Vendor CVEs
Qualcomm
All CVEs
2,042 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-18297 | 0.00 | — | 0.00 | Oct 23, 2018 | Double memory free while closing TEE SE API Session management in Snapdragon Mobile in version SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820. | |||
| CVE-2017-18292 | 0.00 | — | 0.00 | Oct 23, 2018 | Secure app running in non secure space can restart TZ by calling Widevine app API repeatedly in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD… | |||
| CVE-2017-18312 | 0.00 | — | 0.00 | Oct 23, 2018 | While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking of same state transitions in Snapdragon Automobile, Snapdragon Mobile in version MSM8996AU, SD 410/12, SD 617, SD 650/52, SD 810, SD 820, SD… | |||
| CVE-2017-18294 | 0.00 | — | 0.00 | Oct 23, 2018 | While reading file class type from ELF header, a buffer overread may happen if the ELF file size is less than the size of ELF64 header size in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9650, MSM8909W,… | |||
| CVE-2017-18283 | 0.00 | — | 0.01 | Oct 23, 2018 | Possible memory corruption when Read Val Blob Req is received with invalid parameters in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 625, SD 835, SD 845, SD 850, SDA660. | |||
| CVE-2017-18295 | 0.00 | — | 0.00 | Oct 23, 2018 | Possible buffer overflow if input is not null terminated in DSP Service module in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD… | |||
| CVE-2017-18298 | 0.00 | — | 0.00 | Oct 23, 2018 | Lack of Input Validation in SDMX API can lead to NULL pointer access in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD… | |||
| CVE-2017-18299 | 0.00 | — | 0.00 | Oct 23, 2018 | Improper translation table consolidation logic leads to resource exhaustion and QSEE error in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD… | |||
| CVE-2017-18170 | 0.00 | — | 0.01 | Oct 23, 2018 | Improper input validation in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD… | |||
| CVE-2013-2598 | 0.00 | — | 0.00 | Aug 31, 2014 | app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values… | |||
| CVE-2013-2595 | 0.00 | — | 0.01 | Aug 31, 2014 | The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap… | |||
| CVE-2014-4325 | 0.00 | — | 0.00 | Aug 25, 2014 | The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to bypass intended device-lock and kernel-signature restrictions by… | |||
| CVE-2014-0974 | 0.00 | — | 0.00 | Aug 25, 2014 | The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers… | |||
| CVE-2014-0973 | 0.00 | — | 0.00 | Aug 25, 2014 | The image_verify function in platform/msm_shared/image_verify.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with… | |||
| CVE-2013-4737 | 0.00 | — | 0.01 | Feb 15, 2014 | The CONFIG_STRICT_MEMORY_RWX implementation for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly consider certain memory sections, which makes it easier for attackers to bypass intended… | |||
| CVE-2013-4736 | 0.00 | — | 0.01 | Feb 10, 2014 | Multiple integer overflows in the JPEG engine drivers in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (system crash)… | |||
| CVE-2013-4739 | 0.00 | — | 0.00 | Feb 3, 2014 | The MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to obtain sensitive information from kernel stack memory via (1) a crafted MSM_MCR_IOCTL_EVT_GET ioctl call,… | |||
| CVE-2013-4738 | 0.00 | — | 0.00 | Feb 3, 2014 | Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges via (1) a crafted… | |||
| CVE-2013-6123 | 0.00 | — | 0.00 | Jan 14, 2014 | Multiple array index errors in drivers/media/video/msm/server/msm_cam_server.c in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges by… | |||
| CVE-2013-6122 | 0.00 | — | 0.00 | Nov 12, 2013 | goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly synchronize updates to a global variable, which allows local users to bypass… | |||
| CVE-2013-4740 | 0.00 | — | 0.00 | Nov 12, 2013 | goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, relies on user-space length values for kernel-memory copies of procfs file content, which allows… | |||
| CVE-2013-3051 | 0.00 | — | 0.00 | Apr 13, 2013 | The TrustZone kernel, when used in conjunction with a certain Motorola build of Android 4.1.2, on Motorola Razr HD, Razr M, and Atrix HD devices with the Qualcomm MSM8960 chipset does not verify the association between a certain physical-address argument and a memory region,… | |||
| CVE-2012-4221 | 0.00 | — | 0.02 | Nov 30, 2012 | Integer overflow in diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service via an application that uses crafted arguments in a local… | |||
| CVE-2012-4220 | 0.00 | — | 0.03 | Nov 30, 2012 | diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via an application that uses crafted arguments… | |||
| CVE-2012-1475 | 0.00 | — | 0.01 | Mar 14, 2012 | Unspecified vulnerability in the YagattaTalk Messenger (com.iskoot.yagatta.yagattatalk) application 1.00.01.08 for Android has unknown impact and attack vectors. | |||
| CVE-2010-3403 | 0.00 | — | 0.03 | Sep 16, 2010 | Untrusted search path vulnerability in Qualcomm eXtensible Diagnostic Monitor (QXDM) 03.09.19 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc71enu.dll that is located in the same folder as a… | |||
| CVE-2005-1151 | 0.00 | — | 0.00 | May 25, 2005 | qpopper 4.0.5 and earlier does not properly drop privileges before processing certain user-supplied files, which allows local users to overwrite or create arbitrary files as root. | |||
| CVE-2003-0302 | 0.00 | — | 0.01 | Jun 16, 2003 | The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors. | |||
| CVE-2003-0300 | 0.00 | — | 0.03 | Jun 16, 2003 | The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors. | |||
| CVE-2002-2313 | 0.00 | — | 0.01 | Dec 31, 2002 | Eudora email client 5.1.1, with "use Microsoft viewer" enabled, allows remote attackers to execute arbitrary programs via an HTML email message containing a META refresh tag that references an embedded .mhtml file with ActiveX controls that execute a second embedded program,… | |||
| CVE-2002-1770 | 0.00 | — | 0.02 | Dec 31, 2002 | Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code via an HTML e-mail message that uses a file:// URL in a t:video tag to reference an attached Windows Media Player file containing JavaScript code, which is launched and executed in the My Computer zone by… | |||
| CVE-2002-1210 | 0.00 | — | 0.01 | Nov 29, 2002 | Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local… | |||
| CVE-2002-0889 | 0.00 | — | 0.00 | Oct 4, 2002 | Buffer overflow in Qpopper (popper) 4.0.4 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a long bulldir argument in the user's .qpopper-options configuration file. | |||
| CVE-2002-0456 | 0.00 | — | 0.01 | Aug 12, 2002 | Eudora 5.1 and earlier versions stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames. | |||
| CVE-2001-0677 | 0.00 | — | 0.01 | Sep 20, 2001 | Eudora 5.0.2 allows a remote attacker to read arbitrary files via an email with the path of the target file in the "Attachment Converted" MIME header, which sends the file when the email is forwarded to the attacker by the user. | |||
| CVE-2001-1068 | 0.00 | — | 0.01 | Aug 31, 2001 | qpopper 4.01 with PAM based authentication on Red Hat systems generates different error messages when an invalid username is provided instead of a valid name, which allows remote attackers to determine valid usernames on the system. | |||
| CVE-2001-1318 | 0.00 | — | 0.03 | Jul 16, 2001 | Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. | |||
| CVE-2001-1046 | 0.00 | — | 0.02 | Jun 2, 2001 | Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 allows remote attackers to gain privileges via a long username. | |||
| CVE-2000-0874 | 0.00 | — | 0.01 | Nov 14, 2000 | Eudora mail client includes the absolute path of the sender's host within a virtual card (VCF). | |||
| CVE-1999-0427 | 0.00 | — | 0.01 | May 1, 2000 | Eudora 4.1 allows remote attackers to perform a denial of service by sending attachments with long file names. | |||
| CVE-2000-0320 | 0.00 | — | 0.01 | Apr 21, 2000 | Qpopper 2.53 and 3.0 does not properly identify the \n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 1023 characters long and ends in \n. | |||
| CVE-1999-1448 | 0.00 | — | 0.01 | Jul 29, 1998 | Eudora and Eudora Light before 3.05 allows remote attackers to cause a crash and corrupt the user's mailbox via an e-mail message with certain dates, such as (1) dates before 1970, which cause a Divide By Zero error, or (2) dates that are 100 years after the current date, which… |
- CVE-2017-18297Oct 23, 2018risk 0.00cvss —epss 0.00
Double memory free while closing TEE SE API Session management in Snapdragon Mobile in version SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820.
- CVE-2017-18292Oct 23, 2018risk 0.00cvss —epss 0.00
Secure app running in non secure space can restart TZ by calling Widevine app API repeatedly in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD…
- CVE-2017-18312Oct 23, 2018risk 0.00cvss —epss 0.00
While accessing SafeSwitch services, third party can manipulate a given device and perform unauthorized operation due to lack of checking of same state transitions in Snapdragon Automobile, Snapdragon Mobile in version MSM8996AU, SD 410/12, SD 617, SD 650/52, SD 810, SD 820, SD…
- CVE-2017-18294Oct 23, 2018risk 0.00cvss —epss 0.00
While reading file class type from ELF header, a buffer overread may happen if the ELF file size is less than the size of ELF64 header size in Small Cell SoC, Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version FSM9055, MDM9206, MDM9607, MDM9650, MSM8909W,…
- CVE-2017-18283Oct 23, 2018risk 0.00cvss —epss 0.01
Possible memory corruption when Read Val Blob Req is received with invalid parameters in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 625, SD 835, SD 845, SD 850, SDA660.
- CVE-2017-18295Oct 23, 2018risk 0.00cvss —epss 0.00
Possible buffer overflow if input is not null terminated in DSP Service module in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD…
- CVE-2017-18298Oct 23, 2018risk 0.00cvss —epss 0.00
Lack of Input Validation in SDMX API can lead to NULL pointer access in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD…
- CVE-2017-18299Oct 23, 2018risk 0.00cvss —epss 0.00
Improper translation table consolidation logic leads to resource exhaustion and QSEE error in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in version MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD…
- CVE-2017-18170Oct 23, 2018risk 0.00cvss —epss 0.01
Improper input validation in Bluetooth Controller function can lead to possible memory corruption in Snapdragon Mobile in version QCA9379, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820, SD 835, SD 845, SD…
- CVE-2013-2598Aug 31, 2014risk 0.00cvss —epss 0.00
app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values…
- CVE-2013-2595Aug 31, 2014risk 0.00cvss —epss 0.01
The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap…
- CVE-2014-4325Aug 25, 2014risk 0.00cvss —epss 0.00
The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to bypass intended device-lock and kernel-signature restrictions by…
- CVE-2014-0974Aug 25, 2014risk 0.00cvss —epss 0.00
The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers…
- CVE-2014-0973Aug 25, 2014risk 0.00cvss —epss 0.00
The image_verify function in platform/msm_shared/image_verify.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with…
- CVE-2013-4737Feb 15, 2014risk 0.00cvss —epss 0.01
The CONFIG_STRICT_MEMORY_RWX implementation for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly consider certain memory sections, which makes it easier for attackers to bypass intended…
- CVE-2013-4736Feb 10, 2014risk 0.00cvss —epss 0.01
Multiple integer overflows in the JPEG engine drivers in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to cause a denial of service (system crash)…
- CVE-2013-4739Feb 3, 2014risk 0.00cvss —epss 0.00
The MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to obtain sensitive information from kernel stack memory via (1) a crafted MSM_MCR_IOCTL_EVT_GET ioctl call,…
- CVE-2013-4738Feb 3, 2014risk 0.00cvss —epss 0.00
Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges via (1) a crafted…
- CVE-2013-6123Jan 14, 2014risk 0.00cvss —epss 0.00
Multiple array index errors in drivers/media/video/msm/server/msm_cam_server.c in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges by…
- CVE-2013-6122Nov 12, 2013risk 0.00cvss —epss 0.00
goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly synchronize updates to a global variable, which allows local users to bypass…
- CVE-2013-4740Nov 12, 2013risk 0.00cvss —epss 0.00
goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, relies on user-space length values for kernel-memory copies of procfs file content, which allows…
- CVE-2013-3051Apr 13, 2013risk 0.00cvss —epss 0.00
The TrustZone kernel, when used in conjunction with a certain Motorola build of Android 4.1.2, on Motorola Razr HD, Razr M, and Atrix HD devices with the Qualcomm MSM8960 chipset does not verify the association between a certain physical-address argument and a memory region,…
- CVE-2012-4221Nov 30, 2012risk 0.00cvss —epss 0.02
Integer overflow in diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service via an application that uses crafted arguments in a local…
- CVE-2012-4220Nov 30, 2012risk 0.00cvss —epss 0.03
diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via an application that uses crafted arguments…
- CVE-2012-1475Mar 14, 2012risk 0.00cvss —epss 0.01
Unspecified vulnerability in the YagattaTalk Messenger (com.iskoot.yagatta.yagattatalk) application 1.00.01.08 for Android has unknown impact and attack vectors.
- CVE-2010-3403Sep 16, 2010risk 0.00cvss —epss 0.03
Untrusted search path vulnerability in Qualcomm eXtensible Diagnostic Monitor (QXDM) 03.09.19 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc71enu.dll that is located in the same folder as a…
- CVE-2005-1151May 25, 2005risk 0.00cvss —epss 0.00
qpopper 4.0.5 and earlier does not properly drop privileges before processing certain user-supplied files, which allows local users to overwrite or create arbitrary files as root.
- CVE-2003-0302Jun 16, 2003risk 0.00cvss —epss 0.01
The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers to cause a denial of service and possibly execute arbitrary code via certain large literal size values that cause either integer signedness errors or integer overflow errors.
- CVE-2003-0300Jun 16, 2003risk 0.00cvss —epss 0.03
The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP servers to cause a denial of service (crash) via certain large literal size values that cause either integer signedness errors or integer overflow errors.
- CVE-2002-2313Dec 31, 2002risk 0.00cvss —epss 0.01
Eudora email client 5.1.1, with "use Microsoft viewer" enabled, allows remote attackers to execute arbitrary programs via an HTML email message containing a META refresh tag that references an embedded .mhtml file with ActiveX controls that execute a second embedded program,…
- CVE-2002-1770Dec 31, 2002risk 0.00cvss —epss 0.02
Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code via an HTML e-mail message that uses a file:// URL in a t:video tag to reference an attached Windows Media Player file containing JavaScript code, which is launched and executed in the My Computer zone by…
- CVE-2002-1210Nov 29, 2002risk 0.00cvss —epss 0.01
Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email attachments in a predictable location, which allows remote attackers to read arbitrary files via a link that loads an attachment with malicious script into a frame, which then executes the script in the local…
- CVE-2002-0889Oct 4, 2002risk 0.00cvss —epss 0.00
Buffer overflow in Qpopper (popper) 4.0.4 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a long bulldir argument in the user's .qpopper-options configuration file.
- CVE-2002-0456Aug 12, 2002risk 0.00cvss —epss 0.01
Eudora 5.1 and earlier versions stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames.
- CVE-2001-0677Sep 20, 2001risk 0.00cvss —epss 0.01
Eudora 5.0.2 allows a remote attacker to read arbitrary files via an email with the path of the target file in the "Attachment Converted" MIME header, which sends the file when the email is forwarded to the attacker by the user.
- CVE-2001-1068Aug 31, 2001risk 0.00cvss —epss 0.01
qpopper 4.01 with PAM based authentication on Red Hat systems generates different error messages when an invalid username is provided instead of a valid name, which allows remote attackers to determine valid usernames on the system.
- CVE-2001-1318Jul 16, 2001risk 0.00cvss —epss 0.03
Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite.
- CVE-2001-1046Jun 2, 2001risk 0.00cvss —epss 0.02
Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 allows remote attackers to gain privileges via a long username.
- CVE-2000-0874Nov 14, 2000risk 0.00cvss —epss 0.01
Eudora mail client includes the absolute path of the sender's host within a virtual card (VCF).
- CVE-1999-0427May 1, 2000risk 0.00cvss —epss 0.01
Eudora 4.1 allows remote attackers to perform a denial of service by sending attachments with long file names.
- CVE-2000-0320Apr 21, 2000risk 0.00cvss —epss 0.01
Qpopper 2.53 and 3.0 does not properly identify the \n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 1023 characters long and ends in \n.
- CVE-1999-1448Jul 29, 1998risk 0.00cvss —epss 0.01
Eudora and Eudora Light before 3.05 allows remote attackers to cause a crash and corrupt the user's mailbox via an e-mail message with certain dates, such as (1) dates before 1970, which cause a Divide By Zero error, or (2) dates that are 100 years after the current date, which…
Page 41 of 41