ByteOS Network

Vulnerability Details :

CVE-2016-10446

Assigner Org ID-2cfc7d3e-20d3-47ac-8db7-1b7285aff15f

Published At-18 Apr, 2018 | 14:00

Updated At-16 Sep, 2024 | 19:46

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 820, SD 820A, and SD 835, incorrect configuration of the OCIMEM MPU may provide NonSecure Software access to OCIMEM memory used by TZ.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:qualcomm

Assigner Org ID:2cfc7d3e-20d3-47ac-8db7-1b7285aff15f

Published At:18 Apr, 2018 | 14:00

Updated At:16 Sep, 2024 | 19:46

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

Qualcomm Technologies, Inc.

Product

Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear

Versions

Affected

MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835

Problem Types

Type	CWE ID	Description
text	N/A	Incorrect configuration of OCIMEM MPU start and end addresses allowing NS side to access TZ assets

Type: text

CWE ID: N/A

Description: Incorrect configuration of OCIMEM MPU start and end addresses allowing NS side to access TZ assets

References

Hyperlink	Resource
https://source.android.com/security/bulletin/2018-04-01	x_refsource_CONFIRM
http://www.securityfocus.com/bid/103671	vdb-entry x_refsource_BID

Hyperlink: https://source.android.com/security/bulletin/2018-04-01

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.securityfocus.com/bid/103671

Resource:

vdb-entry

x_refsource_BID

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://source.android.com/security/bulletin/2018-04-01	x_refsource_CONFIRM x_transferred
http://www.securityfocus.com/bid/103671	vdb-entry x_refsource_BID x_transferred

Hyperlink: https://source.android.com/security/bulletin/2018-04-01

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.securityfocus.com/bid/103671

Resource:

vdb-entry

x_refsource_BID

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:product-security@qualcomm.com

Published At:18 Apr, 2018 | 14:29

Updated At:01 May, 2018 | 17:26

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	7.5	HIGH	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N

Type: Primary

Version: 3.0

Base score: 7.5

Base severity: HIGH

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:P/I:N/A:N

CPE Matches

Qualcomm Technologies, Inc.

>>mdm9206_firmware>>-

cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>mdm9206>>-

cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>mdm9650_firmware>>-

cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>mdm9650>>-

cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_210_firmware>>-

cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_210>>-

cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_212_firmware>>-

cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_212>>-

cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_205_firmware>>-

cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_205>>-

cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_820_firmware>>-

cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_820>>-

cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_835_firmware>>-

cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_835>>-

cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_820a_firmware>>-

cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_820a>>-

cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-16	Primary	nvd@nist.gov

CWE ID: CWE-16

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/103671	product-security@qualcomm.com	Third Party Advisory VDB Entry
https://source.android.com/security/bulletin/2018-04-01	product-security@qualcomm.com	Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/103671

Source: product-security@qualcomm.com

Resource:

Third Party Advisory

VDB Entry

Hyperlink: https://source.android.com/security/bulletin/2018-04-01

Source: product-security@qualcomm.com

Resource:

Vendor Advisory

Similar CVEs

103Records found

CVE-2019-1868

Matching Score-4

Assigner-Cisco Systems, Inc.

View Details

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-5.3||MEDIUM

EPSS-0.50% / 64.79%

7 Day CHG~0.00%

Published-05 Jun, 2019 | 16:25

Updated-19 Nov, 2024 | 19:06

Cisco Webex Meetings Server Information Disclosure Vulnerability

A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to access sensitive system information. The vulnerability is due to improper access control to files within the web-based management interface. An attacker could exploit this vulnerability by sending a malicious request to an affected device. A successful exploit could allow the attacker to access sensitive system information.

Vendor-Cisco Systems, Inc.

Product-webex_meetings_server Cisco WebEx Meetings Server

CWE ID-CWE-16

Not Available

CVE-2019-15993

Matching Score-4

Assigner-Cisco Systems, Inc.

View Details

Matching Score-4

Assigner-Cisco Systems, Inc.

CVSS Score-7.5||HIGH

EPSS-11.39% / 93.30%

7 Day CHG~0.00%

Published-23 Sep, 2020 | 00:26

Updated-13 Nov, 2024 | 18:03

Cisco Small Business Switches Information Disclosure Vulnerability

A vulnerability in the web UI of Cisco Small Business Switches could allow an unauthenticated, remote attacker to access sensitive device information. The vulnerability exists because the software lacks proper authentication controls to information accessible from the web UI. An attacker could exploit this vulnerability by sending a malicious HTTP request to the web UI of an affected device. A successful exploit could allow the attacker to access sensitive device information, which includes configuration files.

Vendor-Cisco Systems, Inc.

Product-sf550x-48mp sg250-10p_firmware sf250-24p sg300-10p_firmware sg250-18_firmware sg300-52_firmware sg500-52mp_firmware sg250x-24p_firmware sg300-52 sg250x-24p sg200-26 sg250-18 sg500-28 sg500x-48 sg350x-24mp sx550x-24 sg550x-48p_firmware sg200-50p_firmware sg200-26_firmware sg200-08p sf250-24p_firmware sf200-24_firmware sg300-20 sg500-28p sg350x-48_firmware sg350xg-24t sx550x-12f sf200-48 sg350x-24_firmware sf350-48p sf350-48 sg550x-48mp_firmware sg500x-24p sf300-48p sf300-24_firmware sg500-52 sf300-24mp_firmware sf550x-24mp_firmware sg500-28mpp_firmware sg500-52p sg350-28 sg350x-24mp_firmware sf250-24 sg500-52_firmware sf550x-48p_firmware sg550x-48p sg200-10fp sf300-24pp sg350x-48mp_firmware sg250x-24_firmware sg250-50hp_firmware sx550x-24ft_firmware sg350x-24 sg300-10mpp_firmware sg250x-24 sf550x-48_firmware sg200-50 sg300-52mp sg350-10p_firmware sg355-10p sg200-50p sg350-10p sg200-26fp_firmware sx550x-16ft_firmware sf200-48p_firmware sf302-08p_firmware sg500-52mp sg250-50p sg300-52p sf250-48 sg250-26hp sg250x-48p_firmware sg300-20_firmware sf500-24p_firmware sf500-48 sg300-10sfp sg550x-24_firmware sg200-50fp sg250x-48_firmware sg300-28_firmware sf302-08p sg500-28mpp sf500-24p sg250-50p_firmware sf200-24p_firmware sf302-08pp sf350-48p_firmware sg350xg-48t_firmware sf300-48 sg250-26 sg300-10sfp_firmware sg250x-48 sf550x-48mp_firmware sg350-28p_firmware sf550x-24_firmware sf250-48hp_firmware sg350xg-2f10 sg300-28pp sg300-52mp_firmware sf500-48_firmware sg350-10mp sg500-28p_firmware sf550x-48p sg550x-24mpp sf550x-24 sf500-48p sg350xg-24f_firmware sf200-24p sg500-52p_firmware sf500-48p_firmware sg300-28mp sf302-08mp_firmware sf350-48mp_firmware sf250-24_firmware sg350-28mp sg350x-48 sg350-28mp_firmware sg300-28pp_firmware sf302-08 sf200-24 sx550x-24f sg500x-48p sg250-26_firmware sg350-10mp_firmware sf302-08mpp_firmware sg355-10p_firmware sg550x-24mp_firmware sg500x-48p_firmware sg200-18_firmware sg300-10p sg300-52p_firmware sf300-48pp sg500x-24_firmware sg350xg-24t_firmware sg550x-48_firmware sf550x-24p_firmware sg350x-24p_firmware sg300-10mp_firmware sf302-08_firmware sg200-08p_firmware sf200-24fp_firmware sg550x-24 sg300-10mp sf300-08 sg300-10pp sg250-50_firmware sf350-48_firmware sg250-10p sg350xg-2f10_firmware sx550x-24f_firmware sg200-08 sg250-08 sg350-28p sg250-26hp_firmware sg200-26fp sg200-26p_firmware sg350xg-48t sf550x-48 sg300-28 sx550x-52_firmware sg200-10fp_firmware sg350-28_firmware sg300-10_firmware sg350-10 sg350x-48p sg250-08hp sg550x-24mp sx550x-16ft sf300-24p_firmware sg500x-24 sg550x-48mp sg350-10_firmware sx550x-24ft sx550x-52 sg250x-48p sg200-50fp_firmware sg500x-24p_firmware sg250-26p sg300-10pp_firmware sf550x-24p sg300-10 sf500-24 sf300-48p_firmware sf350-48mp sg250-50 sg550x-24p_firmware sf200-24fp sg300-10mpp sg500xg-8f8t_firmware sg300-28p sg550x-24p sg200-26p sf200-48p sf300-24p sf300-24 sg200-08_firmware sg350x-48mp sf302-08mpp sg550x-48 sf302-08mp sf250-48_firmware sg350x-48p_firmware sf300-48pp_firmware sg250-08_firmware sf300-24mp sg300-28mp_firmware sg350x-24p sf550x-24mp sx550x-12f_firmware sf302-08pp_firmware sg250-50hp sg550x-24mpp_firmware sf250-48hp sg200-18 sx550x-24_firmware sg200-50_firmware sg250-26p_firmware sg350xg-24f sf300-08_firmware sf200-48_firmware sg500x-48_firmware sg500xg-8f8t sg500-28_firmware sf500-24_firmware sg250-08hp_firmware sf300-48_firmware sf300-24pp_firmware sg300-28p_firmware Cisco Small Business 250 Series Smart Switches Software

CWE ID-CWE-16

Not Available

CWE ID-CWE-287

Improper Authentication

CVE-2021-31380

Matching Score-4

Assigner-Juniper Networks, Inc.

View Details

Matching Score-4

Assigner-Juniper Networks, Inc.

CVSS Score-5.3||MEDIUM

EPSS-0.17% / 39.20%

7 Day CHG~0.00%

Published-19 Oct, 2021 | 18:17

Updated-16 Sep, 2024 | 18:28

SRC Series: A remote attacker sending a specially crafted query may cause the web server to disclose sensitive information

A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to disclose sensitive information in the HTTP response which allows the attacker to obtain sensitive information.

Vendor-Juniper Networks, Inc.

Product-session_and_resource_control SRC Series

CWE ID-CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

CWE ID-CWE-16

Not Available

CVE-2016-10446

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs