Search Results (Refine Search)
- Search Type: Search All
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-11950 |
Unapproved TrustZone applications can be loaded and executed in Snapdragon Mobile in version SD 845, SD 850 Published: October 26, 2018; 9:29:01 AM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2018-11854 |
Lack of check of valid length of input parameter may cause buffer overwrite in WLAN in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660 Published: October 26, 2018; 9:29:01 AM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2018-11853 |
Lack of check on out of range for channels When processing channel list set command will lead to buffer flow in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016 Published: October 26, 2018; 9:29:01 AM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2018-11850 |
Lack of check on remaining length parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 625, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20 Published: October 26, 2018; 9:29:01 AM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2018-11849 |
Lack of check on out of range of bssid parameter When processing scan start command will lead to buffer flow in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9886, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016 Published: October 26, 2018; 9:29:01 AM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2018-11846 |
The use of a non-time-constant memory comparison operation can lead to timing/side channel attacks in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 845, SD 850 Published: October 26, 2018; 9:29:01 AM -0400 |
V3.0: 4.7 MEDIUM V2.0: 4.7 MEDIUM |
CVE-2018-11828 |
When FW tries to get random mac address generated from new SW RNG and ADC values read are constant then DUT get struck in loop while trying to get random ADC samples in Snapdragon Mobile in version SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52 Published: October 26, 2018; 9:29:01 AM -0400 |
V3.0: 7.5 HIGH V2.0: 7.8 HIGH |
CVE-2018-11824 |
A stack-based buffer overflow can occur in a firmware routine in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835, SD 845, SD 850, SDA660 Published: October 26, 2018; 9:29:01 AM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2018-11822 |
A possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660 Published: October 26, 2018; 9:29:00 AM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2018-11821 |
Possible integer overflow may happen in WLAN during memory allocation in Snapdragon Mobile, Snapdragon Wear in version IPQ8074, MDM9206, MDM9607, MDM9650, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 835, SD 845, SD 850, SDA660, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016 Published: October 26, 2018; 9:29:00 AM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2018-11305 |
When a series of FDAL messages are sent to the modem, a Use After Free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDA660, SDX20. Published: October 26, 2018; 9:29:00 AM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-18311 |
XPU Master privilege escalation is possible due to improper access control of unused configuration xPU ports where unused configuration ports are open in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016. Published: October 26, 2018; 9:29:00 AM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-18310 |
ClientEnv exposes services 0-32 to HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016 Published: October 26, 2018; 9:29:00 AM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-18309 |
A micro-core of QMP transportation may cause a macro-core to read from or write to arbitrary memory in Snapdragon Mobile in version SD 845, SD 850. Published: October 26, 2018; 9:29:00 AM -0400 |
V3.0: 7.1 HIGH V2.0: 6.6 MEDIUM |
CVE-2017-18308 |
Modem segments are unlocked after authentication, leaving modem segments open to all in Snapdragon Mobile, Snapdragon Wear in version MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430 Published: October 26, 2018; 9:29:00 AM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2017-18124 |
During secure boot, addition is performed on uint8 ptrs which led to overflow issue in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDX20 Published: October 26, 2018; 9:29:00 AM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2018-18656 |
The PureVPN client before 6.1.0 for Windows stores Login Credentials (username and password) in cleartext. The location of such files is %PROGRAMDATA%\purevpn\config\login.conf. Additionally, all local users can read this file. Published: October 26, 2018; 8:29:00 AM -0400 |
V3.0: 7.8 HIGH V2.0: 2.1 LOW |
CVE-2018-18655 |
Prayer through 1.3.5 sends a Referer header, containing a user's username, when a user clicks on a link in their email because header.t lacks a no-referrer setting. Published: October 25, 2018; 8:29:00 PM -0400 |
V3.0: 4.3 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-18654 |
Crossroads 2.81 does not properly handle the /tmp directory during a build of xr. A local attacker can first create a world-writable subdirectory in a certain location under the /tmp directory, wait until a user process copies xr there, and then replace the entire contents of this subdirectory to include a Trojan horse xr. Published: October 25, 2018; 8:29:00 PM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |
CVE-2018-18653 |
The Linux kernel, as used in Ubuntu 18.10 and when booted with UEFI Secure Boot enabled, allows privileged local users to bypass intended Secure Boot restrictions and execute untrusted code by loading arbitrary kernel modules. This occurs because a modified kernel/module.c, in conjunction with certain configuration options, leads to mishandling of the result of signature verification. Published: October 25, 2018; 8:29:00 PM -0400 |
V3.0: 7.8 HIGH V2.0: 7.2 HIGH |