Vulnerabilities > Qualcomm > Sda660 Firmware

DATE CVE VULNERABILITY TITLE RISK
2019-07-25 CVE-2019-2235 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products
Buffer overflow occurs when emulated RPMB is used due to sector size assumptions in the TA rollback protection logic.
local
low complexity
qualcomm CWE-119
4.6
2019-07-25 CVE-2018-13897 Information Exposure vulnerability in Qualcomm products
Clients hostname gets added to DNS record on device which is running dnsmasq resulting in an information exposure in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Wearables in MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 855, SDA660, SDM630, SDM660
network
low complexity
qualcomm CWE-200
5.0
2019-07-22 CVE-2019-2292 Out-of-bounds Write vulnerability in Qualcomm products
Out of bound access can occur due to buffer copy without checking size of input received from WLAN firmware in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9650, MSM8996AU, QCA6574AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 665, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24
local
low complexity
qualcomm CWE-787
4.6
2019-07-22 CVE-2019-2287 Out-of-bounds Write vulnerability in Qualcomm products
Improper validation for inputs received from firmware can lead to an out of bound write issue in video driver.
network
low complexity
qualcomm CWE-787
7.5
2019-07-22 CVE-2019-2279 Out-of-bounds Write vulnerability in Qualcomm products
Shared memory gets updated with invalid data and may lead to access beyond the allocated memory.
network
low complexity
qualcomm CWE-787
7.5
2019-07-22 CVE-2019-2277 Out-of-bounds Read vulnerability in Qualcomm products
Out of bound read can happen due to lack of NULL termination on user controlled data in WLAN in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MSM8996AU, QCS405, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 665, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX24
local
low complexity
qualcomm CWE-125
4.6
2019-07-22 CVE-2019-2269 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products
Possible buffer overflow while processing the high level lim process action frame due to improper buffer length validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9150, MDM9650, MSM8996AU, QCS405, QCS605, SD 625, SD 636, SD 665, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM630, SDM660, SDX20, SDX24, SXR1130
network
low complexity
qualcomm CWE-119
7.5
2019-07-22 CVE-2019-2261 Configuration vulnerability in Qualcomm products
Unauthorized access from GPU subsystem to HLOS or other non secure subsystem memory can lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 730, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130
local
low complexity
qualcomm CWE-16
4.9
2019-07-22 CVE-2019-2243 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products
Possible buffer overflow at the end of iterating loop while getting the version info and lead to information disclosure.
local
low complexity
qualcomm CWE-119
2.1
2019-07-22 CVE-2018-13927 Improper Authentication vulnerability in Qualcomm products
Debug policy with invalid signature can be loaded when the debug policy functionality is disabled by using the parallel image loading in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, QCS404, QCS605, SD 410/12, SD 636, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SXR1130
local
low complexity
qualcomm CWE-287
7.2