Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2016-10481

Summary
Assigner-qualcomm
Assigner Org ID-2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At-18 Apr, 2018 | 14:00
Updated At-16 Sep, 2024 | 18:38
Rejected At-
Credits

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, if WLAN FW receives the WMI_STA_SMPS_PARAM_CMDID ioctl in not-associated state, when the virtual channel handle is not assigned, the code doesn't check for NULL virtual channel handle, so an assert occurs.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:qualcomm
Assigner Org ID:2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At:18 Apr, 2018 | 14:00
Updated At:16 Sep, 2024 | 18:38
Rejected At:
â–¼CVE Numbering Authority (CNA)

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, if WLAN FW receives the WMI_STA_SMPS_PARAM_CMDID ioctl in not-associated state, when the virtual channel handle is not assigned, the code doesn't check for NULL virtual channel handle, so an assert occurs.

Affected Products
Vendor
Qualcomm Technologies, Inc.Qualcomm, Inc.
Product
Snapdragon Mobile, Snapdragon Wear
Versions
Affected
  • MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, SDX20
Problem Types
TypeCWE IDDescription
textN/AReachable Assertion in WLAN.
Type: text
CWE ID: N/A
Description: Reachable Assertion in WLAN.
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://source.android.com/security/bulletin/2018-04-01
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103671
vdb-entry
x_refsource_BID
Hyperlink: https://source.android.com/security/bulletin/2018-04-01
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/103671
Resource:
vdb-entry
x_refsource_BID
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://source.android.com/security/bulletin/2018-04-01
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/103671
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://source.android.com/security/bulletin/2018-04-01
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/103671
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@qualcomm.com
Published At:18 Apr, 2018 | 14:29
Updated At:02 May, 2018 | 12:27

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, if WLAN FW receives the WMI_STA_SMPS_PARAM_CMDID ioctl in not-associated state, when the virtual channel handle is not assigned, the code doesn't check for NULL virtual channel handle, so an assert occurs.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.09.8CRITICAL
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary2.010.0HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
Type: Primary
Version: 3.0
Base score: 9.8
Base severity: CRITICAL
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 2.0
Base score: 10.0
Base severity: HIGH
Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C
CPE Matches
Qualcomm Technologies, Inc.
qualcomm
>>mdm9607_firmware>>-
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9607>>-
cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9635m_firmware>>-
cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9635m>>-
cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9640_firmware>>-
cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9640>>-
cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9650_firmware>>-
cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9650>>-
cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_210_firmware>>-
cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_210>>-
cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_212_firmware>>-
cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_212>>-
cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_205_firmware>>-
cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_205>>-
cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_425_firmware>>-
cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_425>>-
cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_600_firmware>>-
cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_600>>-
cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_625_firmware>>-
cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_625>>-
cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_650_firmware>>-
cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_650>>-
cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_652_firmware>>-
cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_652>>-
cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_808_firmware>>-
cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_808>>-
cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_810_firmware>>-
cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_810>>-
cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_820_firmware>>-
cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_820>>-
cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_835_firmware>>-
cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_835>>-
cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_845_firmware>>-
cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_845>>-
cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sdx20_firmware>>-
cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sdx20>>-
cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca4531_firmware>>-
cpe:2.3:o:qualcomm:qca4531_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca4531>>-
cpe:2.3:h:qualcomm:qca4531:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6174a_firmware>>-
cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6174a>>-
cpe:2.3:h:qualcomm:qca6174a:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6574au_firmware>>-
cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6574au>>-
cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6584_firmware>>-
cpe:2.3:o:qualcomm:qca6584_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6584>>-
cpe:2.3:h:qualcomm:qca6584:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6584au_firmware>>-
cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6584au>>-
cpe:2.3:h:qualcomm:qca6584au:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9377_firmware>>-
cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9377>>-
cpe:2.3:h:qualcomm:qca9377:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9378_firmware>>-
cpe:2.3:o:qualcomm:qca9378_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9378>>-
cpe:2.3:h:qualcomm:qca9378:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-17Primarynvd@nist.gov
CWE ID: CWE-17
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/103671product-security@qualcomm.com
Third Party Advisory
VDB Entry
https://source.android.com/security/bulletin/2018-04-01product-security@qualcomm.com
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/103671
Source: product-security@qualcomm.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://source.android.com/security/bulletin/2018-04-01
Source: product-security@qualcomm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

481Records found
CVE-2018-13886
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 16:44
Updated-05 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unchecked OTA field in GNSS XTRA3 lead to integer overflow and then buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaresd_632mdm9635m_firmwaremdm9640_firmwaresd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdm439mdm9650sd_636sm7150_firmwaresd_615_firmwaresnapdragon_high_med_2016_firmwaremsm8909w_firmwaremsm8996ausd_820sd_650sd_450_firmwaresd_845_firmwaresm7150sd_410sd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_652sd_425_firmwaresd_625_firmwaresd_450mdm9635mmdm9615sd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sxr1130_firmwaresd_210_firmwaresd_600sd_652_firmwaresd_415_firmwaresxr1130msm8909wsd_616_firmwaresd_205_firmwaresd_415sd_212sd_650_firmwaresd_427_firmwaresd_712sd_412sdx20sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435mdm9655_firmwaresd_615sd_710_firmwaresdm630sd_625qm215sd_820_firmwaresd_210mdm9607sd_636_firmwaresd_439_firmwaremdm9150sd_429_firmwaresnapdragon_high_med_2016sd_212_firmwaresd_850_firmwaremdm9655sdm439_firmwaresd_412_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwareqm215_firmwaresd_430sd_427sd_670sd_435_firmwaremdm9615_firmwaresdx20_firmwaresd_710sd_410_firmwaresd_600_firmwaresd_205sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-13898
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.29% / 51.67%
||
7 Day CHG~0.00%
Published-14 Jun, 2019 | 17:02
Updated-05 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-Bounds write due to incorrect array index check in PMIC in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaresd_632sd_675sd_439sd_670_firmwaresd_429sdx24sdm439mdm9650sd_636snapdragon_high_med_2016_firmwaresd_450_firmwaresd_845_firmwaresd_410qcs605_firmwaresd_675_firmwaremdm9206sd_425_firmwaresdx24_firmwaresd_625_firmwaresd_450sd_8cx_firmwaresd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sxr1130_firmwaresd_210_firmwaresxr1130sd_205_firmwaresd_212sd_427_firmwaresd_712sd_855sd_730_firmwaresd_412qualcomm_215sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435mdm9655_firmwaresd_710_firmwaresdm630qcs405sd_625sd_210mdm9607sd_636_firmwaresd_439_firmwarequalcomm_215_firmwaremdm9150sd_429_firmwaresd_730snapdragon_high_med_2016sd_212_firmwaresd_850_firmwaremdm9655sdm439_firmwareqcs405_firmwaresd_712_firmwaresd_412_firmwaresdm630_firmwaresda660_firmwaresd_8cxsd_430sd_427sd_670sd_435_firmwaresd_710sd_410_firmwaresd_205sdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-13924
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-22 Jul, 2019 | 13:47
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of check to prevent the buffer length taking negative values can lead to stack overflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA6174A, QCA8081, QCS404, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaresd_632mdm9635m_firmwaremdm9640_firmwaresd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdm439qcs404_firmwaremdm9650sd_636sd_615_firmwaresnapdragon_high_med_2016_firmwaremsm8909w_firmwaremsm8996ausd_820sd_650sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_652sd_425_firmwareqca6174asd_665qcs404sd_625_firmwareipq8074sd_450mdm9635msd_8cx_firmwaremdm9615sd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sxr1130_firmwaresd_210_firmwaresd_415_firmwaresd_652_firmwareqca8081_firmwaresxr1130msm8909wsd_665_firmwaresd_616_firmwaresd_205_firmwaresd_415sd_212sd_650_firmwaresd_427_firmwaresd_712sd_855sd_730_firmwarequalcomm_215sdx20sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435mdm9655_firmwaresd_615sd_710_firmwareqcs405sdm630sd_625ipq8074_firmwaresd_820_firmwaresd_210mdm9607sd_636_firmwaremdm9625_firmwaresd_439_firmwareqca8081qualcomm_215_firmwaremdm9150sd_429_firmwareqca6174a_firmwaresd_730sd_212_firmwaresnapdragon_high_med_2016sd_850_firmwaremdm9655sdm439_firmwareqcs405_firmwaresd_712_firmwaresd_855_firmwaresdm630_firmwaresda660_firmwaremdm9625sd_8cxsd_430sd_427sd_670sd_435_firmwaremdm9615_firmwaresdx20_firmwaresd_710sd_205sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-13925
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.46% / 63.79%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 16:44
Updated-05 Aug, 2024 | 09:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Error in parsing PMT table frees the memory allocated for the map section but does not reset the context map section reference causing heap use after free issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850sd_632sd_820amsm8996au_firmwaresd_439sd_670_firmwaresd_429sdm439mdm9650sd_636sd_615_firmwaresnapdragon_high_med_2016_firmwaremsm8909w_firmwaremsm8996ausd_820sd_650sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaremdm9206sd_652sd_425_firmwaresd_625_firmwaresd_450sd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sxr1130_firmwaresd_210_firmwaresd_600sd_652_firmwaresd_415_firmwaresxr1130msm8909wsd_616_firmwaresd_205_firmwaresd_415sd_212sd_650_firmwaresd_427_firmwaresd_712sd_855sdx20sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_615sd_710_firmwaresdm630sd_625qm215sd_820_firmwaresd_210mdm9607sd_636_firmwaresd_439_firmwaresd_429_firmwaresnapdragon_high_med_2016sd_212_firmwaresd_850_firmwaresdm439_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwareqm215_firmwaresd_430sd_427sd_670sd_435_firmwaresdx20_firmwaresd_710sd_600_firmwaresd_205sdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-416
Use After Free
CVE-2018-13904
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.39% / 59.57%
||
7 Day CHG~0.00%
Published-25 Feb, 2019 | 23:00
Updated-05 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in SCM handler to access storage in TZ can lead to unauthorized access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 410/12, SD 675, SD 712 / SD 710 / SD 670, SD 8CX, SXR1130.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_712mdm9206sd_675mdm9655sd_12sd_712_firmwaresd_8cx_firmwaresd_670_firmwaremdm9206_firmwaremdm9607_firmwaresd_710_firmwaremdm9655_firmwaremdm9650qcs605sd_8cxsd_670mdm9607mdm9650_firmwaresd_710sd_410_firmwaresd_12_firmwaresxr1130_firmwaresd_410sxr1130qcs605_firmwaresd_675_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-20
Improper Input Validation
CVE-2018-13887
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.48%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 16:44
Updated-05 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Untrusted header fields in GNSS XTRA3 function can lead to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8909W, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaremdm9635m_firmwaresd_632sd_675sd_439sd_670_firmwaresd_429sdm439mdm9650sd_636sm7150_firmwaremsm8909w_firmwaresd_450_firmwaresd_845_firmwaresm7150qcs605_firmwaresd_675_firmwaremdm9206sd_425_firmwaresd_625_firmwaresd_450mdm9635msd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sxr1130_firmwaresd_210_firmwaresd_600sxr1130msm8909wsd_205_firmwaresd_212sd_427_firmwaresd_712sdx20sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435mdm9655_firmwaresd_710_firmwaresdm630sd_625qm215mdm9607sd_210sd_636_firmwaresd_439_firmwaremdm9150sd_429_firmwaresd_212_firmwaresd_850_firmwaremdm9655sdm439_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwareqm215_firmwaresd_427sd_430sd_670sd_435_firmwaresd_710sdx20_firmwaresd_600_firmwaresd_205sdm660_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-11953
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 49.72%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 16:44
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While processing ssid IE length from remote AP, possible out-of-bounds access may occur due to crafted ssid IE length in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 650/52, SD 820, SD 820A, SDM439, SDX20

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaremdm9150_firmwaresd_632mdm9640_firmwaresd_820amsm8996au_firmwaresd_439sdx20sd_415sd_616sd_425sd_429sdm439mdm9607_firmwaresd_615mdm9650sd_650_firmwaresd_625qca6574ausd_615_firmwaremsm8909w_firmwaremdm9607msm8996auqm215sd_210sd_650sd_820_firmwaresd_820sd_450_firmwaresd_439_firmwaresd_820a_firmwaremdm9150sd_429_firmwaremdm9206sd_652qca6174a_firmwareqca6174aqca9379_firmwaresd_212_firmwaresd_425_firmwaresd_625_firmwaresd_450sdm439_firmwareqca9377mdm9206_firmwareqm215_firmwaresd_632_firmwaremdm9650_firmwaresdx20_firmwaresd_205qca6574au_firmwaresd_210_firmwaresd_415_firmwaresd_652_firmwaremsm8909wqca9379sd_616_firmwaresd_205_firmwaresd_212mdm9640Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-11955
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.32% / 54.81%
||
7 Day CHG~0.00%
Published-14 Jun, 2019 | 17:02
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of check on length of reason-code fetched from payload may lead driver access the memory not allocated to the frame and results in out of bound read in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 665, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM439, SDM660, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresd_850mdm9150_firmwaresd_632mdm9640_firmwaresd_820amsm8996au_firmwaresd_439sd_670_firmwaresd_429sdx24sdm439mdm9650sd_636sd_615_firmwaremsm8909w_firmwaremsm8996ausd_820sd_650sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaremdm9206sd_652sd_425_firmwareqca9379_firmwareqca6174asd_665sdx24_firmwaresd_625_firmwaresd_450qca9377sd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835qca6574au_firmwaresd_210_firmwaresd_600sd_652_firmwaresd_415_firmwaremsm8909wsd_665_firmwaresd_616_firmwaresd_205_firmwaresd_415sd_212sd_650_firmwaresd_427_firmwaresd_712sd_855sd_730_firmwarequalcomm_215sdx20sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_615sd_710_firmwareqcs405sd_625qca6574ausd_820_firmwaresd_210mdm9607sd_636_firmwaresd_439_firmwarequalcomm_215_firmwaremdm9150sd_429_firmwareqca6174a_firmwaresd_730sd_212_firmwaresd_850_firmwaresd_855_firmwaresdm439_firmwareqcs405_firmwaresd_712_firmwaresd_430sd_427sd_670sd_435_firmwaresdx20_firmwaresd_710sd_600_firmwaresd_205qca9379sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-11937
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 49.72%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 16:35
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of input validation before copying can lead to a buffer over read in WLAN function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24, SM7150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_427_firmwaresd_712sd_850mdm9150_firmwaresd_855mdm9640_firmwaresd_820asd_675msm8996au_firmwaresdx20sd_670_firmwaresd_425sdm660sdx24sd_430_firmwaremdm9607_firmwaresd_435mdm9650sd_636sd_710_firmwaresdm630sd_625qca6574ausm7150_firmwaremdm9607msm8996ausd_636_firmwaresd_450_firmwaresd_845_firmwaresm7150sd_820a_firmwaremdm9150qcs605_firmwaresd_675_firmwaremdm9206sd_425_firmwaresd_850_firmwaresdx24_firmwaresd_625_firmwaresd_450sd_855_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_845mdm9206_firmwareqcs605sd_427sd_430sd_670sd_435_firmwaresd_835_firmwaremdm9650_firmwaresd_710sdx20_firmwaresd_835qca6574au_firmwaresda660sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-11940
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 49.72%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 16:36
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of check in length before using memcpy in WLAN function can lead to OOB access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_712sd_850mdm9150_firmwaresd_855mdm9640_firmwaresd_820amsm8996au_firmwaresdx20sd_670_firmwaresdm660sdx24sdm630mdm9607_firmwaresd_710_firmwaresd_636mdm9650sd_625sd_820_firmwaremdm9607msm8996ausd_636_firmwaresd_820sd_845_firmwaresd_820a_firmwaremdm9150qcs605_firmwaremdm9206sd_850_firmwaresdx24_firmwaresd_625_firmwaresd_855_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_845mdm9206_firmwareqcs605sd_670sd_835_firmwaremdm9650_firmwaresd_710sdx20_firmwaresd_835sda660sxr1130_firmwaresxr1130sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-11945
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.35% / 57.21%
||
7 Day CHG~0.00%
Published-25 Feb, 2019 | 23:00
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in wireless service messaging module for data received from broadcast messages can lead to heap overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in versions MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaresd_632mdm9635m_firmwaremdm9640_firmwaresd_820asd_675msm8996au_firmwaresd_12sd_439sd_670_firmwaresd_429sdm439mdm9650sd_636sd_615_firmwaresnapdragon_high_med_2016_firmwaremsm8909w_firmwaremsm8996ausd_820sd_650sd_450_firmwaresd_845_firmwaresd_410sd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_425_firmwaresd_625_firmwaresd_450sd_16_firmwaremdm9635msd_8cx_firmwaremdm9615sd_845mdm9206_firmwareqcs605sd_52_firmwaresd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_12_firmwaresd_835sda660sxr1130_firmwaresd_210_firmwaresd_415_firmwaresxr1130msm8909wsd_205_firmwaresd_415sd_212sd_650_firmwaresd_427_firmwaresd_712sd_16sd_855sdx20sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435mdm9655_firmwaresd_615sd_710_firmwaresdm630sd_625sd_820_firmwaresd_210mdm9607sd_636_firmwaremdm9625_firmwaresd_439_firmwaremdm9150sd_429_firmwaresnapdragon_high_med_2016sd_212_firmwaresd_850_firmwaremdm9655sdm439_firmwaresd_855_firmwaresd_712_firmwaresd_52sdm630_firmwaresda660_firmwaremdm9625sd_8cxsd_430sd_427sd_670sd_435_firmwaremdm9615_firmwaresdx20_firmwaresd_710sd_410_firmwaresd_205sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-787
Out-of-bounds Write
CVE-2018-11930
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 49.72%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 16:35
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation on input data which is used to locate and copy the additional IEs in WLAN function can lead to potential integer truncation issue in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_427_firmwaresd_850mdm9150_firmwaresd_632sd_855mdm9640_firmwaresd_820asd_675msm8996au_firmwaresd_439sdx20sd_425sd_429sdm660sd_430_firmwaremdm9607_firmwaresd_435mdm9650sd_636sdm439sdm630sd_625sm7150_firmwareqm215mdm9607msm8996ausd_636_firmwaresd_450_firmwaresd_845_firmwaresm7150sd_439_firmwaresd_820a_firmwaremdm9150qcs605_firmwaresd_429_firmwaresd_675_firmwaremdm9206sd_425_firmwaresd_850_firmwaresdx24_firmwaresd_625_firmwaresd_450sd_855_firmwaresdm439_firmwaresdm630_firmwaresda660_firmwaresd_845qm215_firmwareqcs605mdm9206_firmwaresd_427sd_430sd_435_firmwaresd_632_firmwaremdm9650_firmwaresd_835_firmwaresdx20_firmwaresd_835sda660sdx24sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2018-11949
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 49.72%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 16:44
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Failure to initialize the extra buffer can lead to an out of buffer access in WLAN function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_427_firmwaresd_712sd_850mdm9150_firmwaresd_855mdm9640_firmwaresd_820amsm8996au_firmwaresdx20sd_670_firmwaresd_425sdm660sdx24sd_430_firmwaremdm9607_firmwaresd_435mdm9650sd_636sd_710_firmwaresdm630sd_625mdm9607msm8996ausd_636_firmwaresd_450_firmwaresd_845_firmwaresd_820a_firmwaremdm9150qcs605_firmwaremdm9206sd_425_firmwaresd_850_firmwaresdx24_firmwaresd_625_firmwaresd_450sd_855_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_845mdm9206_firmwareqcs605sd_427sd_430sd_670sd_435_firmwaresd_835_firmwaremdm9650_firmwaresd_710sdx20_firmwaresd_835sda660sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-665
Improper Initialization
CVE-2018-11271
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.27% / 50.19%
||
7 Day CHG~0.00%
Published-24 May, 2019 | 16:32
Updated-05 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication can happen on Remote command handling due to inappropriate handling of events in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SM7150, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850sd_632sd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdm439mdm9650sd_636sm7150_firmwaresd_615_firmwaresnapdragon_high_med_2016_firmwaremsm8909w_firmwaremsm8996ausd_820sd_650sd_450_firmwaresd_845_firmwaresm7150sd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_652sd_425_firmwaresd_625_firmwaresd_450sd_845mdm9206_firmwareqcs605sd855sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sxr1130_firmwaresd_210_firmwaresd_415_firmwaresd_652_firmwaresxr1130msm8909wsd_616_firmwaresd_205_firmwaresd_415sd_212sd_650_firmwaresd_427_firmwaresd_712sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_615sd_710_firmwaresdm630sd_625qm215sd_820_firmwaresd_210mdm9607sd_636_firmwaresd_439_firmwaresd_429_firmwaresnapdragon_high_med_2016sd_212_firmwaresd_850_firmwaresdm439_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwareqm215_firmwaresd_430sd_427sd_670sd_435_firmwaresd855_firmwaresd_710sd_205sdm660_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-287
Improper Authentication
CVE-2019-2249
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.48% / 64.68%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 17:11
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Kernel can do a memory read from arbitrary address passed by user during execution of a syscall in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9205, MDM9650, QCA8081, QCS605, SD 427, SD 435, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_427_firmwaresd_712sd_850sd_855sd_730_firmwaresd_675sdx20sd_670_firmwaresdm660sdm630sd_710_firmwaresd_435mdm9650sd_636sd_625ipq8074_firmwaresnapdragon_high_med_2016_firmwaresd_636_firmwaresd_450_firmwaresd_845_firmwareqca8081qcs605_firmwaresd_675_firmwaresd_730snapdragon_high_med_2016sd_665sd_850_firmwaresd_625_firmwareipq8074sd_450sd_712_firmwaresdm630_firmwaremdm9205_firmwaresd_8cx_firmwaresda660_firmwaremdm9205sd_845sd_427qcs605sd_8cxsd_670sd_435_firmwaresd_835_firmwaremdm9650_firmwaresd_710sdx20_firmwaresd_835sda660sxr1130_firmwareqca8081_firmwaresxr1130sd_665_firmwaresdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-2323
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.48%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 17:11
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of check to ensure crypto engine data passed by user is initialized can result in bus error in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaresd_632mdm9640_firmwaresd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdx24sdm439mdm9650sd_636msm8909w_firmwaremsm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_425_firmwaresd_665sdx24_firmwaresd_625_firmwaresd_450sd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sd_210_firmwaremsm8909wsd_665_firmwaresd_205_firmwaresd_212sd_427_firmwaresd_712sd_855sd_730_firmwarequalcomm_215sdx20sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_710_firmwaresdm630qcs405sd_625sd_820_firmwaresd_210mdm9607sd_636_firmwaresd_439_firmwarequalcomm_215_firmwaremdm9150sd_429_firmwaresd_730sd_212_firmwaresd_850_firmwaresd_855_firmwaresdm439_firmwareqcs405_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_430sd_427sd_670sd_435_firmwaresdx20_firmwaresd_710sd_205sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-1187
DEPRECATED: Use of Uninitialized Resource
CVE-2019-2307
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.64% / 69.95%
||
7 Day CHG~0.00%
Published-25 Jul, 2019 | 16:33
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible integer underflow due to lack of validation before calculation of data length in 802.11 Rx management configuration in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDM630, SDM660, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresd_850mdm9150_firmwaremdm9640_firmwaresd_820asd_675msm8996au_firmwaresd_670_firmwaresdx24mdm9650sd_636msm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_425_firmwareqca9379_firmwareqca6174asd_665sdx24_firmwaresd_625_firmwaresd_450qca9377sd_845mdm9206_firmwareqcs605sd_835_firmwaremdm9650_firmwaresd_835qca6574au_firmwaresd_210_firmwaresd_600sd_665_firmwaresd_205_firmwaresd_212sd_427_firmwaresd_712sd_855sd_730_firmwaresdx20sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_710_firmwaresdm630qcs405sd_625qca6574ausd_820_firmwaresd_210mdm9607sd_636_firmwaremdm9150qca6174a_firmwaresd_730sd_212_firmwaresd_850_firmwaresd_855_firmwareqcs405_firmwaresd_712_firmwaresdm630_firmwaresd_430sd_427sd_670sd_435_firmwaresdx20_firmwaresd_710sd_600_firmwaresd_205qca9379sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2019-2311
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow in WLAN handler due to lack of validation of destination buffer size before copying it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996, MSM8996AU, MSM8998, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCS605, SA6155P, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareapq8096_firmwaremdm9640_firmwaremsm8996au_firmwaresdm845apq8096sdx24mdm9650sm7150_firmwaresm6150qca6574msm8996ausm7150apq8009_firmwaresdm670qcs605_firmwaremdm9206qca9379_firmwareqca6174asdm670_firmwaresdx24_firmwareqca6584au_firmwareipq8074sdm636sda845_firmwareqca9377apq8098mdm9206_firmwareqca6574_firmwareqca9886qcs605qca6584_firmwaremdm9650_firmwareqca6584qca6574au_firmwaresda660sxr1130_firmwareqca8081_firmwaresxr1130apq8009apq8053_firmwaresda845sdm850_firmwareqca6584ausa6155p_firmwaresdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660sdm630mdm9607_firmwareipq8074_firmwareqca6574ausdm710mdm9607apq8017_firmwaresdm710_firmwaresa6155pqca8081mdm9207c_firmwaremsm8996_firmwaremdm9207cqca6174a_firmwareqca9886_firmwaresm8150_firmwareapq8096ausdm630_firmwaresda660_firmwareapq8053sm6150_firmwareapq8096au_firmwaremsm8998sm8150sdx20_firmwaresdm850apq8017msm8996qca9379sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-2305
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.32% / 54.81%
||
7 Day CHG~0.00%
Published-25 Jul, 2019 | 16:33
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound access when reason code is extracted from frame data without validating the frame length in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCS405, QCS605, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresd_850mdm9150_firmwaremdm9640_firmwaresd_820asd_675msm8996au_firmwaresd_670_firmwaresdx24mdm9650sd_636msm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206qca9379_firmwareqca6174asd_425_firmwaresd_665sdx24_firmwaresd_625_firmwaresd_450qca9377sd_845mdm9206_firmwareqcs605mdm9640sd_835_firmwaremdm9650_firmwaresd_835qca6574au_firmwaresda660sd_665_firmwaresd_427_firmwaresd_712sd_855sd_730_firmwaresdx20sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_710_firmwaresdm630qcs405sd_625qca6574ausd_820_firmwaremdm9607sd_636_firmwaremdm9150qca6174a_firmwaresd_730sd_850_firmwareqcs405_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_427sd_430sd_670sd_435_firmwaresd_710sdx20_firmwareqca9379sdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-2242
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.38% / 58.85%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 05:25
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Device memory may get corrupted because of buffer overflow/underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8016, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SM6150, SM7150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwaremdm9635m_firmwareapq8096_firmwaremdm9640_firmwareqcm2150_firmwaresdm632_firmwaremsm8996au_firmwaresdm845sdm450_firmwaresdm632apq8096sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996aumdm9645sm7150apq8009_firmwaremsm8917sdm670qcs605_firmwaresdm670_firmwaresdm636sda845_firmwaremdm9635mapq8098mdm9615msm8939qcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sxr1130_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsdm850_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwareqcm2150apq8016_firmwaresdm630mdm9607_firmwaremsm8920_firmwaremdm9655_firmwaresdm660sdm710qm215mdm9607mdm9645_firmwareapq8017_firmwaremdm9625_firmwaresdm710_firmwaremsm8939_firmwaremdm9150msm8937msm8905msm8909mdm9655apq8096ausdm439_firmwaresdm630_firmwaresda660_firmwaremdm9625apq8016qm215_firmwaremsm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaremdm9615_firmwaremsm8998sdx20_firmwaresdm850apq8017nicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-2253
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.37% / 58.30%
||
7 Day CHG~0.00%
Published-25 Jul, 2019 | 16:33
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer over-read can occur while parsing an ogg file with a corrupted comment block. in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 600, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaresd_632sd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdm439mdm9650sd_636sd_615_firmwaremsm8909w_firmwaremsm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_425_firmwaresd_665sd_625_firmwaresd_450sd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sd_210_firmwaresd_600sd_415_firmwaremsm8909wsd_665_firmwaresd_616_firmwaresd_205_firmwaresd_415sd_212sd_427_firmwaresd_712sd_855sd_730_firmwarequalcomm_215sdx20sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_615sd_710_firmwaresdm630qcs405sd_625sd_820_firmwaresd_210mdm9607sd_636_firmwaresd_439_firmwarequalcomm_215_firmwaremdm9150sd_429_firmwaresd_730sd_212_firmwaresd_850_firmwaresdm439_firmwareqcs405_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_430sd_427sd_670sd_435_firmwaresdx20_firmwaresd_710sd_600_firmwaresd_205sdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-2259
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.48%
||
7 Day CHG~0.00%
Published-14 Jun, 2019 | 17:02
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Resource allocation error while playing the video whose dimensions are more than supported dimension in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850sd_632sd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdm439sd_636snapdragon_high_med_2016_firmwaremsm8909w_firmwaremsm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaresd_425_firmwaresd_625_firmwaresd_450sd_8cx_firmwaresd_845qcs605sd_632_firmwaresd_835_firmwaresd_835sda660sxr1130_firmwaresd_210_firmwaresxr1130msm8909wsd_205_firmwaresd_212sd_427_firmwaresd_712sd_855sd_730_firmwaresd_425sdm660sd_430_firmwaresd_710_firmwaresd_435sdm630sd_625qm215sd_210sd_636_firmwaresd_820_firmwaresd_439_firmwaresd_429_firmwaresd_730snapdragon_high_med_2016sd_212_firmwaresd_850_firmwaresdm439_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwareqm215_firmwaresd_427sd_430sd_8cxsd_670sd_435_firmwaresd_710sd_205sdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2019-2283
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.31% / 53.96%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 17:11
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of read and write index of tx and rx fifo`s before calculating pointer can lead to out-of-bound access in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaresd_632mdm9640_firmwaresd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdx24sdm439mdm9650sd_636msm8909w_firmwaremsm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_425_firmwaresdx24_firmwaresd_625_firmwaresd_450sd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sd_210_firmwaremsm8909wsd_205_firmwaresd_212sd_427_firmwaresd_712sd_855sd_730_firmwarequalcomm_215sdx20sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_710_firmwaresdm630sd_625sd_820_firmwaresd_210mdm9607sd_636_firmwaresd_439_firmwarequalcomm_215_firmwaremdm9150sd_429_firmwaresd_730sd_212_firmwaresd_850_firmwaresd_855_firmwaresdm439_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_430sd_427sd_670sd_435_firmwaresdx20_firmwaresd_710sd_205sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-787
Out-of-bounds Write
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-2287
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.32% / 54.81%
||
7 Day CHG~0.00%
Published-22 Jul, 2019 | 13:47
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation for inputs received from firmware can lead to an out of bound write issue in video driver. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaresd_632mdm9640_firmwaresd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdx24sdm439mdm9650sd_636msm8909w_firmwaremsm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_425_firmwaresd_665sdx24_firmwaresd_625_firmwaresd_450sd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835qca6574au_firmwaresda660sd_210_firmwaremsm8909wsd_665_firmwaresd_205_firmwaresd_212sd_427_firmwaresd_712sd_855sd_730_firmwarequalcomm_215sdx20sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_710_firmwaresdm630qcs405sd_625qca6574ausd_820_firmwaresd_210mdm9607sd_636_firmwaresd_439_firmwarequalcomm_215_firmwaremdm9150sd_429_firmwaresd_730sd_212_firmwaresd_850_firmwaresd_855_firmwaresdm439_firmwareqcs405_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_430sd_427sd_670sd_435_firmwaresdx20_firmwaresd_710sd_205sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-2325
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.48%
||
7 Day CHG~0.00%
Published-06 Nov, 2019 | 17:11
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of boundary access due to token received from ADSP and is used without validation as an index into the array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaresd_632mdm9640_firmwaresd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdx24sdm439mdm9650sd_636sd_615_firmwaremsm8909w_firmwaremsm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaremdm9206sd_425_firmwaresd_665sdx24_firmwaresd_625_firmwaresd_450sd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sd_210_firmwaresd_415_firmwaremsm8909wsd_665_firmwaresd_616_firmwaresd_205_firmwaresd_415sd_212sd_427_firmwaresd_712sd_855sd_730_firmwarequalcomm_215sdx20sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435sd_615sd_710_firmwaresdm630qcs405sd_625sd_820_firmwaresd_210mdm9607sd_636_firmwaresd_439_firmwarequalcomm_215_firmwaremdm9150sd_429_firmwaresd_730sd_212_firmwaresd_850_firmwaresd_855_firmwaresdm439_firmwareqcs405_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwaresd_430sd_427sd_670sd_435_firmwaresdx20_firmwaresd_710sd_205sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-129
Improper Validation of Array Index
CVE-2019-2256
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.66% / 70.53%
||
7 Day CHG~0.00%
Published-14 Jun, 2019 | 17:02
Updated-04 Aug, 2024 | 18:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unprivileged user can craft a bitstream such that the payload encoded in the bitstream gains code execution in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850sd_632sd_820asd_675msm8996au_firmwaresd_439sd_670_firmwaresd_429sdm439mdm9650sd_636snapdragon_high_med_2016_firmwaremsm8909w_firmwaremsm8996ausd_820sd_450_firmwaresd_845_firmwaresd_820a_firmwareqcs605_firmwaresd_675_firmwaresd_425_firmwaresd_625_firmwaresd_450sd_8cx_firmwaresd_845qcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sxr1130_firmwaresd_210_firmwaresxr1130msm8909wsd_205_firmwaresd_212sd_427_firmwaresd_712sd_855sd_425sdm660sd_430_firmwaresd_710_firmwaresd_435sdm630sd_625qm215sd_210sd_636_firmwaresd_820_firmwaresd_439_firmwaresd_429_firmwaresnapdragon_high_med_2016sd_212_firmwaresd_850_firmwaresdm439_firmwaresd_712_firmwaresdm630_firmwaresda660_firmwareqm215_firmwaresd_427sd_430sd_8cxsd_670sd_435_firmwaresd_710sd_205sdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CVE-2017-9709
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.43%
||
7 Day CHG~0.00%
Published-05 Dec, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a privilege escalation vulnerability exists in telephony.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CVE-2019-10586
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Filling media attribute tag names without validating the destination buffer size which can result in the buffer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, Rennell, SC8180X, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwaremdm9635m_firmwareqcm2150_firmwaremdm9640_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdx24sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996aumdm9645sdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670qcs605_firmwaresc8180xmdm9206sdm670_firmwaresdx24_firmwaresdm636sda845_firmwaremdm9635mapq8098mdm9615mdm9205mdm9206_firmwareqcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsdm850_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwareqcm2150msm8920_firmwaresdm630mdm9607_firmwaresdm660mdm9655_firmwaresc8180x_firmwaresdm710qm215mdm9607mdm9645_firmwareapq8017_firmwaremdm9625_firmwaresdm710_firmwaremdm9150msm8937msm8905sm8150_firmwaremsm8909mdm9655apq8096ausdm439_firmwarerennellsdm630_firmwaremdm9205_firmwaresda660_firmwaremdm9625rennell_firmwareqm215_firmwaresdx55msm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaremdm9615_firmwaremsm8998sm8150sdx20_firmwaresdm850apq8017nicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2017-8274
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.21% / 42.77%
||
7 Day CHG~0.00%
Published-11 Apr, 2018 | 15:00
Updated-16 Sep, 2024 | 16:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, an access control vulnerability exists in Core.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206sd_652sd_425_firmwaresd_212_firmwaresd_625_firmwaresd_450sd_425sd_430_firmwaremdm9607_firmwaremdm9206_firmwaresd_430sd_625msm8909w_firmwaremdm9607sd_210sd_212sd_650sd_205sd_450_firmwaresd_210_firmwaresd_652_firmwaremsm8909wsd_205_firmwaresd_650_firmwareSnapdragon Mobile, Snapdragon Wear
CVE-2019-10538
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.44%
||
7 Day CHG~0.00%
Published-30 Sep, 2019 | 15:40
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Lack of check of address range received from firmware response allows modem to respond arbitrary pages into its address range which can compromise HLOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8909W, MSM8996AU, QCS405, QCS605, Qualcomm 215, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM660, SDX20, SDX24

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_712sd_850sd_632sd_855sd_730_firmwaresd_820aqualcomm_215sd_675msm8996au_firmwaresd_439sdx20sd_670_firmwaresd_429sd_425sdm660sdm439sd_710_firmwaresdx24sd_636qcs405sd_625msm8909w_firmwaremsm8996ausd_636_firmwaresd_450_firmwaresd_845_firmwaresd_439_firmwaresd_820a_firmwarequalcomm_215_firmwaresd_429_firmwareqcs605_firmwaresd_675_firmwaresd_425_firmwaresd_730sd_665sd_850_firmwaresdx24_firmwaresd_625_firmwaresd_450sdm439_firmwareqcs405_firmwaresd_712_firmwaresda660_firmwaresd_845qcs605sd_670sd_632_firmwaresd_710sdx20_firmwaresda660msm8909wsd_665_firmwaresdm660_firmwaresd_855_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-20
Improper Input Validation
CVE-2017-8275
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.21% / 42.77%
||
7 Day CHG~0.00%
Published-11 Apr, 2018 | 15:00
Updated-16 Sep, 2024 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 820, SD 835, an integer overflow vulnerability exists in a video library.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_652sd_212_firmwaresd_800_firmwaresd_625_firmwaresd_450sd_808_firmwaresd_400sd_430_firmwaresd_430sd_650_firmwaresd_625sd_210sd_820_firmwaresd_820sd_835_firmwaresd_650sd_808sd_835sd_205sd_450_firmwaresd_800sd_210_firmwaresd_652_firmwaresd_617sd_400_firmwaresd_205_firmwaresd_212sd_617_firmwareSnapdragon Mobile
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-10516
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.48%
||
7 Day CHG~0.00%
Published-18 Dec, 2019 | 05:25
Updated-04 Aug, 2024 | 22:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple read overflows in MM while decoding service accept,service reject,attach reject and MT detach in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9150_firmwaremdm9635m_firmwareapq8096_firmwaremdm9640_firmwareqcm2150_firmwaresdm632_firmwaremsm8996au_firmwaresdm845sdm450_firmwaresdm632apq8096sdx24sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996aumdm9645sm7150apq8009_firmwaremsm8917sdm670qcs605_firmwaresc8180xmdm9206sdm670_firmwaresdx24_firmwaresdm636sda845_firmwaremdm9635mapq8098mdm9205mdm9206_firmwaremsm8939qcs605msm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwaresda660sdx55_firmwaresxr1130_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsdm850_firmwaremsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwareqcm2150msm8920_firmwaresdm630mdm9607_firmwaresdm660mdm9655_firmwaresc8180x_firmwaresdm710qm215mdm9607mdm9645_firmwareapq8017_firmwaremdm9625_firmwaresdm710_firmwaremsm8939_firmwaremdm9150msm8937msm8905sm8150_firmwaremsm8909mdm9655apq8096ausdm439_firmwaresdm630_firmwaremdm9205_firmwaresda660_firmwaremdm9625qm215_firmwaresdx55msm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaremsm8998sm8150sdx20_firmwaresdm850apq8017nicobar_firmwaresdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-125
Out-of-bounds Read
CVE-2003-0143
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-10||HIGH
EPSS-8.82% / 92.34%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name.

Action-Not Available
Vendor-n/aQualcomm Technologies, Inc.
Product-qpoppern/a
CVE-2017-8248
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-2.38% / 84.65%
||
7 Day CHG~0.00%
Published-16 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation.

Action-Not Available
Vendor-Apple Inc.Qualcomm Technologies, Inc.
Product-iphone_osTelephony
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2019-14111
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow while handling NAN reception of NMF in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018, IPQ8074, Nicobar, QCA6390, QCA8081, QCN7605, QCS404, QCS405, Rennell, SC7180, SC8180X, SM6150, SM7150, SM8150, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-ipq6018qcs404sm8150_firmwaresxr2130_firmwareipq8074qcs405_firmwarerennellsc7180qcn7605rennell_firmwareqca6390ipq6018_firmwareqcs404_firmwaresc8180x_firmwareqcs405sm7150_firmwareipq8074_firmwaresm6150_firmwaresm6150sc7180_firmwaresm8150sm7150qca6390_firmwareqcn7605_firmwareqca8081_firmwarenicobar_firmwareqca8081sxr2130sc8180xnicobarSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-14134
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.31% / 53.96%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible out of bound access in WLAN handler when the received value of length in rx path is shorter than the expected value of country IE in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in IPQ8074, QCA8081, QCS605, SDA845, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwaresdm670_firmwaresm8150_firmwareipq8074sda845_firmwaresdm845qcs605sm7150_firmwareipq8074_firmwaresm6150_firmwaresdm710sm6150sm8150sdm850sdm710_firmwaresxr1130_firmwaresm7150qca8081_firmwaresxr1130sdm670qca8081qcs605_firmwaresda845sdm845_firmwareSnapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-14110
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow can occur in function wlan firmware while copying association frame content if frame length is more than the maximum buffer size in case of SAP mode in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS404, QCS405, QCS605, Rennell, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareapq8096_firmwaremdm9640_firmwareqca4531_firmwaremsm8996au_firmwaresdm845apq8096sdx24qcs404_firmwaremdm9650sm7150_firmwaresm6150msm8996ausm7150apq8009_firmwaresdm670sxr2130qcs605_firmwaresc8180xmdm9206qca6564qca9379_firmwareqca6174asdm670_firmwareqcs404sdx24_firmwareqca6584au_firmwareipq8074sdm636sda845_firmwareqca9377qca4531apq8098qcn7605ipq6018_firmwaremdm9206_firmwareqcs605qca9886qca6584_firmwaremdm9650_firmwareqca6584qca6574au_firmwaresda660sxr1130_firmwareapq8064_firmwareqca8081_firmwaresxr1130apq8009apq8053_firmwaresda845nicobarsdm850_firmwareqca6584ausa6155p_firmwaresdm636_firmwareapq8064sdm845_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660sdm630mdm9607_firmwaresc8180x_firmwareqcs405ipq8074_firmwareqca6574ausdm710sc7180_firmwaremdm9607apq8017_firmwaresdm710_firmwareqcn7605_firmwaresa6155pqca8081mdm9207c_firmwaremsm8996_firmwareipq6018mdm9207cqca6174a_firmwareqca9886_firmwareqca6564_firmwaresm8150_firmwaresxr2130_firmwareapq8096auqcs405_firmwarerennellsc7180sdm630_firmwaresda660_firmwarerennell_firmwareapq8053sm6150_firmwareapq8096au_firmwaremsm8998sm8150sdx20_firmwaresdm850apq8017msm8996nicobar_firmwareqca9379sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-14114
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.86%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow in WLAN firmware while parsing GTK IE containing GTK key having length more than the buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS404, QCS405, QCS605, Rennell, SA6155P, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareqca4531_firmwaremdm9640_firmwaremsm8996au_firmwaresdm845sdx24qcs404_firmwaremdm9650sm7150_firmwaresm6150qca6574msm8996ausm7150apq8009_firmwaresdm670sxr2130qcs605_firmwaresc8180xmdm9206qca6564qca9379_firmwareqca6174asdm670_firmwareqcs404sdx24_firmwareqca6584au_firmwareipq8074sdm636sda845_firmwareqca9377qca4531apq8098qcn7605ipq6018_firmwaremdm9206_firmwareqca6574_firmwareqca9886qcs605qca6584_firmwaremdm9650_firmwareqca6584qca6574au_firmwaresda660sxr1130_firmwareapq8064_firmwareqca8081_firmwaresxr1130apq8009apq8053_firmwaresda845nicobarsdm850_firmwareqca6584ausa6155p_firmwaresdm636_firmwareapq8064sdm845_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660sdm630mdm9607_firmwaresc8180x_firmwareqcs405ipq8074_firmwareqca6574ausdm710sc7180_firmwaremdm9607apq8017_firmwaresdm710_firmwareqcn7605_firmwaresa6155pqca8081mdm9207c_firmwareipq6018mdm9207cqca6174a_firmwareqca9886_firmwareqca6564_firmwaresm8150_firmwaresxr2130_firmwareapq8096auqcs405_firmwarerennellsc7180sdm630_firmwaresda660_firmwarerennell_firmwareapq8053sm6150_firmwareapq8096au_firmwaremsm8998sm8150sdx20_firmwaresdm850apq8017nicobar_firmwareqca9379sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-14132
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.48%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer over-write when this 0-byte buffer is typecasted to some other structure and hence memory corruption in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile in QCS605, SA6155P, SM8150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa6155p_firmwaresm8150_firmwaresm8150sa6155pqcs605qcs605_firmwareSnapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-14098
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow in data offload handler due to lack of check of keydata length when copying data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096, APQ8096AU, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996AU, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9379, QCA9886, QCS405, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareapq8096_firmwaremdm9640_firmwareqca4531_firmwaremsm8996au_firmwaresdm845apq8096sdx24mdm9650sm7150_firmwaresm6150qca6574msm8996ausm7150apq8009_firmwaresdm670sxr2130qcs605_firmwaresc8180xmdm9206qca6564qca9379_firmwareqca6174asdm670_firmwaresdx24_firmwareqca6584au_firmwareipq8074sdm636qca9377qca4531ipq6018_firmwaremdm9206_firmwareqca6574_firmwareqca9886qcs605qca6584_firmwaremdm9650_firmwareqca6584qca6574au_firmwaresda660sxr1130_firmwareapq8064_firmwaresxr1130apq8009apq8053_firmwarenicobarqca6584ausa6155p_firmwaresdm636_firmwareapq8064sdm845_firmwaresdx20sdm660sdm630mdm9607_firmwaresc8180x_firmwareqcs405ipq8074_firmwareqca6574ausdm710mdm9607apq8017_firmwaresdm710_firmwaresa6155pmdm9207c_firmwareipq6018mdm9207cqca6174a_firmwareqca9886_firmwareqca6564_firmwaresm8150_firmwaresxr2130_firmwareapq8096auqcs405_firmwarerennellsdm630_firmwaresda660_firmwarerennell_firmwareapq8053sm6150_firmwareapq8096au_firmwaresm8150sdx20_firmwareapq8017nicobar_firmwareqca9379sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-14131
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.48%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound write can occur in radio measurement request if STA receives multiple invalid rrm measurement request from AP in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8053, APQ8096AU, MSM8998, Nicobar, QCA6574AU, QCS605, Rennell, SA6155P, Saipan, SC8180X, SDM660, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa6155p_firmwaresdm845sdx20msm8998_firmwaresdm660sdx24sm8250_firmwaresc8180x_firmwaresm7150_firmwareqca6574ausdm710sm6150sdm710_firmwaresm7150sa6155psxr2130qcs605_firmwaresc8180xsm8150_firmwaresdx24_firmwaresxr2130_firmwareapq8096aurennellrennell_firmwareqcs605sdx55apq8053apq8096au_firmwaresaipan_firmwaresm6150_firmwaresm8250msm8998sm8150sdx20_firmwareqca6574au_firmwaresdx55_firmwarenicobar_firmwaresaipanapq8053_firmwaresdm660_firmwarenicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-14083
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.40% / 59.83%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While parsing Service Descriptor Extended Attribute received as part of SDF frame, there is a possibility that incorrect length is specified in the attribute length field of extended SSI which can lead to integer underflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096, APQ8098, IPQ6018, IPQ8074, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6390, QCA6574AU, QCA8081, QCA9377, QCA9379, QCN7605, QCS404, QCS405, QCS605, Rennell, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareapq8096_firmwaremsm8996au_firmwaresdm845apq8096sdx24qcs404_firmwaresm7150_firmwaresm6150msm8996ausm7150qca6390_firmwareapq8009_firmwaresdm670sxr2130qcs605_firmwaresc8180xqca9379_firmwareqca6174asdm670_firmwareqcs404sdx24_firmwareipq8074sdm636sda845_firmwareqca9377apq8098qcn7605ipq6018_firmwareqcs605qca6574au_firmwaresda660sxr1130_firmwareqca8081_firmwaresxr1130apq8009apq8053_firmwaresda845nicobarsdm850_firmwaresdm636_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660sdm630sc8180x_firmwareqcs405ipq8074_firmwareqca6574ausdm710sdm710_firmwareqcn7605_firmwareqca8081ipq6018qca6174a_firmwaresm8150_firmwaresxr2130_firmwareqcs405_firmwarerennellsdm630_firmwaresda660_firmwarerennell_firmwareqca6390apq8053sm6150_firmwaremsm8998sm8150sdx20_firmwaresdm850nicobar_firmwareqca9379sdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-191
Integer Underflow (Wrap or Wraparound)
CVE-2019-14112
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Potential buffer overflow while processing CBF frames due to lack of check of buffer length before copy in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in APQ8098, IPQ6018, IPQ8074, MSM8998, Nicobar, QCA8081, QCN7605, QCS404, QCS605, Rennell, SC7180, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwaresdm636_firmwareapq8098_firmwaresdm845msm8998_firmwaresdm660sdm630qcs404_firmwaresc8180x_firmwaresm7150_firmwareipq8074_firmwaresdm710sc7180_firmwaresm6150sdm710_firmwaresm7150qcn7605_firmwaresdm670qca8081sxr2130qcs605_firmwaresc8180xipq6018sdm670_firmwareqcs404sm8150_firmwaresxr2130_firmwareipq8074sdm636sda845_firmwarerennellsc7180sdm630_firmwareapq8098qcn7605sda660_firmwarerennell_firmwareipq6018_firmwareqcs605sm6150_firmwaremsm8998sm8150sdm850sda660sxr1130_firmwareqca8081_firmwarenicobar_firmwaresxr1130sdm660_firmwaresda845nicobarsdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-14097
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow in WLAN Parser due to lack of length check when copying data in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9607, MDM9640, MDM9650, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCN7605, QCS405, QCS605, Rennell, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareapq8096_firmwaremdm9640_firmwaremsm8996au_firmwaresdm845apq8096mdm9650sm7150_firmwaresm6150qca6574msm8996ausm7150sdm670sxr2130qcs605_firmwaresc8180xqca9379_firmwareqca6174asdm670_firmwareqca6584au_firmwareipq8074sdm636sda845_firmwareqca9377apq8098qcn7605ipq6018_firmwareqca6574_firmwareqcs605qca6584_firmwaremdm9650_firmwareqca6584qca6574au_firmwaresda660sxr1130_firmwareqca8081_firmwaresxr1130sda845nicobarsdm850_firmwareqca6584ausa6155p_firmwaresdm636_firmwaresdm845_firmwareapq8098_firmwaremsm8998_firmwaresdm660sdm630mdm9607_firmwaresm8250_firmwaresc8180x_firmwareqcs405ipq8074_firmwareqca6574ausdm710mdm9607sdm710_firmwareqcn7605_firmwaresa6155pqca8081ipq6018qca6174a_firmwaresm8150_firmwaresxr2130_firmwareapq8096auqcs405_firmwarerennellsdm630_firmwaresda660_firmwarerennell_firmwaresm6150_firmwareapq8096au_firmwaresm8250msm8998sm8150sdm850nicobar_firmwareqca9379sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-14086
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.48%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible integer overflow while checking the length of frame which is a 32 bit integer and is added to another 32 bit integer which can lead to unexpected result during the check in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, MDM9607, MSM8998, QCA6584, QCN7605, QCS605, SDA660, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm850_firmwaresdm636_firmwareapq8098_firmwaresdm845msm8998_firmwaresdm660sdm630mdm9607_firmwaresm7150_firmwaresdm710sm6150mdm9607sdm710_firmwaresm7150qcn7605_firmwaresdm670qcs605_firmwaresdm670_firmwaresm8150_firmwaresdm636sdm630_firmwareapq8098qcn7605sda660_firmwareqcs605sm6150_firmwareqca6584_firmwaremsm8998sm8150sdm850qca6584sda660sxr1130_firmwaresxr1130sdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-14127
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 10:46
Updated-05 Aug, 2024 | 00:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible buffer overflow while playing mkv clip due to lack of validation of atom size buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCS605, QM215, Rennell, SA6155P, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdm439sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaremdm9206sdm670_firmwaresdm636apq8098mdm9206_firmwareqcs605msm8937_firmwaresdm429_firmwaremsm8905_firmwaresda660sxr1130_firmwareapq8064_firmwaresxr1130msm8909wapq8009apq8053_firmwarenicobarsa6155p_firmwaremsm8920msm8953sdm450sdm636_firmwareapq8064apq8098_firmwaresdx20msm8998_firmwaresdm660msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwaresdm710qm215mdm9607apq8017_firmwaresdm710_firmwaresa6155pmsm8937mdm9207c_firmwaremsm8905mdm9207csm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwarerennellsdm630_firmwaresda660_firmwarerennell_firmwareqm215_firmwaremsm8953_firmwaremsm8940saipan_firmwaresm6150_firmwareapq8053msm8917_firmwareapq8096au_firmwaremsm8998sm8150sdx20_firmwaresm8250apq8017saipannicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-14005
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.36% / 57.38%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 06:30
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow occur while playing the clip which is nonstandard due to lack of check of size duration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, Rennell, SA6155P, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdm439sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaremdm9206sdm670_firmwaresdm636sda845_firmwareapq8098mdm9206_firmwaremsm8939qcs605msm8937_firmwaresdm429_firmwaremsm8905_firmwareapq8064_firmwaremsm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsa6155p_firmwaremsm8920msm8953sdm450sdm636_firmwareapq8064apq8098_firmwaresdx20sdm660msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwaresdm710qm215mdm9607apq8017_firmwaresdm710_firmwaremsm8939_firmwaresa6155pmsm8937mdm9207c_firmwaremsm8996_firmwaremsm8905mdm9207csm8150_firmwaremsm8909sxr2130_firmwareapq8096ausdm439_firmwarerennellsdm630_firmwarerennell_firmwareqm215_firmwaremsm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8250sm8150sdx20_firmwareapq8017msm8996nicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-14031
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.43% / 61.86%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Buffer overflow can occur while parsing RSN IE containing list of PMK ID`s which are more than the buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8996, MSM8996AU, MSM8998, Nicobar, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9886, QCN7605, QCS405, QCS605, SA6155P, SC8180X, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareapq8096_firmwaremdm9640_firmwareqca4531_firmwaremsm8996au_firmwaresdm845apq8096sdx24mdm9650sm7150_firmwaresm6150qca6574msm8996ausm7150apq8009_firmwaresdm670sxr2130qcs605_firmwaresc8180xmdm9206qca6564qca9379_firmwareqca6174asdm670_firmwaresdx24_firmwareqca6584au_firmwareipq8074sdm636sda845_firmwareqca9377qca4531apq8098qcn7605ipq6018_firmwaremdm9206_firmwareqca6574_firmwareqca9886qcs605qca6584_firmwaremdm9650_firmwareqca6584qca6574au_firmwaresda660sxr1130_firmwareapq8064_firmwareqca8081_firmwaresxr1130apq8009apq8053_firmwaresda845nicobarsdm850_firmwareqca6584ausa6155p_firmwaresdm636_firmwareapq8064sdm845_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660sdm630mdm9607_firmwaresm8250_firmwaresc8180x_firmwareqcs405ipq8074_firmwareqca6574ausdm710mdm9607apq8017_firmwaresdm710_firmwareqcn7605_firmwaresa6155pqca8081mdm9207c_firmwaremsm8996_firmwareipq6018mdm9207cqca6174a_firmwareqca9886_firmwareqca6564_firmwaresm8150_firmwaresxr2130_firmwareapq8096auqcs405_firmwaresdm630_firmwaresda660_firmwareapq8053sm6150_firmwareapq8096au_firmwaresm8250msm8998sm8150sdx20_firmwaresdm850apq8017msm8996nicobar_firmwareqca9379sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2019-14016
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.48%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 06:30
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow occurs while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCS605, QM215, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdm439sdm429msm8940_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwareapq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaremdm9206sdm670_firmwaresda845_firmwareapq8098mdm9206_firmwaremsm8939qcs605msm8937_firmwaresdm429_firmwaremsm8905_firmwaresda660sxr1130_firmwareapq8064_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsa6155p_firmwaremsm8920msm8953sdm450apq8064apq8098_firmwaresdx20sdm660msm8920_firmwaremdm9607_firmwaresm8250_firmwaresdm710qm215mdm9607apq8017_firmwaresdm710_firmwaremsm8939_firmwaresa6155pmsm8937mdm9207c_firmwaremsm8996_firmwaremsm8905mdm9207csm8150_firmwaremsm8909sxr2130_firmwareapq8096ausdm439_firmwaresda660_firmwareqm215_firmwaremsm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8250sm8150sdx20_firmwareapq8017msm8996nicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2019-14013
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.40% / 59.83%
||
7 Day CHG~0.00%
Published-21 Jan, 2020 | 06:30
Updated-05 Aug, 2024 | 00:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While parsing invalid super index table, elements within super index table may exceed total chunk size and invalid data is read into the table in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996, MSM8996AU, Nicobar, QCM2150, QCS405, QCS605, QM215, Rennell, SA6155P, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm2150_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdm439sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaremdm9206sdm670_firmwaresdm636sda845_firmwareapq8098mdm9206_firmwaremsm8939qcs605msm8937_firmwaresdm429_firmwaremsm8905_firmwaresda660sxr1130_firmwareapq8064_firmwaresxr1130msm8909wapq8009msm8909_firmwareapq8053_firmwaresda845nicobarsa6155p_firmwaremsm8920msm8953sdm450sdm636_firmwareapq8064apq8098_firmwaresdx20qcm2150msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwaresdm660qcs405sdm710qm215mdm9607apq8017_firmwaresdm710_firmwaremsm8939_firmwaresa6155pmsm8937mdm9207c_firmwaremsm8996_firmwaremsm8905mdm9207csm8150_firmwaremsm8909sxr2130_firmwareapq8096ausdm439_firmwareqcs405_firmwarerennellsdm630_firmwaresda660_firmwarerennell_firmwareqm215_firmwaremsm8953_firmwaremsm8940sm6150_firmwareapq8053apq8096au_firmwaremsm8917_firmwaresm8250sm8150sdx20_firmwareapq8017msm8996nicobar_firmwaresdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 9
  • 10
  • Next
Details not found