Vulnerabilities > Qualcomm > Msm8996Au Firmware

DATE CVE VULNERABILITY TITLE RISK
2018-07-06 CVE-2018-5885 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products
While loading dynamic fonts, a buffer overflow may occur if the number of segments in the font file is out of range in Snapdragon Mobile and Snapdragon Wear.
network
low complexity
qualcomm CWE-119
critical
9.8
2018-07-06 CVE-2018-5882 Out-of-bounds Read vulnerability in Qualcomm products
While parsing a Flac file with a corrupted comment block, a buffer over-read can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.
network
low complexity
qualcomm CWE-125
critical
9.8
2018-07-06 CVE-2018-5876 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products
While parsing an mp4 file, a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.
network
low complexity
qualcomm CWE-119
8.8
2018-07-06 CVE-2018-5875 Integer Overflow or Wraparound vulnerability in Qualcomm products
While parsing an mp4 file, an integer overflow leading to a buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.
network
low complexity
qualcomm CWE-190
8.8
2018-07-06 CVE-2018-5874 Out-of-bounds Write vulnerability in Qualcomm products
While parsing an mp4 file, a stack-based buffer overflow can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear.
network
low complexity
qualcomm CWE-787
8.8
2018-07-06 CVE-2018-5838 Improper Validation of Array Index vulnerability in Qualcomm products
Improper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-bounds access can occur in SurfaceFlinger.
local
low complexity
qualcomm CWE-129
7.8
2018-07-06 CVE-2018-11259 Incorrect Permission Assignment for Critical Resource vulnerability in Qualcomm products
Due to Improper Access Control of NAND-based EFS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, From fastboot on a NAND-based device, the EFS partition can be erased.
local
low complexity
qualcomm CWE-732
7.7
2018-07-06 CVE-2018-11258 Use After Free vulnerability in Qualcomm products
In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condition can occur in versions MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDX20.
local
low complexity
qualcomm CWE-416
7.8
2018-07-06 CVE-2017-11088 SQL Injection vulnerability in Qualcomm products
Improper Input Validation in Linux io-prefetch in Snapdragon Mobile and Snapdragon Wear, A SQL injection vulnerability exists in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 835, SD 845.
network
low complexity
qualcomm CWE-89
critical
9.8
2018-03-30 CVE-2017-14911 Improper Authentication vulnerability in Qualcomm products
In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile, Snapdragon Automobile APQ8096AU, MDM9206, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 625, SD 650/52, SD 820, SD 835, it is possible for the XBL loader to skip the authentication of device config.
network
low complexity
qualcomm CWE-287
critical
9.8