Vulnerabilities > Qualcomm > Critical
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-03-30 | CVE-2017-14911 | Improper Authentication vulnerability in Qualcomm products In Android before 2018-01-05 on Qualcomm Snapdragon IoT, Snapdragon Mobile, Snapdragon Automobile APQ8096AU, MDM9206, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 625, SD 650/52, SD 820, SD 835, it is possible for the XBL loader to skip the authentication of device config. | 10.0 |
2018-03-15 | CVE-2017-17773 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products In Snapdragon Automobile, Snapdragon Wearable and Snapdragon Mobile MDM9206,MDM9607,MDM9650,SD 210/SD 212/SD 205,SD 400,SD 410/12,SD 425,SD 430,SD 450,SD 600,SD 602A,SD 615/16/SD 415,SD 617,SD 625,SD 650/52,SD 800,SD 808,SD 810,SD 820,SD 820Am,SD 835,SD 845,MSM8909W, improper input validation in video_fmt_mp4r_process_atom_avc1() causes a potential buffer overflow. | 10.0 |
2018-02-23 | CVE-2017-14910 | Out-of-bounds Read vulnerability in Qualcomm products In Snapdragon Automobile, Snapdragon IoT and Snapdragon Mobile MDM9206 MDM9607, MDM9650, S820A, S820Am, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 835, and SD 845, a buffer overread is possible if there are no newlines in an input file. | 10.0 |
2014-02-15 | CVE-2013-4737 | Permissions, Privileges, and Access Controls vulnerability in Qualcomm Quic Mobile Station Modem Kernel 3.10 The CONFIG_STRICT_MEMORY_RWX implementation for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly consider certain memory sections, which makes it easier for attackers to bypass intended access restrictions by leveraging the presence of RWX memory at a fixed location. | 9.3 |
2012-03-14 | CVE-2012-1475 | Unspecified vulnerability in Qualcomm Yagattatalk Messenger 1.00.01.08 Unspecified vulnerability in the YagattaTalk Messenger (com.iskoot.yagatta.yagattatalk) application 1.00.01.08 for Android has unknown impact and attack vectors. | 10.0 |
2010-09-16 | CVE-2010-3403 | Unspecified vulnerability in Qualcomm Extensible Diagnostic Monitor 03.09.19 Untrusted search path vulnerability in Qualcomm eXtensible Diagnostic Monitor (QXDM) 03.09.19 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc71enu.dll that is located in the same folder as a .isf file. | 9.3 |
2007-05-21 | CVE-2007-2770 | Remote Security vulnerability in Qualcomm Eudora 7.1 Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote SMTP servers to execute arbitrary code via a long SMTP reply. | 9.3 |
2003-03-18 | CVE-2003-0143 | Remote Memory Corruption vulnerability in Qpopper The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name. | 10.0 |
2001-06-02 | CVE-2001-1046 | Buffer Overflow vulnerability in Qualcomm Qpopper 4.0/4.0.1/4.0.2 Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 allows remote attackers to gain privileges via a long username. | 10.0 |
1999-11-30 | CVE-1999-0822 | Remote Buffer Overflow vulnerability in Qualcomm Qpopper 3.0/3.0B20 Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via AUTH command. | 10.0 |