

Published: July 06, 2018; 1:29:01 PM -0400 		V4.0:(not available)
 V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-5875

While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.

Published: July 06, 2018; 1:29:01 PM -0400 		V4.0:(not available)
 V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-5874

While parsing an mp4 file, a stack-based buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.

Published: July 06, 2018; 1:29:01 PM -0400 		V4.0:(not available)
 V3.0: 8.8 HIGH
V2.0: 6.8 MEDIUM
CVE-2018-5838

Improper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur in SurfaceFlinger.

Published: July 06, 2018; 1:29:01 PM -0400 		V4.0:(not available)
 V3.0: 7.8 HIGH
V2.0: 4.6 MEDIUM