VYPR

MSM

by Qualcomm

CVEs (11)

  • CVE-2022-31885CriJun 28, 2022
    risk 0.69cvss 9.8epss 0.31

    Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts.

  • CVE-2022-31887CriJun 28, 2022
    risk 0.64cvss 9.8epss 0.01

    Marval MSM v14.19.0.12476 has a 0-Click Account Takeover vulnerability which allows an attacker to change any user's password in the organization, this means that the user can also escalate achieve Privilege Escalation by changing the administrator password.

  • CVE-2017-9709CriDec 5, 2017
    risk 0.64cvss 9.8epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a privilege escalation vulnerability exists in telephony.

  • CVE-2022-31883HigJun 28, 2022
    risk 0.57cvss 8.8epss 0.01

    Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. A low privilege user is able to see other users API Keys including the Admins API Keys.

  • CVE-2018-5898HigJul 6, 2018
    risk 0.51cvss 7.8epss 0.00

    Integer overflow can occur in msm_pcm_adsp_stream_cmd_put() function if the user supplied data "param_length" goes beyond certain limit in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-06-05.

  • CVE-2014-9786HigJul 11, 2016
    risk 0.51cvss 7.8epss 0.01

    Heap-based buffer overflow in drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via a crafted application, aka Android internal bug…

  • CVE-2014-9783HigJul 11, 2016
    risk 0.51cvss 7.8epss 0.01

    drivers/media/platform/msm/camera_v2/sensor/cci/msm_cci.c in the Qualcomm components in Android before 2016-07-05 on Nexus 7 (2013) devices does not validate certain values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28441831…

  • CVE-2022-31886MedJun 28, 2022
    risk 0.45cvss 6.5epss 0.02

    Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form.

  • CVE-2024-45543MedApr 7, 2025
    risk 0.43cvss 6.6epss 0.00

    Memory corruption while accessing MSM channel map and mixer functions.

  • CVE-2022-31884MedJun 28, 2022
    risk 0.42cvss 6.5epss 0.01

    Marval MSM v14.19.0.12476 has an Improper Access Control vulnerability which allows a low privilege user to delete other users API Keys including high privilege and the Administrator users API Keys.

  • CVE-2017-9681MedMar 30, 2018
    risk 0.42cvss 6.5epss 0.00

    In Android before 2017-08-05 on Qualcomm MSM, Firefox OS for MSM, QRD Android, and all Android releases from CAF using the Linux kernel, if kernel memory address is passed from userspace through iris_vidioc_s_ext_ctrls ioctl, it will print kernel address data. A user could set…