Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-28 | CVE-2018-5870 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm SD 835 Firmware, Sda660 Firmware and Sdx24 Firmware While loading a service image, an untrusted pointer dereference can occur in Snapdragon Mobile in versions SD 835, SDA660, SDX24. | 7.2 |
| 2018-11-28 | CVE-2018-11996 | Improper Validation of Array Index vulnerability in Qualcomm products When a malformed command is sent to the device programmer, an out-of-bounds access can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20, SDX24. | 7.2 |
| 2018-11-28 | CVE-2018-11994 | Unspecified vulnerability in Qualcomm products SMMU secure camera logic allows secure camera controllers to access HLOS memory during session in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130. | 7.2 |
| 2018-11-28 | CVE-2018-11921 | Improper Handling of Exceptional Conditions vulnerability in Qualcomm products Failure condition is not handled properly and the correct error code is not returned. | 7.2 |
| 2018-11-28 | CVE-2018-11264 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products Possible buffer overflow in Ontario fingerprint code due to lack of input validation for the parameters coming into TZ from HLOS in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDA660. | 7.2 |
| 2018-11-28 | CVE-2017-18317 | Improper Input Validation vulnerability in Qualcomm products Restrictions related to the modem (sim lock, sim kill) can be bypassed by manipulating the system to issue a deactivation flow sequence in Snapdragon Automobile, Snapdragon Mobile in versions MSM8996AU,SD 410/12,SD 820,SD 820A. | 7.2 |
| 2018-11-28 | CVE-2017-18316 | Unspecified vulnerability in Qualcomm products Secure application can access QSEE kernel memory through Ontario kernel driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130. | 7.2 |
| 2018-11-28 | CVE-2017-18315 | Out-of-bounds Read vulnerability in Qualcomm SD 600 Firmware Buffer over-read vulnerabilities in an older version of ASN.1 parser in Snapdragon Mobile in versions SD 600. | 7.2 |
| 2018-11-27 | CVE-2018-13350 | SQL Injection vulnerability in Terra-Master Terramaster Operating System 3.1.03 SQL injection in logtable.php in TerraMaster TOS version 3.1.03 allows attackers to execute SQL queries via the "Event" parameter. | 7.5 |
| 2018-11-27 | CVE-2018-17936 | Unrestricted Upload of File with Dangerous Type vulnerability in Nuuo CMS 3.1/3.3 NUUO CMS All versions 3.3 and prior the application allows the upload of arbitrary files that can modify or overwrite configuration files to the server, which could allow remote code execution. | 7.5 |