CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Prion•added 2019/05/06 11:29 p.m.•18 views

Command injection

A new account can be inserted into simContacts service using Android command line tool in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, S...

4.9CVSS6AI score0.00109EPSS

Cvelist•added 2019/05/06 10:43 p.m.•15 views

CVE-2017-18275

6AI score0.00109EPSS

CVE•added 2019/05/06 10:37 p.m.•47 views

CVE-2017-18274

The CVE-2017-18274 entry describes a buffer overflow in Qualcomm Snapdragon components (Snapdragon Automobile, Mobile, Wear across listed SDMs and processors) caused by iterating through models in a fixed‑size actData array while the reported count is greater than the array size. This is a local ...

7.8CVSS7.5AI score0.00098EPSS

Exploits0References1Affected Software1

NVD•added 2018/10/26 1:29 p.m.•17 views

CVE-2017-18310

ClientEnv exposes services 0-32 to HLOS in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA66...

7.8CVSS6.9AI score0.00038EPSS

Prion•added 2018/10/26 1:29 p.m.•16 views

Race condition

When a series of FDAL messages are sent to the modem, a Use After Free condition can occur in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 62...

7.2CVSS7.7AI score0.00048EPSS

NVD•added 2018/10/26 1:29 p.m.•18 views

CVE-2017-18124

During secure boot, addition is performed on uint8 ptrs which led to overflow issue in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD...

7.8CVSS7.8AI score0.00101EPSS

CVE•added 2018/10/26 1:0 p.m.•55 views

CVE-2017-18124

CVE-2017-18124 : The description in the linked sources states that during secure boot an addition is performed on uint8 pointers, causing an overflow. This affects a broad set of Qualcomm/Snapdragon devices (e.g., FSM9055, IPQ4019, MDM9xxx, MSM/SDA/XOA families and many SD series SKUs). The conne...

7.8CVSS7.8AI score0.00101EPSS

Exploits0References1Affected Software1

CVE•added 2018/10/26 1:0 p.m.•51 views

CVE-2017-18310

CVE-2017-18310 affects Qualcomm closed‑source components in Snapdragon devices, with the issue described as a code injection vulnerability involving ClientEnv exposing services 0–32 to the HLOS. The associated records (NVD/NIST, CVE list, prion entry) indicate local attack feasibility and a high/...

7.8CVSS7AI score0.00038EPSS

Exploits0References2Affected Software1

NVD•added 2018/10/23 1:29 p.m.•14 views

CVE-2017-18312

While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking of same state transitions in Snapdragon Automobile, Snapdragon Mobile in version MSM8996AU, SD 410/12, SD 617, SD 650/52, SD 810, SD 820, SD 820A...

7.8CVSS7.7AI score0.00081EPSS

NVD•added 2018/10/23 1:29 p.m.•18 views

CVE-2017-18292

Secure app running in non secure space can restart TZ by calling Widevine app API repeatedly in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 80...

5.5CVSS6AI score0.00053EPSS

NVD•added 2018/10/23 1:29 p.m.•13 views

CVE-2017-18298

Lack of Input Validation in SDMX API can lead to NULL pointer access in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD...

7.8CVSS6.9AI score0.00044EPSS

NVD•added 2018/10/23 1:29 p.m.•17 views

CVE-2017-18296

Access control on applications is not applied while accessing SafeSwitch services can lead to improper access in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD...

7.8CVSS6.9AI score0.00044EPSS

Prion•added 2018/10/23 1:29 p.m.•21 views

Code injection

7.2CVSS7.7AI score0.00081EPSS

Prion•added 2018/10/23 1:29 p.m.•15 views

Default credentials

Insufficient memory allocation in boot due to incorrect size being passed could result in out of bounds access in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425,...

7.2CVSS7.7AI score0.00044EPSS

CVE•added 2018/10/23 1:0 p.m.•51 views

CVE-2017-18312

CVE-2017-18312 affects Qualcomm Snapdragon SoCs (MSM8996AU; SD 410/12, SD 617, SD 650/52, SD 810, SD 820, SD 820A). Root cause: SafeSwitch state transitions are not checked consistently, enabling a third party to manipulate a device during SafeSwitch operations and perform unauthorized operations...

7.8CVSS7.6AI score0.00081EPSS

Exploits0References2Affected Software1

Cvelist•added 2018/10/23 1:0 p.m.•20 views

CVE-2017-18296

7.8AI score0.00044EPSS

Cvelist•added 2018/10/23 1:0 p.m.•26 views

CVE-2017-18298

7.7AI score0.00044EPSS

Cvelist•added 2018/10/23 1:0 p.m.•23 views

CVE-2017-18312

7.7AI score0.00081EPSS

NVD•added 2018/09/20 1:29 p.m.•14 views

CVE-2018-11982

In Snapdragon Mobile, Wear in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, SnapdragonHighMed2016, a double free of...

8.8CVSS8.8AI score0.00077EPSS