Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-18072

Summary
Assigner-qualcomm
Assigner Org ID-2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At-11 Apr, 2018 | 15:00
Updated At-17 Sep, 2024 | 03:03
Rejected At-
Credits

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the probe requests originated from user's phone contains the information elements which specifies the supported wifi features. This shall impact the user's privacy if someone sniffs the probe requests originated by this DUT. Hence, control the presence of which information elements is supported.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:qualcomm
Assigner Org ID:2cfc7d3e-20d3-47ac-8db7-1b7285aff15f
Published At:11 Apr, 2018 | 15:00
Updated At:17 Sep, 2024 | 03:03
Rejected At:
▼CVE Numbering Authority (CNA)

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the probe requests originated from user's phone contains the information elements which specifies the supported wifi features. This shall impact the user's privacy if someone sniffs the probe requests originated by this DUT. Hence, control the presence of which information elements is supported.

Affected Products
Vendor
Qualcomm Technologies, Inc.Qualcomm, Inc.
Product
Snapdragon Mobile, Snapdragon Wear
Versions
Affected
  • MDM9206, MDM9607, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016
Problem Types
TypeCWE IDDescription
textN/AInformation Exposure in WLAN
Type: text
CWE ID: N/A
Description: Information Exposure in WLAN
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://source.android.com/security/bulletin/2018-04-01
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103671
vdb-entry
x_refsource_BID
Hyperlink: https://source.android.com/security/bulletin/2018-04-01
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/103671
Resource:
vdb-entry
x_refsource_BID
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://source.android.com/security/bulletin/2018-04-01
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/103671
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: https://source.android.com/security/bulletin/2018-04-01
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/103671
Resource:
vdb-entry
x_refsource_BID
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:product-security@qualcomm.com
Published At:11 Apr, 2018 | 15:29
Updated At:14 May, 2018 | 17:53

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, Snapdragon_High_Med_2016, the probe requests originated from user's phone contains the information elements which specifies the supported wifi features. This shall impact the user's privacy if someone sniffs the probe requests originated by this DUT. Hence, control the presence of which information elements is supported.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.07.5HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.0
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Qualcomm Technologies, Inc.
qualcomm
>>mdm9206_firmware>>-
cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9206>>-
cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9607_firmware>>-
cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9607>>-
cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6174a_firmware>>-
cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6174a>>-
cpe:2.3:h:qualcomm:qca6174a:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6574_firmware>>-
cpe:2.3:o:qualcomm:qca6574_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6574>>-
cpe:2.3:h:qualcomm:qca6574:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9640_firmware>>-
cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9640>>-
cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6574au_firmware>>-
cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6574au>>-
cpe:2.3:h:qualcomm:qca6574au:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9650_firmware>>-
cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>mdm9650>>-
cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6584_firmware>>-
cpe:2.3:o:qualcomm:qca6584_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6584>>-
cpe:2.3:h:qualcomm:qca6584:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6584au_firmware>>-
cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca6584au>>-
cpe:2.3:h:qualcomm:qca6584au:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_210_firmware>>-
cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_210>>-
cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_212_firmware>>-
cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_212>>-
cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_205_firmware>>-
cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_205>>-
cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9377_firmware>>-
cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9377>>-
cpe:2.3:h:qualcomm:qca9377:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_410_firmware>>-
cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_410>>-
cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_412_firmware>>-
cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_412>>-
cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_425_firmware>>-
cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_425>>-
cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_430_firmware>>-
cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_430>>-
cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_450_firmware>>-
cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_450>>-
cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_615_firmware>>-
cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_615>>-
cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_616_firmware>>-
cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_616>>-
cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_415_firmware>>-
cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_415>>-
cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9379_firmware>>-
cpe:2.3:o:qualcomm:qca9379_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>qca9379>>-
cpe:2.3:h:qualcomm:qca9379:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_625_firmware>>-
cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_625>>-
cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_650_firmware>>-
cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_650>>-
cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_652_firmware>>-
cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*
Qualcomm Technologies, Inc.
qualcomm
>>sd_652>>-
cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-200Primarynvd@nist.gov
CWE ID: CWE-200
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://www.securityfocus.com/bid/103671product-security@qualcomm.com
Third Party Advisory
VDB Entry
https://source.android.com/security/bulletin/2018-04-01product-security@qualcomm.com
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/103671
Source: product-security@qualcomm.com
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://source.android.com/security/bulletin/2018-04-01
Source: product-security@qualcomm.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

2864Records found
CVE-2020-11226
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.91%
||
7 Day CHG~0.00%
Published-17 Mar, 2021 | 06:00
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound memory read in Data modem while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfe3100qfe2080fc_firmwareqca9377_firmwareqfs2580qpm5679_firmwaremdm9640_firmwaresm6250p_firmwarepmd9607_firmwareqfe4455fc_firmwareqca8337qfs2530qpm8870_firmwareqln1030pm6125qat5522_firmwaremdm9645wcn3950_firmwarepm8150aqdm5670qca6595au_firmwareqpm5541_firmwarepm7150lqcc1110_firmwarepm8998_firmwareqpa8821sd_455_firmwarewtr5975_firmwareqcs6125_firmwarepm456_firmwareqpa5580_firmwaremsm8108sa415mwcn3998wcd9371_firmwaremsm8108_firmwarewcn3950sm4125sd720gmdm9206_firmwareqsw8573_firmwarewcn3660bsd450_firmwareqfe4320qsw8574_firmwaresd460_firmwaremdm9230_firmwaresmb2351_firmwarepm8953_firmwareqpa4360_firmwarewcn3998_firmwareqfe2520_firmwareapq8009w_firmwarepm855papq8053_firmwareqca6420pm6150awtr4605_firmwareqca9367_firmwaremdm8207pm660_firmwarepm8150bsa8155_firmwareqca4004_firmwareqfe2101qca6430qat3522qfe4455fcpmr735awcd9306_firmwarewcd9340sd765gsdr660qfe1045_firmwareqfe3345msm8209_firmwaresdr865mdm9250_firmwareqdm5620_firmwaresmb1358qca6696_firmwareqln5020wcd9371sd870_firmwarepmm855au_firmwaresd_8cxwtr3950qfe3340qdm5621qtc800sqca4004qat3514_firmwaremdm9330_firmwaresd660sd865_5g_firmwaresd712pm640p_firmwaresd660_firmwarewcn6750_firmwareqat5516_firmwarepm6150lsd450pm855l_firmwareqtc410swcn3991qfe3335_firmwareqpa8801sdm429wpm8150l_firmwareqat5533_firmwaresdx55m_firmwareqpa8673_firmwarepm6150smb1354_firmwaremsm8976_firmwareqca6574sd632_firmwaresd670_firmwareqpa8842sdr052_firmwarepmm8996auwcd9380qualcomm215qln4640qcs410qpm5579_firmwaresmb1380_firmwareqfe4309_firmwaresmb1381pm855p_firmwareqfe3100_firmwarepm7250qca9379_firmwarewtr4905qpa8803sdx24_firmwaresd439_firmwarepmd9645qdm2301wcd9340_firmwarewsa8815wcn6850qfe2101_firmwareqca6584_firmwareqdm2301_firmwaremsm8937_firmwareqdm5621_firmwareqpm6375sd_8c_firmwaresd835wcn3980_firmwaresd730qfe3320_firmwarepm660l_firmwarepm6250_firmwarepm8008qtm525_firmwarepme605_firmwarepme605sd678_firmwareqpm5621_firmwareqln1021aq_firmwareqcs603rsw8577qpa6560_firmwareqpa8802_firmwareqln4640_firmwareqfe4308_firmwareqpm5621qpm6582sd670pm8009_firmwareapq8009wqfe4303qfs2580_firmwareqcm4290_firmwarepm8150lpmi8998_firmwareqcs610_firmwareapq8084_firmwaresdr105pm660a_firmwarepm215pm4250qpm5577mdm8207_firmwaresdm630_firmwarewtr2965mdm9205_firmwareqca6391_firmwaresa2150ppmx20_firmwaresd820_firmwarepm8150pmi8937_firmwarewcd9370_firmwareqat3516_firmwaresdx55apq8053qat3555_firmwarepmi8994qpa8803_firmwarewcn3660qca9379pm855bsmb2351qln1031pm8909mdm9150_firmwareqfe1040pm660qet6110_firmwareqpm6325pm6125_firmwareqbt1500qfe1040_firmwarecsrb31024mdm9628_firmwareqfe2340_firmwaremdm9650sd_636pmx24_firmwareqbt1500_firmwarepmk8001qcs4290pmm855aumdm9250qca6420_firmwarepmd9635_firmwareapq8009_firmwarepm7150asd675_firmwareqpa4361_firmwareqca6426wcn3990_firmwareqca9377qpa5373_firmwaresdw2500_firmwarewcd9385_firmwareqdm5650_firmwareqpa4340_firmwaresdxr2_5g_firmwarewcd9326_firmwarewcn3615_firmwarewhs9410rgr7640au_firmwarewtr2955pm7250_firmwaresdr845_firmwareqdm5620qln1021aqsmb1380pmk8002_firmwareqsw6310_firmwaresa8155qca6584qln1031_firmwaresdx55_firmwareqat5533wcn3615sm7250p_firmwarewcn3610_firmwarepm8940mdm9207qsm7250_firmwarepm7150l_firmwarewcd9306qca6584aumsm8208qat5515_firmwarepm855qpm8830_firmwaresd429pm8250qca9367qfe2082fc_firmwaresdm630mdm9607_firmwaremdm9655_firmwaremsm8976sgqfs2530_firmwarepmx55sa415m_firmwarewcn3988_firmwaresd205sd429_firmwarepm8150c_firmwareqca6421qdm3301qpa8842_firmwareqat3519_firmwarepm8953qat5515qca6694qpm5677qat3514wcd9326wcd9335pm8004_firmwaresdr8150_firmwareqcs4290_firmwarepm439qtc800h_firmwareqca6390wcd9375aqt1000msm8976sm6250_firmwareqln4642msm8917_firmwareqpm5677_firmwaresdx20_firmwarewsa8815_firmwarewtr3925_firmwarepmi8937pm8998sdw3100smr525_firmwareqpm8820_firmwareqfe4301_firmwareapq8017qln1020_firmwaremdm9630_firmwareqcm6125_firmwarepmx55_firmwarewtr2955_firmwareqbt1000_firmwareqfe4373fc_firmwaresd865_5gqca6595pm8150_firmwareqpm8830pmm8996au_firmwareqat5522pm8150csd665_firmwareqpa4360sc8180xqpa4361mdm9206qpm5577_firmwareqdm5679_firmwaresmr525qca6310_firmwareqfe4305_firmwarepm6150l_firmwarepmr525pm8150a_firmwareqca6574_firmwarewtr3950_firmwareqln1036aq_firmwaresd665pm6150a_firmwarepm6150_firmwaresd765pmx20pmd9607qca6574a_firmwareqat3555sd850_firmwareapq8009qfe2082fcwtr2965_firmwarepm670_firmwarecsrb31024_firmwareqln1036aqqtc801spmi8940_firmwaresc8180x_firmwareqfe3320sd710mdm9607mdm9645_firmwarepm8008_firmwareqln1035bd_firmwarepmr735a_firmwarepmw3100pmx50qfe3345_firmwaresdr8250sd768gqln1030_firmwarepmw3100_firmwarepm8004pm640lmsm8940pmk8002apq8096au_firmwaresdw2500sd845smb1357pmd9655au_firmwareqca617_firmwareqcs410_firmwaremdm9330qpa5580qpm5579qfe2550qcs610pmi8996qfe1045qdm2307qca6431_firmwareqpa8802wcd9360_firmwareqpm6585_firmwareqat3519qbt2000_firmwarepm855a_firmwareqtc800hsdr8250_firmwareqcs2290qca6335msm8917qln1020qcs605_firmwaresd_675_firmwarewtr3905qdm5671pmc1000hqpm4650_firmwareqat3518sd632sdr425_firmwaresmr526_firmwaremdm9628pm640a_firmwareqpa5460wgr7640_firmwareqdm2305_firmwareqpm5670_firmwaresd710_firmwareqca4020qdm5652qca6574au_firmwaremdm9630qpm8870wcd9375_firmwareqpm5679qbt2000msm8909wwcd9360pmx50_firmwareqpa8675_firmwarewhs9410_firmwareqpa5460_firmwarepm8940_firmwareqdm3301_firmwarepm8996qsm7250qcs6125sd662_firmwareqcc1110smb1360qualcomm215_firmwareqfe3440fcqdm2308_firmwarersw8577_firmwarepm439_firmwareqca4020_firmwareqca6436wcn6851qcs603_firmwareqpa6560msm8937sdr675_firmwarewcn3660_firmwarewcd9341pmi8952mdm9655pm8937_firmwareqca6431qet4100_firmwareqfe4320_firmwarewcn3910_firmwaremdm9207_firmwaresd855_firmwareqdm5650wcn3988wtr3925qfe2080fcsdr052smb1390sdw3100_firmwaremsm8208_firmwareqet4100wcn3610msm8608mdm9640qpa8686_firmwareqpm6585qca8337_firmwaresda429w_firmwarewcd9380_firmwaresmb1355qln4650qtc800t_firmwarewcd9330msm8996au_firmwarewgr7640csr6030qet5100qdm5671_firmwareqpa8801_firmwareqca6564auqtm527_firmwarepm8005_firmwaremsm8940_firmwareqet4101_firmwarepm7250bqln4642_firmwarepmk8001_firmwaresmb1355_firmwarepm7250b_firmwarepmd9655_firmwaresmb1351_firmwaremdm9230pm8996_firmwareqet4200aq_firmwaresdx50m_firmwaresmb1395smb358spm660lsmb358s_firmwarear8151smr526wtr5975qca6430_firmwarewcd9335_firmwareqtc801s_firmwarewcn3980qat3522_firmwareqca6335_firmwareqsw8573qcs605qbt1000wcn3910qca6320mdm9650_firmwareqca6426_firmwarewcn3660b_firmwarewcn3680qfe4309pm8009qpa8675sdr051_firmwarewcd9330_firmwaresdx55mqca6421_firmwarewtr3905_firmwareqfe4373fcmsm8953qat3518_firmwarepmi8998qfe2520qsw8574sd821_firmwarewcn3680_firmwareqca617pm855lwcn6851_firmwareqdm5670_firmwarepmd9635pm7150a_firmwarepm8150b_firmwareqfe4302sd_636_firmwarepmc1000h_firmwareqca6564a_firmwareqdm2310_firmwareqca6694au_firmwarepm4250_firmwaremsm8976sg_firmwaresdr105_firmwarepmd9645_firmwaresd870pm670sd210_firmwareqdm5677pm8005pm855_firmwareqdm2302sdxr1pm855b_firmwareapq8096auqca6595_firmwareqpm6582_firmwareqpm6375_firmwarepm640l_firmwarepmi8996_firmwareqln4650_firmwareqet5100msa8155psd675wtr4605sd439qet4101pm8952qat3516pm670lqpm5658ar8035_firmwareqcm2290qpm5658_firmwarewcn3991_firmwareqdm5652_firmwareqfe4465fcsd678sdr051qln5030qcs2290_firmwarepm4125pmi632qpa2625_firmwarepm456qfe2081fc_firmwaresmb1360_firmwareqet5100_firmwareqpa5373pm670l_firmwaresdr660gqfe2340sd765g_firmwareqpa8686smb1358_firmwareqca6390_firmwaresd730_firmwarewcd9370sdr425pmr525_firmwareqca6584au_firmwareqfe3340_firmwarear8151_firmwarepmi632_firmwaresd_8cx_firmwareqpm5541qat5516smb358_firmwaresd662qpa8821_firmwareqfe4308sdr660g_firmwareapq8037pm3003aqca6320_firmwarewcn3680b_firmwareqca6595auqca6436_firmwareqtc800tsmb1354qca6564au_firmwareqdm2305qca6310qpm8820pm8937qpm2630qfe2081fcqln5020_firmwaresa515m_firmwaresdxr2_5gapq8084sd821sdr675sm6250sd712_firmwareapq8017_firmwarewsa8810_firmwaresmb231sd765_firmwareqdm5677_firmwareqet4200aqqca6174a_firmwarewcd9385qpm6325_firmwareqdm2302_firmwareqat3550_firmwareqln5040_firmwarepm4125_firmwarear8035qpa8673qca6694_firmwareqdm2310qfe2550_firmwaremsm8953_firmwareqln5030_firmwareqca6694aupm8952_firmwaresda429wsd210wcn3620_firmwareqfe4302_firmwaresd820wcn6850_firmwarewcn3620smb358csr6030_firmwareqca6564apmx24qet6110pmi8952_firmwareqcm2290_firmwareqln5040qpm8895sdr845qpm5670wcn3990sd_675qtm527qfe3440fc_firmwaresdx24pmi8994_firmwareqdm2307_firmwaremsm8909w_firmwaremsm8996ausdm429w_firmwareqfe1035pmi8940sm6250prgr7640auqln1035bdpm855asdr660_firmwarepm8909_firmwareqca6574apm8916_firmwaresmb1390_firmwareqca6174aqfe4303_firmwarewcn6750pm8956_firmwareqet5100m_firmwareqpm4650mdm9205qtm525sa515msa2150p_firmwarewtr6955qfe3335sd855sm4125_firmwareqfe4305wtr6955_firmwarepm640psd768g_firmwaresdr865_firmwaremsm8209qfe4465fc_firmwarepm8250_firmwaresd460qca6391sdxr1_firmwaresmb1351smb1357_firmwareaqt1000_firmwarepm215_firmwaremsm8920qpm8895_firmwarepm660aqpa4340qfe1035_firmwareqcm4290sdx50mpm640asdr8150sdx20pm8916pmd9655aumsm8920_firmwaresmb1395_firmwaresd_455pmd9655qca6574ausa8155p_firmwaresd205_firmwareqsw6310wcd9341_firmwareqcm6125wsa8810qtc410s_firmwareqpm2630_firmwaresmb231_firmwareqdm2308wtr4905_firmwareqat3550mdm9150qdm5679sd_8cwcn3680bsd835_firmwarepm3003a_firmwareqca6696qfe4301qtc800s_firmwaresmb1381_firmwaresd845_firmwaremsm8608_firmwareqpa2625apq8037_firmwaresm7250psd720g_firmwarepm8956sd850pm6250Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-129
Improper Validation of Array Index
CWE ID-CWE-125
Out-of-bounds Read
CVE-2005-3189
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-6.63% / 90.82%
||
7 Day CHG~0.00%
Published-18 Nov, 2005 | 02:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Qualcomm WorldMail IMAP Server allows remote attackers to read arbitrary email messages via ".." sequences in the SELECT command.

Action-Not Available
Vendor-n/aQualcomm Technologies, Inc.
Product-worldmail_imap_servern/a
CVE-2020-11115
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.91%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Buffer over read occurs while processing information element from beacon due to lack of check of data received from beacon' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QM215, Rennell, SA415M, Saipan, SC8180X, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM632, SDM660, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwarekamorta_firmwareqcm2150_firmwaremdm9640_firmwaresdm429wmsm8996au_firmwaresdm632_firmwaresdm845sdm450_firmwaresdm632sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaremsm8996ausdm429w_firmwaresm7150apq8009_firmwaremsm8917sxr2130qcs605_firmwaresc8180xmdm9206qca9379_firmwareqca6174asda845_firmwareqca9377sa415mbitraapq8098qcn7605mdm9206_firmwareqcs605bitra_firmwaremsm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwareqca6574au_firmwaresdx55_firmwaremsm8909wapq8009apq8053_firmwaresda845msm8920msm8953sdm450sdm845_firmwareapq8098_firmwaresdx20msm8998_firmwareqcm2150msm8920_firmwaresdm660mdm9607_firmwaresm8250_firmwaresc8180x_firmwaresa415m_firmwareqcs405qca6574auqm215mdm9607qcn7605_firmwaremsm8937mdm9207c_firmwaremsm8905mdm9207cqca6174a_firmwaresm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwareqcs405_firmwarerennellrennell_firmwareqm215_firmwaresdx55msm8953_firmwaremsm8940saipan_firmwaresm6150_firmwareapq8053msm8917_firmwareapq8096au_firmwaremsm8998sm8150sdx20_firmwaresm8250kamortasaipanqca9379sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-125
Out-of-bounds Read
CVE-2020-11118
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.91%
||
7 Day CHG~0.00%
Published-08 Sep, 2020 | 09:31
Updated-04 Aug, 2024 | 11:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

u'Information exposure issues while processing IE header due to improper check of beacon IE frame' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bitra, Kamorta, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8998, Nicobar, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCM2150, QCN7605, QCS405, QCS605, QCS610, QM215, Rennell, Saipan, SC8180X, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaremdm9150_firmwarekamorta_firmwareqcm2150_firmwaremdm9640_firmwareqcs610sdm429wsdm632_firmwaresdm845sdm450_firmwaresdm632sdm439mdm9650sdm429msm8940_firmwaresm7150_firmwaresm6150msm8909w_firmwaresdm429w_firmwaresm7150apq8009_firmwaremsm8917sdm670sxr2130qcs605_firmwaresc8180xmdm9206qca9379_firmwareqca6174asdm670_firmwaresdm636qca9377bitraapq8098qcn7605mdm9206_firmwareqcs605bitra_firmwaremsm8937_firmwaremdm9650_firmwaresdm429_firmwaremsm8905_firmwareqca6574au_firmwaresdx55_firmwaresxr1130_firmwaresxr1130msm8909wapq8009apq8053_firmwarenicobarmsm8920msm8953sdm450sdm636_firmwaresdm845_firmwareapq8098_firmwaresdx20msm8998_firmwareqcm2150msm8920_firmwaresdm630mdm9607_firmwaresm8250_firmwaresdm660sc8180x_firmwareqcs405qca6574ausdm710qm215mdm9607apq8017_firmwaresdm710_firmwareqcn7605_firmwareqcs610_firmwaremdm9150msm8937mdm9207c_firmwaremsm8905mdm9207cqca6174a_firmwaresm8150_firmwaresxr2130_firmwareapq8096ausdm439_firmwareqcs405_firmwarerennellsdm630_firmwarerennell_firmwareqm215_firmwaresdx55msm8953_firmwaremsm8940saipan_firmwaresm6150_firmwareapq8053msm8917_firmwareapq8096au_firmwaremsm8998sm8150sdx20_firmwaresm8250kamortaapq8017saipannicobar_firmwareqca9379sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-20
Improper Input Validation
CVE-2020-11287
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.27% / 49.95%
||
7 Day CHG~0.00%
Published-22 Feb, 2021 | 06:26
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Allowing RTT frames to be linked with non randomized MAC address by comparing the sequence numbers can lead to information disclosure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qpm5579qfs2580qcs610qcn5550qca8337qdm2307qfs2530qpa8802qln1030qpa8688pm6125qat3519qcn5124pm8150asc8180x\+sdx55ipq8078aqdm5670qtc800hqcs2290sa6155qca6335pm7150lqpa8821qcn5064qln1020qdm5671pmc1000hqat3518sa415mwcn3998wcn3950sm4125sd720gipq8076aqpa5460qca6428qdm5652ipq8071qpm8870qpm5679qbt2000pm855pqca6420wcd9360pm6150asdr735gwcn3999pm8150bqsm7250qcs6125ipq6010qcs405qca6430qat3522pmr735awcd9340sd765gsdr660qca6436wcn6851sa6155pqpa6560sdr865wcd9341qca6431qln5020wcd9371sd750gqca1062sd_8cxsa8150pqpm5657pm6350qdm5621qtc800ssd660qdm5650wcn3988qca6438wtr3925sdr052smb1390pm6150lqet4100qpm6585qtc410swcn3991smb1355ipq8072aqln4650qpa8801wgr7640qet5100ipq8078qca6564auipq8173qcn5164pm6150qca6574pm7250bqpa8842wcd9380qln4640qcs410smb1381qcn5024sdr735pm7250smb1395pm660lqpa8803smr526wtr5975wcn3980pmk8003qdm2301qsw8573qcs605wsa8815wcn6850sd7cwcn3910qpm6375qca9984ipq6028pmp8074pm8009qpa8675sd730sdx55mpm8008qsw8574pmi8998qcn5054pm855lrsw8577ipq8070qpm5621qpm6582sd670pm670pm8150lqdm5677pm8005sa6145pipq6018pm4250qdm2302pmm6155ausdxr1ar8031qpm5577wtr2965pm8150qca4024sdx55sa8155pcsra6640sd675qet4101qat3516pm670lqpm5658pm855bsmb2351qln1031qcn7606qcm2290wsa8830sdr051pm660qln5030qpm6325pm4125qbt1500qpa5581pmi632pm456csrb31024sd_636csra6620qcs4290qet6100pmm855ausdr660gqpa8686sd690_5gsmb1396pm7150aipq6000wcd9370ipq8072sdr425qca6426whs9410qcn7605qpm5541qat5516qdm5620qln1021aqipq8074asmb1380sd662qca1064pm3003asa8155qat5533qca6595ausmb1354qca6584auqdm2305qca6310qpm8820qpm2630ipq8174pm855sdxr2_5gpm8250qcn5052sdm630pmx55qcn9074sdr675qca6421sm6250qdm3301sa8195pqpm5677qat5515qat3514wcd9326wcd9335qet4200aqqca8081ipq8071awcd9385qpm5620pmm8155auqca6390wcd9375ar8035aqt1000csr8811qpa8673qdm2310pmm8195auqln4642pm8998qca6564apmx24qet6110qln5040qca8072qpm8895sdr845qpm5670wcn3990qcn9000sd_675qtm527sd865_5gqca6595qpm8830qat5522wsa8835pm8150cpmr735bsm6250pqpa4360pm855aqpa4361qca6574aqca9889smr525ipq8074pmr525qpm4650qtm525sa515mwtr6955sd855sd665ipq8076qca6175asd765pm640pqcn5152qat3555sd460qca6391smb1351pm660aqpa4340qcm4290sdx50mpm640asdr8150qln1036aqqtc801ssd_455pmd9655qca6574ausd710qcn5122qsw6310qcm6125wsa8810qdm2308qat3550pmx50qdm5679sd_8cqcn5022sdr8250sd768gqca6696sm4350pm8004pm640lpmk8002qca8075qpa2625sa6150psd845ipq8070asm7250psdm830pm6250qpa5580Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-203
Observable Discrepancy
CVE-2014-10043
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.47%
||
7 Day CHG~0.00%
Published-18 Apr, 2018 | 14:00
Updated-17 Sep, 2024 | 03:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SD 800, while reading PlayReady rights string information from command buffer (which is sent from non-secure side), if length of rights string is very large, a buffer over read occurs, exposing TZ App memory to non-secure side.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_212_firmwaresd_800_firmwaresd_412sd_412_firmwaresd_400sd_210msm8909w_firmwaresd_410_firmwaresd_205sd_800sd_210_firmwaresd_410msm8909wsd_400_firmwaresd_205_firmwaresd_212Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2000-0874
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.51% / 65.45%
||
7 Day CHG~0.00%
Published-07 May, 2001 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eudora mail client includes the absolute path of the sender's host within a virtual card (VCF).

Action-Not Available
Vendor-n/aQualcomm Technologies, Inc.
Product-eudoran/a
CVE-2020-11303
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-8.6||HIGH
EPSS-0.24% / 46.91%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 06:31
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Accepting AMSDU frames with mismatched destination and source address can lead to information disclosure in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaremdm9640_firmwaresa6150p_firmwaresa8145p_firmwareqca1023mdm9628_firmwarewcd9360_firmwaremdm9650csra6620qca9378amdm9645msm8992_firmwaremdm9250sa8150p_firmwareqca6595au_firmwaresa6155apq8009_firmwareqca6174_firmwaremdm8215csra6620_firmwaremdm9310_firmwareapq8076csra6640_firmwareqca0000_firmwareqca6564qca6584au_firmwareapq8076_firmwarewcn3990_firmwareqca9369qca9377wcn3998wcd9326_firmwaremdm9628wcn3615_firmwaremdm9206_firmwarewcn3660bapq8094qca4020sa8155qca6320_firmwareqca6584qca6574au_firmwaresdx55_firmwarewcn3680b_firmwareqca6595ausa6155_firmwaresdx12_firmwarewcn3615wcn3998_firmwarewcn3999_firmwarewcn3610_firmwarewcd9360apq8053_firmwaresdx20mqca6564au_firmwareqca6584ausa6155p_firmwareqca6310qca9367_firmwarewcn3999sa515m_firmwareqca9367qca0000apq8092sa8155_firmwaresd821mdm9607_firmwaremdm9655_firmwaremsm8994_firmwareqcs405sa6145p_firmwaremsm8992wcd9340sa8195pwsa8810_firmwareqca1990_firmwareqca4020_firmwarewcd9326wcd9335sa6155pqca6174a_firmwaremdm9250_firmwarewcd9341mdm9655qca6696_firmwaremdm8215_firmwareapq8064aumsm8976sa8150pmsm8994sd210apq8092_firmwaresd820sdx20_firmwarewsa8815_firmwaresa8195p_firmwarecsr6030_firmwareqca6564awcn3610mdm9640wcn3990wcd9330msm8996au_firmwarecsr6030qca6595qca6564ausdx24msm8976_firmwareqca6574msm8996auqca9369_firmwareqca6574amdm9206qca9379_firmwareqca6174asdx24_firmwareqca6310_firmwareapq8094_firmwareqca6174wcd9335_firmwarewcn3980mdm9615sa515mqca6574_firmwareqca9886wcd9340_firmwarewsa8815qca6320qca6584_firmwaremdm9650_firmwareqca6175amdm9215_firmwarewcn3660b_firmwareqca6574a_firmwareqca1990wcn3980_firmwareapq8009wcd9330_firmwaremdm9310sd821_firmwaremdm9626apq8064au_firmwarear8031_firmwareqca6234sdx20mdm9215mdm9626_firmwareqca6574ausa8155p_firmwaremdm9607mdm9645_firmwareqca6564a_firmwarewcd9341_firmwaresdx20m_firmwarewsa8810sd210_firmwaresa6145pwcn3680bqca9886_firmwareqca6564_firmwareapq8096auar8031qca1023_firmwareqca6595_firmwareqcs405_firmwaresa8145pqca6696sd820_firmwaresd845_firmwaresa6150psdx55apq8053apq8096au_firmwarecsra6640sa8155psd845mdm9615_firmwareqca9378a_firmwaresdx12qca9379qca6175a_firmwareqca6234_firmwareSnapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2018-5897
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.17%
||
7 Day CHG~0.00%
Published-06 Jul, 2018 | 17:00
Updated-16 Sep, 2024 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While reading the data from buffer in dci_process_ctrl_status() there can be buffer over-read problem if the len is not checked correctly in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-1970
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.15%
||
7 Day CHG~0.00%
Published-13 Jul, 2021 | 05:31
Updated-03 Aug, 2024 | 16:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible out of bound read due to lack of length check of FT sub-elements in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwarewsa8830sd678sa6150p_firmwaresm6250p_firmwaresa8145p_firmwareqcs610qcs2290_firmwareqca8337csrb31024sd_636csra6620qcs4290wcn3950_firmwaresa8150p_firmwaresd765g_firmwareqca6420_firmwareqca6595au_firmwareqcs2290qca6390_firmwaresa6155qca6335sd690_5gsd730_firmwarewcd9370csra6620_firmwaresd_675_firmwaresd675_firmwarecsra6640_firmwareqca6564qcs6125_firmwareqca6426qca6584au_firmwarewcn3990_firmwaresa415mwcn3998sd_8cx_firmwarewcd9371_firmwaresdxr2_5g_firmwarewcd9385_firmwaresm4125sd720gwcd9326_firmwarewcn3615_firmwarewcn3950sd662sd710_firmwaresd460_firmwaresa8155qca6320_firmwaresm7315_firmwareqca6574au_firmwaresdx55_firmwarewcn3680b_firmwareqca6595ausa6155_firmwarewcd9375_firmwarewcn3615sm7250p_firmwarewcn3998_firmwarewcn3999_firmwareqca6420apq8053_firmwareqca6436_firmwareqca6564au_firmwareqca6584ausa6155p_firmwareqca6310sd778gwcn3999sa515m_firmwaresdxr2_5gqcs6125sa8155_firmwaresd662_firmwaresdm630sa415m_firmwareqcs405qca6430wcn3988_firmwaresa6145p_firmwaresm6250sd778g_firmwarewcd9340sa8195pwsa8810_firmwaresd765gsd765_firmwareqca6436wcd9326wcd9335sa6155pwcn6851qcs4290_firmwarewcd9385wcd9341qca6696_firmwarewcd9371sd750gsd870_firmwarear8035qca6390sd_8cxaqt1000sa8150psd750g_firmwaresm6250_firmwarewcd9375msm8953_firmwarewcn3910_firmwarewsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwarewcn3988sd888_5g_firmwarewcn6850_firmwaresd660_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwareqca6564awcn6750_firmwareqcm6125_firmwareqcm2290_firmwarewcn3991qca8337_firmwarewcd9380_firmwarewcn3990sd_675sd780gsd865_5gqca6595qca6564ausdx55m_firmwarewcn6856_firmwaresd888sd670_firmwareqca6574wsa8835sd665_firmwarewcd9380sd888_5gsm6250pqca6574asd690_5g_firmwaresdx50m_firmwarewcn6855_firmwaresm7325pqca6310_firmwareqca6430_firmwarewcd9335_firmwarewcn3980wcn6750qca6335_firmwaresa515mqca6574_firmwarewcd9340_firmwaresd855sm4125_firmwaresm7325p_firmwaresd665wcn3910qca6320wcn6850wsa8815qca6175asd_8c_firmwareqca6426_firmwaresd765qca6574a_firmwaresd768g_firmwaresd835wcn3980_firmwaresm7315sd460qca6391sd730sdx55msdxr1_firmwareaqt1000_firmwarewcn6740_firmwaremsm8953sd678_firmwarear8031_firmwarecsrb31024_firmwareqcm4290sdx50msd480_firmwarewcn6851_firmwareqca6574ausa8155p_firmwaresd710sd_636_firmwaresd670qca6564a_firmwarewcd9341_firmwareqcm6125qcm4290_firmwaresd480sd870wcn6855wsa8810qcs610_firmwarewcn6856sd_8csa6145pwcn3680bsd835_firmwareqca6564_firmwaresdxr1sd768gar8031qca6595_firmwareqcs405_firmwaresa8145pwcn6740qca6696sdm630_firmwareqca6391_firmwaresd845_firmwaresd780g_firmwarewcd9370_firmwaresa6150psd888_firmwaresdx55apq8053sa8155pcsra6640sd675sd845sm7250psd720g_firmwareqca6175a_firmwarear8035_firmwareqcm2290Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
CVE-2017-15837
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 26.55%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 17:00
Updated-16 Sep, 2024 | 22:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a policy for the packet pattern attribute NL80211_PKTPAT_OFFSET is not defined which can lead to a buffer over-read in nla_get_u32().

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2004-1521
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.45% / 87.04%
||
7 Day CHG~0.00%
Published-19 Feb, 2005 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Eudora 6.2.0.14 does not issue a warning when a user forwards an e-mail message that contains base64 or quoted-printable encoded attachments, which makes it easier for remote attackers to read arbitrary files via spoofed "Converted" headers.

Action-Not Available
Vendor-n/aQualcomm Technologies, Inc.
Product-eudoran/a
CVE-2018-3584
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.14% / 35.38%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 17:00
Updated-16 Sep, 2024 | 19:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, a Use After Free condition can occur in the function rmnet_usb_ctrl_init().

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-416
Use After Free
CVE-2003-0336
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.19% / 86.46%
||
7 Day CHG~0.00%
Published-23 May, 2003 | 04:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files via an email message with a carriage return (CR) character in a spoofed "Attachment Converted:" string, which is not properly handled by Eudora.

Action-Not Available
Vendor-n/aQualcomm Technologies, Inc.
Product-eudoran/a
CVE-2002-1210
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.38% / 58.85%
||
7 Day CHG~0.00%
Published-21 Nov, 2002 | 05:00
Updated-03 Apr, 2025 | 01:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local browser context.

Action-Not Available
Vendor-n/aQualcomm Technologies, Inc.
Product-eudoran/a
CVE-2020-3700
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.44% / 62.11%
||
7 Day CHG~0.00%
Published-30 Jul, 2020 | 11:40
Updated-04 Aug, 2024 | 07:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Possible out of bounds read due to a missing bounds check and could lead to local information disclosure in the wifi driver with no additional execution privileges needed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8053, APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9607, MSM8909W, MSM8996AU, QCA6574AU, QCA9531, QCA9558, QCA9980, SC8180X, SDM439, SDX55, SM8150, SM8250, SXR2130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9980_firmwaremsm8996au_firmwaresdm439mdm9607_firmwaresm8250_firmwaresc8180x_firmwareqca9531qca9558_firmwareipq8074_firmwareqca6574auqca9558msm8909w_firmwaremdm9607msm8996auqca9980sxr2130sc8180xipq4019_firmwaresm8150_firmwaresxr2130_firmwareipq8074apq8096ausdm439_firmwareipq4019sdx55apq8053apq8096au_firmwaresm8250sm8150qca9531_firmwareipq8064qca6574au_firmwaresdx55_firmwaremsm8909wapq8053_firmwareipq8064_firmwareSnapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-125
Out-of-bounds Read
CVE-2015-9140
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.19% / 41.60%
||
7 Day CHG~0.00%
Published-18 Apr, 2018 | 14:00
Updated-16 Sep, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 810, and SDX20, unauthorized memory access possible in online memory dump feature.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9635m_firmwarefsm9055mdm9640_firmwaresd_412sd_617_firmwaresd_808_firmwaresd_400sdx20sd_415sd_616mdm9607_firmwaresd_615mdm9655_firmwaremdm9650sd_650_firmwaresd_615_firmwaremsm8909w_firmwaremdm9607sd_210mdm9645mdm9645_firmwaresd_650mdm9625_firmwaresd_808fsm9055_firmwaresd_800sd_410sd_617sd_400_firmwaremdm9206sd_652sd_212_firmwaresd_800_firmwaremdm9655sd_412_firmwaremdm9635mmdm9625mdm9206_firmwaresd_810mdm9650_firmwaresdx20_firmwaresd_410_firmwaresd_600_firmwaresd_205sd_210_firmwaresd_600sd_415_firmwaresd_652_firmwaremsm8909wsd_810_firmwaresd_616_firmwaresd_205_firmwaresd_212mdm9640Snapdragon Mobile, Snapdragon Wear, Small Cell SoC
CWE ID-CWE-284
Improper Access Control
CVE-2019-2310
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.30% / 52.57%
||
7 Day CHG~0.00%
Published-12 Dec, 2019 | 08:30
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out of bound read would occur while trying to read action category and action ID without validating the action length of the Rx Frame body in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS605, SDA660, SDA845, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SM8150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaremdm9640_firmwaremsm8996au_firmwaresdm845sdm450_firmwaremdm9650msm8940_firmwaremsm8996auapq8009_firmwaremsm8917sdm670qcs605_firmwaremdm9206qca9379_firmwareqca6174asdm670_firmwaresdm636sda845_firmwareqca9377apq8098qcn7605mdm9206_firmwareqcs605mdm9640msm8937_firmwaremdm9650_firmwareqca6574au_firmwaresda660apq8009msm8909_firmwareapq8053_firmwaresda845msm8920msm8953sdm450sdm636_firmwareapq8098_firmwaresdx20msm8998_firmwaresdm660msm8920_firmwaresdm630mdm9607_firmwareqca6574ausdm710mdm9607apq8017_firmwaresdm710_firmwareqcn7605_firmwaremsm8937mdm9207c_firmwaremdm9207cqca6174a_firmwaresm8150_firmwaremsm8909apq8096ausdm630_firmwaresda660_firmwaremsm8940apq8053apq8096au_firmwaremsm8953_firmwaremsm8917_firmwaremsm8998sm8150sdx20_firmwareapq8017qca9379sdm660_firmwaresdm845_firmwareSnapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-125
Out-of-bounds Read
CVE-2019-2317
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.24% / 47.68%
||
7 Day CHG~0.00%
Published-05 Mar, 2020 | 08:56
Updated-04 Aug, 2024 | 18:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The secret key used to make the Initial Sequence Number in the TCP SYN packet could be brute forced and therefore can be predicted in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, Nicobar, QCM2150, QM215, SC8180X, SDM429, SDM439, SDM450, SDM632, SDX24, SDX55, SM6150, SM7150, SM8150

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-msm8920qcm2150_firmwaremsm8953sdm450sdm632_firmwaresdm450_firmwaresdm632qcm2150msm8920_firmwaresdm439sdx24sc8180x_firmwaresdm429msm8940_firmwaresm7150_firmwaresm6150qm215sm7150msm8917msm8937sc8180xmsm8905sm8150_firmwaremsm8909sdx24_firmwaresdm439_firmwareqm215_firmwaresdx55msm8940msm8953_firmwaresm6150_firmwaremsm8917_firmwaremsm8937_firmwaresdm429_firmwaresm8150msm8905_firmwaresdx55_firmwarenicobar_firmwaremsm8909_firmwarenicobarSnapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
CWE ID-CWE-330
Use of Insufficiently Random Values
CVE-2018-5886
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.69%
||
7 Day CHG~0.00%
Published-06 Jul, 2018 | 19:00
Updated-17 Sep, 2024 | 01:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A pointer in an ADSPRPC command is not properly validated in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android), which can lead to kernel memory being accessed.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-5829
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.24% / 47.22%
||
7 Day CHG~0.00%
Published-06 Jul, 2018 | 17:00
Updated-16 Sep, 2024 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In wlan_hdd_cfg80211_set_privacy_ibss() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05, a buffer over-read can potentially occur.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2018-3577
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.67%
||
7 Day CHG~0.00%
Published-06 Jul, 2018 | 17:00
Updated-16 Sep, 2024 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While processing fragments, when the fragment count becomes very large, an integer overflow leading to a buffer overflow can occur in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2018-13907
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.39% / 58.92%
||
7 Day CHG~0.00%
Published-14 Jun, 2019 | 17:02
Updated-05 Aug, 2024 | 09:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While deserializing any key blob during key operations, buffer overflow could occur, exposing partial key information if any key operations are invoked in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS405, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850mdm9150_firmwaresd_632mdm9635m_firmwaremdm9640_firmwaresd_820amsm8996au_firmwaresd_439sd_670_firmwaresd_429sdm439mdm9650sd_636sd_615_firmwaresnapdragon_high_med_2016_firmwaremsm8909w_firmwaremsm8996ausd_820sd_650sd_450_firmwaresd_845_firmwaresd_410sd_820a_firmwareqcs605_firmwaremdm9206sd_652sd_425_firmwaresd_625_firmwareipq8074sd_450mdm9635msd_8cx_firmwaresd_845mdm9206_firmwareqcs605sd_632_firmwaresd_835_firmwaremdm9650_firmwaresd_835sda660sxr1130_firmwaresd_210_firmwaresd_415_firmwaresd_652_firmwareqca8081_firmwaresxr1130msm8909wsd_616_firmwaresd_205_firmwaresd_415sd_212sd_650_firmwaresd_427_firmwaresd_712sd_855sd_412qualcomm_215sdx20sd_616sd_425sdm660sd_430_firmwaremdm9607_firmwaresd_435mdm9655_firmwaresd_615sd_710_firmwareqcs405sdm630sd_625ipq8074_firmwaresd_820_firmwaresd_210mdm9607sd_636_firmwaresd_439_firmwarepq4019qca8081qualcomm_215_firmwaremdm9150sd_429_firmwaresnapdragon_high_med_2016sd_212_firmwarepq4019_firmwaresd_850_firmwaremdm9655sdm439_firmwareqcs405_firmwaresd_712_firmwaresd_412_firmwaresd_855_firmwaresdm630_firmwaresda660_firmwaresd_8cxsd_430sd_427sd_670sd_435_firmwaresdx20_firmwaresd_710sd_410_firmwaresd_205sdm660_firmwaremdm9640Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2018-11935
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.18% / 40.14%
||
7 Day CHG~0.00%
Published-25 Feb, 2019 | 23:00
Updated-05 Aug, 2024 | 08:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation might result in incorrect app id returned to the caller Instead of returning failure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in versions MDM9607, MDM9650, MDM9655, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR1130.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_712sd_850sd_16sd_820asd_675msm8996au_firmwaresd_12sd_415sd_670_firmwaresdm660sdm630mdm9607_firmwaresd_615mdm9655_firmwaremdm9650sd_636sd_710_firmwaresd_615_firmwaresd_210mdm9607msm8996ausd_636_firmwaresd_820_firmwaresd_820sd_845_firmwaresd_410sd_820a_firmwareqcs605_firmwaresd_675_firmwaresd_212_firmwaresd_850_firmwaremdm9655sd_16_firmwaresd_712_firmwaresdm630_firmwaresd_8cx_firmwaresda660_firmwaresd_845sd_8cxqcs605sd_670sd_835_firmwaremdm9650_firmwaresd_710sd_410_firmwaresd_12_firmwaresd_205sd_835sda660sd_210_firmwaresd_415_firmwaresxr1130_firmwaresxr1130sd_205_firmwaresdm660_firmwaresd_212Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
CWE ID-CWE-20
Improper Input Validation
CVE-2017-9696
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 31.11%
||
7 Day CHG~0.00%
Published-16 Nov, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer over-read is possible in camera driver function msm_isp_stop_stats_stream. Variable stream_cfg_cmd->num_streams is from userspace, and it is not checked against "MSM_ISP_STATS_MAX".

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2017-9712
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.60%
||
7 Day CHG~0.00%
Published-10 Jan, 2018 | 22:00
Updated-16 Sep, 2024 | 17:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, if userspace provides a too-large IE length in wlan_hdd_cfg80211_set_ie, a buffer over-read occurs.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-8279
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.09% / 26.53%
||
7 Day CHG~0.00%
Published-16 Nov, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, missing race condition protection while updating msg mask table can lead to buffer over-read. Also access to freed memory can happen while updating msg_mask information.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-362
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVE-2017-18128
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.29%
||
7 Day CHG~0.00%
Published-11 Apr, 2018 | 15:00
Updated-17 Sep, 2024 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile SD 845, SD 850, improper access control while configuring MPU protecting error correction registers may potentially lead to exposure of related secured data.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850_firmwaresd_845sd_850sd_845_firmwareSnapdragon Mobile
CVE-2017-18143
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.47%
||
7 Day CHG~0.00%
Published-11 Apr, 2018 | 15:00
Updated-17 Sep, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile SD 845, SD 850, on a secure device, PD dumps are collected when debugging is not enabled.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_850_firmwaresd_845sd_850sd_845_firmwareSnapdragon Mobile
CVE-2017-18073
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.47%
||
7 Day CHG~0.00%
Published-11 Apr, 2018 | 15:00
Updated-17 Sep, 2024 | 00:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, the HLOS can gain access to unauthorized memory.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-mdm9206sd_212_firmwaresd_820amdm9206_firmwaremdm9607_firmwaremdm9650sd_210mdm9607mdm9650_firmwaresd_820_firmwaresd_820sd_835_firmwaresd_835sd_205sd_210_firmwaresd_820a_firmwaresd_205_firmwaresd_212Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2017-15859
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.12% / 32.17%
||
7 Day CHG~0.00%
Published-30 Mar, 2018 | 21:00
Updated-17 Sep, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

While processing the QCA_NL80211_VENDOR_SUBCMD_SET_TXPOWER_SCALE_DECR_DB vendor command, in which attribute QCA_WLAN_VENDOR_ATTR_TXPOWER_SCALE_DECR_DB contains fewer than 1 byte, in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-08-11 a buffer overrun occurs.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-30302
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.52%
||
7 Day CHG~0.00%
Published-20 Oct, 2021 | 06:31
Updated-03 Aug, 2024 | 22:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authentication of EAP WAPI EAPOL frames from unauthenticated user can lead to information disclosure in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcn5024_firmwareqca2066wsa8830qcn9070ipq4028_firmwareqca1062_firmwareqcn5550qca8337ar9380ipq8173_firmwareqca6431_firmwareqcn5124qca4024_firmwareqcn9072qca9992sc8180x\+sdx55ipq8078aipq5028_firmwareqca6420_firmwareipq8069_firmwareqca6390_firmwareqca2064_firmwareqca2062ipq6000qca6335qcn5064wcd9370ipq8072qcn5152_firmwareqca6426qcn9000_firmwareqca9984_firmwareipq5018wcn3998sd_8cx_firmwarewcd9385_firmwaresdxr2_5g_firmwareipq8076aqcn6024_firmwareqsm8350_firmwareipq8074aqca2065qcn5124_firmwareqsm8350qca1064qca6428qcn5164_firmwareqcn5122_firmwareipq8071sdx55_firmwarewcd9375_firmwareqca8081_firmwareqcn6023_firmwarewcn3998_firmwareqca6420qca6436_firmwareqca10901_firmwareqca6438_firmwareipq5010sd778gipq8070_firmwareqca6310ipq8078a_firmwareipq8174qca9990qcs6490ipq5028qrb5165_firmwareipq4029_firmwareipq8072_firmwareqcn5052sdxr2_5gipq6010sc8280xp_firmwareqca6430qcn9074qca6421sd778g_firmwarewcd9340wsa8810_firmwareqca6436wcn6851qca8081ipq8071aqcn6023ipq8071a_firmwarewcd9385qca9888_firmwareqcn6122wcd9341qca2066_firmwareqca6431qca2065_firmwareqcs6490_firmwaresd870_firmwareqca1062qcn5154_firmwarear8035csr8811qca6390aqt1000qca9898_firmwaresd_8cxsc8180x\+sdx55_firmwarewcd9375qcn9100_firmwarewsa8830_firmwareqca9992_firmwaresd865_5g_firmwareipq5010_firmwareipq8074a_firmwareqca6438qcm6490sd888_5g_firmwarewcn6850_firmwarewsa8815_firmwarewsa8835_firmwareqcn5121qcx315qca9898qcn5022_firmwarewcn6750_firmwareipq4028qca6428_firmwareipq5018_firmwareqca8072ipq4018_firmwareqca8337_firmwarewcd9380_firmwareqcn9000ipq8072aqca9980_firmwaresd780gipq8076a_firmwaresd865_5gar9380_firmwareipq8078sdx55m_firmwareipq8173wcn6856_firmwareqcn9012sd888qcn5164qcn6122_firmwareqcx315_firmwarewsa8835qca10901csr8811_firmwarewcd9380sd888_5gqcn5054_firmwareqcn5154qca8075_firmwareipq4018qcn5024ipq6005_firmwarewcn6855_firmwareqca9889ipq8074qca6310_firmwareqca8072_firmwareqca6430_firmwareqca9888qca9994_firmwareqcn5052_firmwareipq8070a_firmwareqcn9012_firmwaresm7325wcn6750qca6335_firmwareipq6018_firmwareipq8076_firmwarewcd9340_firmwarewsa8815wcn6850pmp8074_firmwareipq8076sd_8c_firmwareqca6426_firmwareqca9984ipq6028ipq8064ipq8069pmp8074qcn5021qcn5152qcn9024qcn5550_firmwareqca6391sdx55mipq8064_firmwareqca6421_firmwareipq6005aqt1000_firmwareqca2062_firmwarewcn6740_firmwareqcn9100qcn5064_firmwareqcm6490_firmwareipq8078_firmwareqcn5054qcn9070_firmwareqrb5165wcn6851_firmwareipq8070ipq6028_firmwareipq8072a_firmwareqca9994ipq8074_firmwareqca9889_firmwareqca9980qcn5122qcn9024_firmwareipq8174_firmwarewcd9341_firmwarewsa8810sd870qcn5121_firmwarewcn6855wcn6856sd_8cipq6018qcn5022ipq6010_firmwareqca1064_firmwarewcn6740qca6391_firmwareqca2064qca4024sd780g_firmwarewcd9370_firmwaresdx55sd888_firmwareqca8075qcn5021_firmwareqcn9022_firmwareqcn6024qcn9022sc8280xpqca9990_firmwareipq8070aqcn9072_firmwareipq6000_firmwareipq8071_firmwareqcn9074_firmwareipq4029ar8035_firmwaresm7325_firmwareSnapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-287
Improper Authentication
CVE-2017-15853
Matching Score-8
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-8
Assigner-Qualcomm, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 26.55%
||
7 Day CHG~0.00%
Published-03 Apr, 2018 | 17:00
Updated-17 Sep, 2024 | 00:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, while processing PTT commands, ptt_sock_send_msg_to_app() is invoked without validating the packet length. If the packet length is invalid, then a buffer over-read can occur.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-125
Out-of-bounds Read
CVE-2017-9681
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 30.46%
||
7 Day CHG~0.00%
Published-30 Mar, 2018 | 15:00
Updated-17 Sep, 2024 | 00:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before 2017-08-05 on Qualcomm MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel, if kernel memory address is passed from userspace through iris_vidioc_s_ext_ctrls ioctl, it will print kernel address data. A user could set it to an arbitrary kernel address, hence information disclosure (for kernel) could occur.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2023-21624
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 10.85%
||
7 Day CHG~0.00%
Published-04 Jul, 2023 | 04:46
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Exposure in DSP Services

Information disclosure in DSP Services while loading dynamic module.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qam8255p_firmwarewsa8830sa6150p_firmwaresa8145p_firmwaresnapdragon_7c\+_gen_3_firmwaresnapdragon_778g\+_firmwaresa8150p_firmwareqca6595au_firmwaresa6155snapdragon_x55_5gsnapdragon_wear_4100\+wcd9370snapdragon_835_firmwareqca6426wcn3990_firmwarewcd9385_firmwaresnapdragon_782g_firmwarewcn3660bsnapdragon_888\+_firmwaresa8155qca6320_firmwaresm7315_firmwareqca6574au_firmwaresnapdragon_x55_5g_firmwarewcn3680b_firmwareqca6595ausa6155_firmwarewcd9375_firmwaresnapdragon_865\+wcn3610_firmwareqca6436_firmwaresnapdragon_xr2_5gsnapdragon_w5\+_gen_1sa6155p_firmwareqca6310qcs8155qca6698aqsa8155_firmwaresnapdragon_778g_5g_firmwaresa6145p_firmwarefastconnect_6700_firmwaresa8195pwcd9340wsa8810_firmwaresw5100qca6436sa8255p_firmwaresa6155psnapdragon_865_firmwarewcd9335snapdragon_780g_firmwareqca6698aq_firmwarewcd9385sxr2130_firmwaresa8255pwcd9341qca6696_firmwareqca6797aqsnapdragon_xr2_5g_firmwarewcd9375sa8150psnapdragon_870wsa8830_firmwaresd865_5g_firmwaresnapdragon_778g_5gwsa8815_firmwarewsa8835_firmwaresnapdragon_870_firmwaresa8195p_firmwarefastconnect_6800_firmwaresnapdragon_865\+_firmwarewcn3610wcd9380_firmwarewcn3990sw5100psd865_5gfastconnect_6800snapdragon_778g\+snapdragon_865snapdragon_780gsd888wsa8835qca6574wcd9380snapdragon_7c\+_gen_3fastconnect_6700sxr2130qca6574asm7325psnapdragon_888_firmwareqca6310_firmwarewcd9335_firmwarewcn3980qca6574_firmwarewcd9340_firmwarewsa8815sm7325p_firmwareqca6320snapdragon_782gqca6426_firmwarewcn3660b_firmwareqca6574a_firmwaresd835wcn3980_firmwaresm7315qca6391snapdragon_w5\+_gen_1_firmwarewcn6740_firmwaresnapdragon_wear_4100\+_firmwarefastconnect_6900fastconnect_6900_firmwareqca6797aq_firmwareqca6574ausa8155p_firmwarewcd9341_firmwarewsa8810sw5100p_firmwaresa6145pwcn3680bsd835_firmwaresnapdragon_835snapdragon_888sa8145psnapdragon_888\+qca6696wcn6740qca6391_firmwarewcd9370_firmwaresa6150psd888_firmwaresa8155pqcs8155_firmwaresw5100_firmwareqam8255pSnapdragon
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-13218
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-4.7||MEDIUM
EPSS-0.01% / 2.06%
||
7 Day CHG~0.00%
Published-12 Jan, 2018 | 23:00
Updated-16 Sep, 2024 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Access to CNTVCT_EL0 in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear could be used for side channel attacks and this could lead to local information disclosure with no additional execution privileges needed in FSM9055, IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA4531, QCA9980, QCN5502, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-11079
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.16% / 37.88%
||
7 Day CHG~0.00%
Published-10 Jan, 2018 | 22:00
Updated-16 Sep, 2024 | 18:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing sparse image, uninitialized heap memory can potentially be flashed due to the lack of validation of sparse image block header size.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.Google LLC
Product-androidAndroid for MSM, Firefox OS for MSM, QRD Android
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2022-40523
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.04% / 10.94%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 07:38
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information exposure in Kernel

Information disclosure in Kernel due to indirect branch misprediction.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwareqam8255p_firmwaresnapdragon_850_mobile_compute_platform_firmwaresm7325-ae_firmwaresm6250p_firmwareqcs610sc8180x-ab_firmwareqca8337qca6431_firmwareqam8775pwcn3950_firmwaresa8150p_firmwaresm4450_firmwareqcs2290qca6595au_firmwaresa6155snapdragon_x70_modem-rf_systemqca6335sm8350sdm670csra6620_firmwaresd_675_firmwarecsra6640_firmwarewcn685x-1sm7350-ab_firmwaresm4375wcn3998sc8180xp-adwcd9371_firmwareqam8295pwcn3950qcn6024_firmwaresm4125sd_8_gen1_5g_firmwaresm6375_firmwaresm7150-acqsm8350_firmwareqsm8350sd460_firmwaresm7315_firmwaresm7325-aeqca6574au_firmwaresm4250-aawcd9375_firmwarewcn3998_firmwareqca8081_firmwaresa6155_firmwaresm6225-adqca6420snapdragon_xr2\+_gen_1_platformsc8180xp-afsmart_audio_400_platform_firmwarewcn3999sm6225-ad_firmwareqrb5165m_firmwareqrb5165_firmwareqca6698aqsc8180xp-aa_firmwaresa8155_firmwarerobotics_rb3_platform_firmwareqca4004_firmwaresd662_firmwaresm7250-ab_firmwareqca6430robotics_rb3_platformwcd9306_firmwarewcd9340qca6436sa6155pqca6698aq_firmwarewcn685x-1_firmwaresm8150_firmwarewcd9341qam8775p_firmwaresa8255pqca6431qca6696_firmwaresc8180xp-ab_firmwarewcd9371sc8180x-abqca6797aqwcn3910_firmwaresm4350_firmwaresd_8cxsa8150pqca4004sm8250-ac_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwaresm7225_firmwaresnapdragon_7c\+_gen_3_compute_firmwarewcn3988sm4250-aa_firmwarewcn6750_firmwareqcn7606_firmwaresm6125_firmwaresa8295p_firmwaresnapdragon_675_mobile_platform_firmwaresm6375wcn3991qca8337_firmwarewcd9380_firmwaressg2125pqca6564au9205_lte_modemsd670_firmwareqca6574snapdragon_7c\+_gen_3_computewcd9380sc8180xp-aaqcs410sm7150-aa_firmwaresxr1230psc8180xp-ad_firmwaresc8180x-ac_firmwareqcn9012_firmwareqca6430_firmwarewcd9335_firmwarewcn3980qca6335_firmwaresm7225wcd9340_firmwarewsa8815sm6150-ac_firmwarewcn3910qcs8250qca6426_firmwaresm4450qca9984sc8180x-adqcn9024wcn3980_firmwaresd730snapdragon_xr2\+_gen_1_platform_firmwaresnapdragon_x50_5g_modem-rf_system_firmwaresc7180-ac_firmwaresa8295psm7150-aa9205_lte_modem_firmwaresm6350wcn6740_firmwareqca6421_firmwaresm7125qcs4490_firmwaresnapdragon_xr2_5g_platformsnapdragon_x65_5g_modem-rf_systemar8031_firmwaresm7150-ab_firmwareqrb5165sm8350_firmwaresm6350_firmwareqca6797aq_firmwarewcn785x-1_firmwaresd670qcn9024_firmwareqca6564a_firmwaresdx57mqcm4290_firmwaresnapdragon_x24_lte_modemsc8180xp-ac_firmwarewsa8832sa8540pqcs610_firmwareqsm8250sa6145par8031qcs4490qca6595_firmwaresc8280xp-bbqca6391_firmwarewcd9370_firmwaresm4350-ac_firmwaresdx55sd888_firmwaresm8250csra6640sa8155psd675ssg2115p_firmwareqam8255par8035_firmwareqcm2290qsm8250_firmwareqcn7606wcn3991_firmwarewsa8830snapdragon_662_mobile_platform_firmwaresxr2230p_firmwaresm6125snapdragon_850_mobile_compute_platformsnapdragon_x24_lte_modem_firmwareqcs2290_firmwareqam8650pwcn785x-5flight_rb5_5g_platformcsra6620flight_rb5_5g_platform_firmwaresc8280xp-bb_firmwaresm7250-ac_firmwareqcs4290qca6420_firmwaresc7180-acqca6390_firmwaresd730_firmwarewcd9370sd675_firmwaressg2115pqca6426sc8280xp-abwcn3990_firmwareqrb5165n_firmwareqca9984_firmwareqca9377sm8450sm8250-absd_8cx_firmwarewcd9385_firmwarewcd9326_firmwaresd662qam8295p_firmwaresm7325-afqcn9011_firmwaresa8155snapdragon_x55_5g_modem-rf_systemsa9000p_firmwaresdx55_firmwareqca6595ausm7325-af_firmwarewcn3999_firmwaresm7250p_firmwareqca6436_firmwaresm4350-acqrb5165nwcd9306qca6564au_firmwaresa6155p_firmwareqca6310snapdragon_x65_5g_modem-rf_system_firmwaresm6225snapdragon_x70_modem-rf_system_firmwareqcs6490qcs8550_firmwaresm8250_firmwarevision_intelligence_300_platform_firmwaresm8250-acwcn3988_firmwaresa6145p_firmwareqca6421sm7250-aasm6250wsa8810_firmwaresm4375_firmwarevision_intelligence_400_platformsm8450_firmwaresc7180-adwcd9326wcd9335snapdragon_ar2_gen_1_platform_firmwaresa8255p_firmwareqca8081qcm4490qca6174a_firmwareqcs4290_firmwaresnapdragon_wear_1300_platform_firmwaresxr2130_firmwarewcd9385qcs6490_firmwaresm7150-absc8180x-acqca6390wcd9375ar8035aqt1000sm6250_firmwarevision_intelligence_400_platform_firmwaresnapdragon_662_mobile_platformsm8150wsa8815_firmwareqcm6490wsa8835_firmwaresm7350-abqca6564awcn785x-1qcm2290_firmwarewcn3990sd_675sd865_5gqca6595sm8350-ac_firmwaresm8150-acqcn9012sd888wsa8835sxr1230p_firmwaresc7180-ad_firmwaresa8540p_firmwaresd_8_gen1_5gsm6250psc8180xp-acsxr2130ssg2125p_firmwareqca6574asmart_audio_400_platformwcn685x-5_firmwaresc8180x-afqca6174asm7325psdm670_firmwareqca6310_firmwaresm7325wcn6750sm7150-ac_firmwaresa9000pqca6574_firmwaresm7250-absd855sm4125_firmwaresm7325p_firmwaresxr2230psdx57m_firmwaresnapdragon_xr2_5g_platform_firmwareqca6574a_firmwareqrb5165mwcn785x-5_firmwaresm7315snapdragon_x55_5g_modem-rf_system_firmwarevision_intelligence_300_platformsd460qca6391sm8250-ab_firmwaresc8280xp-ab_firmwareaqt1000_firmwareqcm4490_firmwareqcm4290qcm6490_firmwarewsa8832_firmwarewcn685x-5qcn9011sm6225_firmwaresc8180xp-af_firmwareqca6574ausa8155p_firmwareqcs8250_firmwarewcd9341_firmwarewsa8810sm7250-aa_firmwaresc8180x-aa_firmwaresm7250-acsm8150-ac_firmwaresnapdragon_ar2_gen_1_platformsc8180x-aasm8350-acqam8650p_firmwaresnapdragon_675_mobile_platformsc8180x-af_firmwarewcn6740qca6696qcs8550sm4350sm6150-acsm7125_firmwaresnapdragon_x50_5g_modem-rf_systemsc8180xp-abqcn6024sc8180x-ad_firmwaresm7250pqcs410_firmwaresnapdragon_wear_1300_platformsm7325_firmwareSnapdragon
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2022-40525
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.04% / 10.94%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 07:38
Updated-03 Aug, 2024 | 12:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Information Exposure in Linux Networking Firmware

Information disclosure in Linux Networking Firmware due to unauthorized information leak during side channel analysis.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-ipq6005qca8072qcn9070qcn9274qcn9000qcn5052qcn9070_firmwareqca8084ipq6028_firmwareipq6010ipq9008qcn9074qca4024_firmwareqca8082qca8085ipq9574qca8386qcn5122qcn9024_firmwareqcn9072csr8811_firmwareqcn5121_firmwareipq6000qca8081qca8075_firmwareipq6005_firmwareipq6018qcn5022qcn5152_firmwareqcn6023qca8085_firmwareipq6010_firmwareqca8072_firmwareqcn9000_firmwareqcn5052_firmwareqcn9274_firmwareipq9008_firmwareqcn6024_firmwareipq6018_firmwareqca4024csr8811qca8386_firmwareqca8084_firmwareqca8075qcn5021_firmwareqcn9022_firmwareqcn6024qcn9022qcn9072_firmwareqca8082_firmwareipq6000_firmwareipq6028qcn5021qcn5121qcn5122_firmwareqcn5152ipq9574_firmwareqca8081_firmwareqcn5022_firmwareqcn6023_firmwareqcn9024qcn9074_firmwareSnapdragon
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2016-5854
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.11% / 30.08%
||
7 Day CHG~0.00%
Published-16 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, kernel heap memory can be exposed to userspace.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAll Qualcomm products
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-5858
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.14% / 35.01%
||
7 Day CHG~0.00%
Published-16 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a user supplies a value too large, then an out-of-bounds read occurs.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAll Qualcomm products
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-5347
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.13% / 32.98%
||
7 Day CHG~0.00%
Published-16 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel stack data can be leaked to userspace by an audio driver.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAll Qualcomm products
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-5855
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-4.7||MEDIUM
EPSS-0.11% / 30.08%
||
7 Day CHG~0.00%
Published-16 Aug, 2017 | 15:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a user-supplied buffer is casted to a structure without checking if the source buffer is large enough.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAll Qualcomm products
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-10430
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-9.8||CRITICAL
EPSS-0.33% / 55.03%
||
7 Day CHG~0.00%
Published-18 Apr, 2018 | 14:00
Updated-16 Sep, 2024 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, when executing a TA which has been granted privileges to the CPVC MINK class it is possible for the TA to access methods exposed by the CPVC interface.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sd_652sd_425_firmwaresd_820asd_625_firmwaresd_450sd_425sd_430_firmwaresd_430sd_625sd_820_firmwaresd_820sd_650sd_450_firmwaresd_652_firmwaresd_820a_firmwaresd_650_firmwareSnapdragon Automobile, Snapdragon Mobile
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-10339
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-7.1||HIGH
EPSS-0.10% / 27.43%
||
7 Day CHG~0.00%
Published-13 Jun, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all Android releases from CAF using the Linux kernel, HLOS can overwite secure memory or read contents of the keystore.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAll Qualcomm products
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-11199
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 12.73%
||
7 Day CHG~0.00%
Published-17 Mar, 2021 | 06:00
Updated-04 Aug, 2024 | 11:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

HLOS to access EL3 stack canary by just mapping imem region due to Improper access control and can lead to information exposure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qfe3100qfe2080fc_firmwareqca9377_firmwareqfs2580qpm5679_firmwaremdm9640_firmwaresm6250p_firmwarepmd9607_firmwareqfe4455fc_firmwareqca8337qfs2530qpm8870_firmwareqln1030pm6125qat5522_firmwaremdm9645wcn3950_firmwarepm8150aqdm5670qca6595au_firmwareqpm5541_firmwarepm7150lqcc1110_firmwarepm8998_firmwareqpa8821sd_455_firmwarewtr5975_firmwareqcs6125_firmwarepm456_firmwareqpa5580_firmwaremsm8108sa415mwcn3998wcd9371_firmwaremsm8108_firmwarewcn3950sm4125sd720gmdm9206_firmwareqsw8573_firmwarewcn3660bsd450_firmwareqfe4320qsw8574_firmwaresd460_firmwaremdm9230_firmwaresmb2351_firmwarepm8953_firmwareqpa4360_firmwarewcn3998_firmwareqfe2520_firmwareapq8009w_firmwarepm855papq8053_firmwareqca6420pm6150awtr4605_firmwareqca9367_firmwaremdm8207pm660_firmwarepm8150bsa8155_firmwareqca4004_firmwareqfe2101qca6430qat3522qfe4455fcpmr735awcd9306_firmwarewcd9340sd765gsdr660qfe1045_firmwareqfe3345msm8209_firmwaresdr865mdm9250_firmwareqdm5620_firmwaresmb1358qca6696_firmwareqln5020wcd9371sd870_firmwarepmm855au_firmwaresd_8cxwtr3950qfe3340qdm5621qtc800sqca4004qat3514_firmwaremdm9330_firmwaresd660sd865_5g_firmwaresd712pm640p_firmwaresd660_firmwarewcn6750_firmwareqat5516_firmwarepm6150lsd450pm855l_firmwareqtc410swcn3991qfe3335_firmwareqpa8801sdm429wpm8150l_firmwareqat5533_firmwaresdx55m_firmwareqpa8673_firmwarepm6150smb1354_firmwaremsm8976_firmwareqca6574sd632_firmwaresd670_firmwareqpa8842sdr052_firmwarepmm8996auwcd9380qualcomm215qln4640qcs410qpm5579_firmwaresmb1380_firmwareqfe4309_firmwaresmb1381pm855p_firmwareqfe3100_firmwarepm7250qca9379_firmwarewtr4905qpa8803sdx24_firmwaresd439_firmwarepmd9645qdm2301wcd9340_firmwarewsa8815wcn6850qfe2101_firmwareqca6584_firmwareqdm2301_firmwaremsm8937_firmwareqdm5621_firmwareqpm6375sd_8c_firmwaresd835wcn3980_firmwaresd730qfe3320_firmwarepm660l_firmwarepm6250_firmwarepm8008qtm525_firmwarepme605_firmwarepme605sd678_firmwareqpm5621_firmwareqln1021aq_firmwareqcs603rsw8577qpa6560_firmwareqpa8802_firmwareqln4640_firmwareqfe4308_firmwareqpm5621qpm6582sd670pm8009_firmwareapq8009wqfe4303qfs2580_firmwareqcm4290_firmwarepm8150lpmi8998_firmwareqcs610_firmwareapq8084_firmwaresdr105pm660a_firmwarepm215pm4250qpm5577mdm8207_firmwaresdm630_firmwarewtr2965mdm9205_firmwareqca6391_firmwaresa2150ppmx20_firmwaresd820_firmwarepm8150pmi8937_firmwarewcd9370_firmwareqat3516_firmwaresdx55apq8053qat3555_firmwarepmi8994qpa8803_firmwarewcn3660qca9379pm855bsmb2351qln1031pm8909mdm9150_firmwareqfe1040pm660qet6110_firmwareqpm6325pm6125_firmwareqbt1500qfe1040_firmwarecsrb31024mdm9628_firmwareqfe2340_firmwaremdm9650sd_636pmx24_firmwareqbt1500_firmwarepmk8001qcs4290pmm855aumdm9250qca6420_firmwarepmd9635_firmwareapq8009_firmwarepm7150asd675_firmwareqpa4361_firmwareqca6426wcn3990_firmwareqca9377qpa5373_firmwaresdw2500_firmwarewcd9385_firmwareqdm5650_firmwareqpa4340_firmwaresdxr2_5g_firmwarewcd9326_firmwarewcn3615_firmwarewhs9410rgr7640au_firmwarewtr2955pm7250_firmwaresdr845_firmwareqdm5620qln1021aqsmb1380pmk8002_firmwareqsw6310_firmwaresa8155qca6584qln1031_firmwaresdx55_firmwareqat5533wcn3615sm7250p_firmwarewcn3610_firmwarepm8940mdm9207qsm7250_firmwarepm7150l_firmwarewcd9306qca6584aumsm8208qat5515_firmwarepm855qpm8830_firmwaresd429pm8250qca9367qfe2082fc_firmwaresdm630mdm9607_firmwaremdm9655_firmwaremsm8976sgqfs2530_firmwarepmx55sa415m_firmwarewcn3988_firmwaresd205sd429_firmwarepm8150c_firmwareqca6421qdm3301qpa8842_firmwareqat3519_firmwarepm8953qat5515qca6694qpm5677qat3514wcd9326wcd9335pm8004_firmwaresdr8150_firmwareqcs4290_firmwarepm439qtc800h_firmwareqca6390wcd9375aqt1000msm8976sm6250_firmwareqln4642msm8917_firmwareqpm5677_firmwaresdx20_firmwarewsa8815_firmwarewtr3925_firmwarepmi8937pm8998sdw3100smr525_firmwareqpm8820_firmwareqfe4301_firmwareapq8017qln1020_firmwaremdm9630_firmwareqcm6125_firmwarepmx55_firmwarewtr2955_firmwareqbt1000_firmwareqfe4373fc_firmwaresd865_5gqca6595pm8150_firmwareqpm8830pmm8996au_firmwareqat5522pm8150csd665_firmwareqpa4360sc8180xqpa4361mdm9206qpm5577_firmwareqdm5679_firmwaresmr525qca6310_firmwareqfe4305_firmwarepm6150l_firmwarepmr525pm8150a_firmwareqca6574_firmwarewtr3950_firmwareqln1036aq_firmwaresd665pm6150a_firmwarepm6150_firmwaresd765pmx20pmd9607qca6574a_firmwareqat3555sd850_firmwareapq8009qfe2082fcwtr2965_firmwarepm670_firmwarecsrb31024_firmwareqln1036aqqtc801spmi8940_firmwaresc8180x_firmwareqfe3320sd710mdm9607mdm9645_firmwarepm8008_firmwareqln1035bd_firmwarepmr735a_firmwarepmw3100pmx50qfe3345_firmwaresdr8250sd768gqln1030_firmwarepmw3100_firmwarepm8004pm640lmsm8940pmk8002apq8096au_firmwaresdw2500sd845smb1357pmd9655au_firmwareqca617_firmwareqcs410_firmwaremdm9330qpa5580qpm5579qfe2550qcs610pmi8996qfe1045qdm2307qca6431_firmwareqpa8802wcd9360_firmwareqpm6585_firmwareqat3519qbt2000_firmwarepm855a_firmwareqtc800hsdr8250_firmwareqcs2290qca6335msm8917qln1020qcs605_firmwaresd_675_firmwarewtr3905qdm5671pmc1000hqpm4650_firmwareqat3518sd632sdr425_firmwaresmr526_firmwaremdm9628pm640a_firmwareqpa5460wgr7640_firmwareqdm2305_firmwareqpm5670_firmwaresd710_firmwareqca4020qdm5652qca6574au_firmwaremdm9630qpm8870wcd9375_firmwareqpm5679qbt2000msm8909wwcd9360pmx50_firmwareqpa8675_firmwarewhs9410_firmwareqpa5460_firmwarepm8940_firmwareqdm3301_firmwarepm8996qsm7250qcs6125sd662_firmwareqcc1110smb1360qualcomm215_firmwareqfe3440fcqdm2308_firmwarersw8577_firmwarepm439_firmwareqca4020_firmwareqca6436wcn6851qcs603_firmwareqpa6560msm8937sdr675_firmwarewcn3660_firmwarewcd9341pmi8952mdm9655pm8937_firmwareqca6431qet4100_firmwareqfe4320_firmwarewcn3910_firmwaremdm9207_firmwaresd855_firmwareqdm5650wcn3988wtr3925qfe2080fcsdr052smb1390sdw3100_firmwaremsm8208_firmwareqet4100wcn3610msm8608mdm9640qpa8686_firmwareqpm6585qca8337_firmwaresda429w_firmwarewcd9380_firmwaresmb1355qln4650qtc800t_firmwarewcd9330msm8996au_firmwarewgr7640csr6030qet5100qdm5671_firmwareqpa8801_firmwareqca6564auqtm527_firmwarepm8005_firmwaremsm8940_firmwareqet4101_firmwarepm7250bqln4642_firmwarepmk8001_firmwaresmb1355_firmwarepm7250b_firmwarepmd9655_firmwaresmb1351_firmwaremdm9230pm8996_firmwareqet4200aq_firmwaresdx50m_firmwaresmb1395smb358spm660lsmb358s_firmwarear8151smr526wtr5975qca6430_firmwarewcd9335_firmwareqtc801s_firmwarewcn3980qat3522_firmwareqca6335_firmwareqsw8573qcs605qbt1000wcn3910qca6320mdm9650_firmwareqca6426_firmwarewcn3660b_firmwarewcn3680qfe4309pm8009qpa8675sdr051_firmwarewcd9330_firmwaresdx55mqca6421_firmwarewtr3905_firmwareqfe4373fcmsm8953qat3518_firmwarepmi8998qfe2520qsw8574sd821_firmwarewcn3680_firmwareqca617pm855lwcn6851_firmwareqdm5670_firmwarepmd9635pm7150a_firmwarepm8150b_firmwareqfe4302sd_636_firmwarepmc1000h_firmwareqca6564a_firmwareqdm2310_firmwareqca6694au_firmwarepm4250_firmwaremsm8976sg_firmwaresdr105_firmwarepmd9645_firmwaresd870pm670sd210_firmwareqdm5677pm8005pm855_firmwareqdm2302sdxr1pm855b_firmwareapq8096auqca6595_firmwareqpm6582_firmwareqpm6375_firmwarepm640l_firmwarepmi8996_firmwareqln4650_firmwareqet5100msa8155psd675wtr4605sd439qet4101pm8952qat3516pm670lqpm5658ar8035_firmwareqcm2290qpm5658_firmwarewcn3991_firmwareqdm5652_firmwareqfe4465fcsd678sdr051qln5030qcs2290_firmwarepm4125pmi632qpa2625_firmwarepm456qfe2081fc_firmwaresmb1360_firmwareqet5100_firmwareqpa5373pm670l_firmwaresdr660gqfe2340sd765g_firmwareqpa8686smb1358_firmwareqca6390_firmwaresd730_firmwarewcd9370sdr425pmr525_firmwareqca6584au_firmwareqfe3340_firmwarear8151_firmwarepmi632_firmwaresd_8cx_firmwareqpm5541qat5516smb358_firmwaresd662qpa8821_firmwareqfe4308sdr660g_firmwareapq8037pm3003aqca6320_firmwarewcn3680b_firmwareqca6595auqca6436_firmwareqtc800tsmb1354qca6564au_firmwareqdm2305qca6310qpm8820pm8937qpm2630qfe2081fcqln5020_firmwaresa515m_firmwaresdxr2_5gapq8084sd821sdr675sm6250sd712_firmwareapq8017_firmwarewsa8810_firmwaresmb231sd765_firmwareqdm5677_firmwareqet4200aqqca6174a_firmwarewcd9385qpm6325_firmwareqdm2302_firmwareqat3550_firmwareqln5040_firmwarepm4125_firmwarear8035qpa8673qca6694_firmwareqdm2310qfe2550_firmwaremsm8953_firmwareqln5030_firmwareqca6694aupm8952_firmwaresda429wsd210wcn3620_firmwareqfe4302_firmwaresd820wcn6850_firmwarewcn3620smb358csr6030_firmwareqca6564apmx24qet6110pmi8952_firmwareqcm2290_firmwareqln5040qpm8895sdr845qpm5670wcn3990sd_675qtm527qfe3440fc_firmwaresdx24pmi8994_firmwareqdm2307_firmwaremsm8909w_firmwaremsm8996ausdm429w_firmwareqfe1035pmi8940sm6250prgr7640auqln1035bdpm855asdr660_firmwarepm8909_firmwareqca6574apm8916_firmwaresmb1390_firmwareqca6174aqfe4303_firmwarewcn6750pm8956_firmwareqet5100m_firmwareqpm4650mdm9205qtm525sa515msa2150p_firmwarewtr6955qfe3335sd855sm4125_firmwareqfe4305wtr6955_firmwarepm640psd768g_firmwaresdr865_firmwaremsm8209qfe4465fc_firmwarepm8250_firmwaresd460qca6391sdxr1_firmwaresmb1351smb1357_firmwareaqt1000_firmwarepm215_firmwaremsm8920qpm8895_firmwarepm660aqpa4340qfe1035_firmwareqcm4290sdx50mpm640asdr8150sdx20pm8916pmd9655aumsm8920_firmwaresmb1395_firmwaresd_455pmd9655qca6574ausa8155p_firmwaresd205_firmwareqsw6310wcd9341_firmwareqcm6125wsa8810qtc410s_firmwareqpm2630_firmwaresmb231_firmwareqdm2308wtr4905_firmwareqat3550mdm9150qdm5679sd_8cwcn3680bsd835_firmwarepm3003a_firmwareqca6696qfe4301qtc800s_firmwaresmb1381_firmwaresd845_firmwaremsm8608_firmwareqpa2625apq8037_firmwaresm7250psd720g_firmwarepm8956sd850pm6250Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9032
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-3.3||LOW
EPSS-0.09% / 25.95%
||
7 Day CHG~0.00%
Published-13 Jun, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all Android releases from CAF using the Linux kernel, a DRM key was exposed to QTEE applications.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAll Qualcomm products
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9031
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-3.3||LOW
EPSS-0.09% / 25.95%
||
7 Day CHG~0.00%
Published-13 Jun, 2017 | 20:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In all Android releases from CAF using the Linux kernel, a TZ memory address is exposed to HLOS by HDCP.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAll Qualcomm products
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-9001
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
ShareView Details
Matching Score-6
Assigner-Android (associated with Google Inc. or Open Handset Alliance)
CVSS Score-5.5||MEDIUM
EPSS-0.10% / 28.04%
||
7 Day CHG~0.00%
Published-16 May, 2017 | 14:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In TrustZone an information exposure vulnerability can potentially occur in all Android releases from CAF using the Linux kernel.

Action-Not Available
Vendor-Google LLCQualcomm Technologies, Inc.
Product-androidAll Qualcomm Products
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-35080
Matching Score-6
Assigner-Qualcomm, Inc.
ShareView Details
Matching Score-6
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 10.25%
||
7 Day CHG~0.00%
Published-14 Jun, 2022 | 09:50
Updated-04 Aug, 2024 | 00:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Disabled SMMU from secure side while RPM is assigned a secure stream can lead to information disclosure in Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm2290_firmwaresd680_firmwarewcn3991_firmwarewcn3991wsa8830sw5100pqcs2290_firmwareqcm4290sd480_firmwaresd662_firmwarewcn3988_firmwarewsa8835qcs4290wcn3950_firmwarewsa8810_firmwareqcm4290_firmwareqcs2290sd480sd680sw5100wsa8810sw5100p_firmwarewcd9370qcs4290_firmwarewcd9385sd695_firmwarewcn3980wcn3998wcd9385_firmwarewcn3950sm4125wcn3910_firmwarewcd9375wcd9370_firmwaresm4125_firmwarewsa8815sd662wcn3910wsa8830_firmwaresd460_firmwarewcn3988wsa8815_firmwarewsa8835_firmwaresd695sw5100_firmwarewcd9375_firmwarewcn3980_firmwarewcn3998_firmwaresd460qcm2290Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 57
  • 58
  • Next
Details not found