VYPR

Vendor CVEs

Qualcomm

All CVEs

2,042 total · sorted by risk
  • CVE-2017-18297Oct 23, 2018
    risk 0.00cvss epss 0.00

    Double memory free while closing TEE SE API Session management in Snapdragon Mobile in version SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820.

  • CVE-2017-18292Oct 23, 2018
    risk 0.00cvss epss 0.00

    Secure app running in non secure space can restart TZ by calling Widevine app API repeatedly in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD…

  • CVE-2017-18312Oct 23, 2018
    risk 0.00cvss epss 0.00

    While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking of same state transitions in Snapdragon Automobile, Snapdragon Mobile in version MSM8996AU, SD 410/12, SD 617, SD 650/52, SD 810, SD 820, SD…

  • CVE-2017-18294Oct 23, 2018
    risk 0.00cvss epss 0.00

    While reading file class type from ELF header, a buffer overread may happen if the ELF file size is less than the size of ELF64 header size in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9650, MSM8909W,…

  • CVE-2017-18283Oct 23, 2018
    risk 0.00cvss epss 0.01

    Possible memory corruption when Read Val Blob Req is received with invalid parameters in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 625, SD 835, SD 845, SD 850, SDA660.

  • CVE-2017-18295Oct 23, 2018
    risk 0.00cvss epss 0.00

    Possible buffer overflow if input is not null terminated in DSP Service module in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD…

  • CVE-2017-18298Oct 23, 2018
    risk 0.00cvss epss 0.00

    Lack of Input Validation in SDMX API can lead to NULL pointer access in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD…

  • CVE-2017-18299Oct 23, 2018
    risk 0.00cvss epss 0.00

    Improper translation table consolidation logic leads to resource exhaustion and QSEE error in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD…

  • CVE-2017-18170Oct 23, 2018
    risk 0.00cvss epss 0.01

    Improper input validation in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD…

  • CVE-2013-2598Aug 31, 2014
    risk 0.00cvss epss 0.00

    app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values…

  • CVE-2013-2595Aug 31, 2014
    risk 0.00cvss epss 0.01

    The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap…

  • CVE-2014-4325Aug 25, 2014
    risk 0.00cvss epss 0.00

    The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to bypass intended device-lock and kernel-signature restrictions by…

  • CVE-2014-0974Aug 25, 2014
    risk 0.00cvss epss 0.00

    The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers…

  • CVE-2014-0973Aug 25, 2014
    risk 0.00cvss epss 0.00

    The image_verify function in platform/msm_shared/image_verify.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with…

  • CVE-2013-4737Feb 15, 2014
    risk 0.00cvss epss 0.01

    The CONFIG_STRICT_MEMORY_RWX implementation for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly consider certain memory sections, which makes it easier for attackers to bypass intended…

  • CVE-2013-4736Feb 10, 2014
    risk 0.00cvss epss 0.01

    Multiple integer overflows in the JPEG engine drivers in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (system crash)…

  • CVE-2013-4739Feb 3, 2014
    risk 0.00cvss epss 0.00

    The MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to obtain sensitive information from kernel stack memory via (1) a crafted MSM_MCR_IOCTL_EVT_GET ioctl call,…

  • CVE-2013-4738Feb 3, 2014
    risk 0.00cvss epss 0.00

    Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges via (1) a crafted…

  • CVE-2013-6123Jan 14, 2014
    risk 0.00cvss epss 0.00

    Multiple array index errors in drivers/media/video/msm/server/msm_cam_server.c in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges by…

  • CVE-2013-6122Nov 12, 2013
    risk 0.00cvss epss 0.00

    goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly synchronize updates to a global variable, which allows local users to bypass…

  • CVE-2013-4740Nov 12, 2013
    risk 0.00cvss epss 0.00

    goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, relies on user-space length values for kernel-memory copies of procfs file content, which allows…

  • CVE-2013-3051Apr 13, 2013
    risk 0.00cvss epss 0.00

    The TrustZone kernel, when used in conjunction with a certain Motorola build of Android 4.1.2, on Motorola Razr HD, Razr M, and Atrix HD devices with the Qualcomm MSM8960 chipset does not verify the association between a certain physical-address argument and a memory region,…

  • CVE-2012-4221Nov 30, 2012
    risk 0.00cvss epss 0.02

    Integer overflow in diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service via an application that uses crafted arguments in a local…

  • CVE-2012-4220Nov 30, 2012
    risk 0.00cvss epss 0.03

    diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via an application that uses crafted arguments…

  • CVE-2012-1475Mar 14, 2012
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in the YagattaTalk Messenger (com.iskoot.yagatta.yagattatalk) application 1.00.01.08 for Android has unknown impact and attack vectors.

  • CVE-2010-3403Sep 16, 2010
    risk 0.00cvss epss 0.03

    Untrusted search path vulnerability in Qualcomm eXtensible Diagnostic Monitor (QXDM) 03.09.19 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc71enu.dll that is located in the same folder as a…

  • CVE-2005-1151May 25, 2005
    risk 0.00cvss epss 0.00

    qpopper 4.0.5 and earlier does not properly drop privileges before processing certain user-supplied files, which allows local users to overwrite or create arbitrary files as root.

  • CVE-2003-0302Jun 16, 2003
    risk 0.00cvss epss 0.01

    The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors.

  • CVE-2003-0300Jun 16, 2003
    risk 0.00cvss epss 0.03

    The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.

  • CVE-2002-2313Dec 31, 2002
    risk 0.00cvss epss 0.01

    Eudora email client 5.1.1, with "use Microsoft viewer" enabled, allows remote attackers to execute arbitrary programs via an HTML email message containing a META refresh tag that references an embedded .mhtml file with ActiveX controls that execute a second embedded program,…

  • CVE-2002-1770Dec 31, 2002
    risk 0.00cvss epss 0.02

    Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code via an HTML e-mail message that uses a file:// URL in a t:video tag to reference an attached Windows Media Player file containing JavaScript code, which is launched and executed in the My Computer zone by…

  • CVE-2002-1210Nov 29, 2002
    risk 0.00cvss epss 0.01

    Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local…

  • CVE-2002-0889Oct 4, 2002
    risk 0.00cvss epss 0.00

    Buffer overflow in Qpopper (popper) 4.0.4 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a long bulldir argument in the user's .qpopper-options configuration file.

  • CVE-2002-0456Aug 12, 2002
    risk 0.00cvss epss 0.01

    Eudora 5.1 and earlier versions stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames.

  • CVE-2001-0677Sep 20, 2001
    risk 0.00cvss epss 0.01

    Eudora 5.0.2 allows a remote attacker to read arbitrary files via an email with the path of the target file in the "Attachment Converted" MIME header, which sends the file when the email is forwarded to the attacker by the user.

  • CVE-2001-1068Aug 31, 2001
    risk 0.00cvss epss 0.01

    qpopper 4.01 with PAM based authentication on Red Hat systems generates different error messages when an invalid username is provided instead of a valid name, which allows remote attackers to determine valid usernames on the system.

  • CVE-2001-1318Jul 16, 2001
    risk 0.00cvss epss 0.03

    Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.

  • CVE-2001-1046Jun 2, 2001
    risk 0.00cvss epss 0.02

    Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 allows remote attackers to gain privileges via a long username.

  • CVE-2000-0874Nov 14, 2000
    risk 0.00cvss epss 0.01

    Eudora mail client includes the absolute path of the sender's host within a virtual card (VCF).

  • CVE-1999-0427May 1, 2000
    risk 0.00cvss epss 0.01

    Eudora 4.1 allows remote attackers to perform a denial of service by sending attachments with long file names.

  • CVE-2000-0320Apr 21, 2000
    risk 0.00cvss epss 0.01

    Qpopper 2.53 and 3.0 does not properly identify the \n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 1023 characters long and ends in \n.

  • CVE-1999-1448Jul 29, 1998
    risk 0.00cvss epss 0.01

    Eudora and Eudora Light before 3.05 allows remote attackers to cause a crash and corrupt the user's mailbox via an e-mail message with certain dates, such as (1) dates before 1970, which cause a Divide By Zero error, or (2) dates that are 100 years after the current date, which…

Page 41 of 41