Multiple vulnerabilities in Qualcomm chipsets
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 50 |
| CVE-ID | CVE-2020-3624 CVE-2019-14056 CVE-2019-14065 CVE-2019-14089 CVE-2019-14115 CVE-2019-14119 CVE-2020-11122 CVE-2020-11133 CVE-2020-3611 CVE-2020-3620 CVE-2020-3622 CVE-2020-3629 CVE-2019-14025 CVE-2020-3636 CVE-2020-3640 CVE-2020-3643 CVE-2020-3644 CVE-2020-3666 CVE-2020-3668 CVE-2020-3669 CVE-2020-3675 CVE-2019-14117 CVE-2020-11120 CVE-2019-14052 CVE-2019-13999 CVE-2020-11116 CVE-2019-10562 CVE-2020-11115 CVE-2020-11118 CVE-2020-11117 CVE-2020-3702 CVE-2019-14074 CVE-2020-11128 CVE-2020-3646 CVE-2020-3647 CVE-2020-3648 CVE-2020-11158 CVE-2019-10628 CVE-2019-13995 CVE-2019-10629 CVE-2019-13994 CVE-2019-13998 CVE-2020-3619 CVE-2020-3621 CVE-2020-3667 CVE-2018-13903 CVE-2019-10527 CVE-2019-10596 CVE-2019-10615 CVE-2019-13992 |
| CWE-ID | CWE-190 CWE-415 CWE-320 CWE-200 CWE-367 CWE-822 CWE-121 CWE-284 CWE-20 CWE-120 CWE-823 CWE-131 CWE-126 CWE-416 CWE-457 CWE-287 CWE-310 CWE-129 CWE-476 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
APQ8009 Hardware solutions / Firmware APQ8017 Hardware solutions / Firmware APQ8053 Hardware solutions / Firmware APQ8096AU Hardware solutions / Firmware APQ8098 Hardware solutions / Firmware Kamorta Hardware solutions / Firmware MDM9150 Hardware solutions / Firmware MDM9206 Hardware solutions / Firmware MDM9207C Hardware solutions / Firmware MDM9607 Hardware solutions / Firmware MDM9640 Hardware solutions / Firmware MDM9650 Hardware solutions / Firmware MSM8905 Hardware solutions / Firmware MSM8909W Hardware solutions / Firmware MSM8917 Hardware solutions / Firmware MSM8920 Hardware solutions / Firmware MSM8937 Hardware solutions / Firmware MSM8940 Hardware solutions / Firmware MSM8953 Hardware solutions / Firmware MSM8996AU Hardware solutions / Firmware MSM8998 Hardware solutions / Firmware Nicobar Hardware solutions / Firmware QCM2150 Hardware solutions / Firmware QCN7605 Hardware solutions / Firmware QCS605 Hardware solutions / Firmware QM215 Hardware solutions / Firmware Rennell Hardware solutions / Firmware Saipan Hardware solutions / Firmware SC8180X Hardware solutions / Firmware SDA660 Hardware solutions / Firmware SDA845 Hardware solutions / Firmware SDM429 Hardware solutions / Firmware SDM429W Hardware solutions / Firmware SDM439 Hardware solutions / Firmware SDM450 Hardware solutions / Firmware SDM630 Hardware solutions / Firmware SDM632 Hardware solutions / Firmware SDM636 Hardware solutions / Firmware SDM660 Hardware solutions / Firmware SDM670 Hardware solutions / Firmware SDM710 Hardware solutions / Firmware SDM845 Hardware solutions / Firmware SDX20 Hardware solutions / Firmware SDX24 Hardware solutions / Firmware SDX55 Hardware solutions / Firmware SM6150 Hardware solutions / Firmware SM7150 Hardware solutions / Firmware SM8150 Hardware solutions / Firmware SXR1130 Hardware solutions / Firmware QCS405 Hardware solutions / Firmware SA6155P Hardware solutions / Firmware SXR2130 Hardware solutions / Firmware SM8250 Hardware solutions / Firmware MSM8996 Hardware solutions / Firmware IPQ8074 Hardware solutions / Firmware IPQ4019 Hardware solutions / Firmware IPQ8064 Hardware solutions / Firmware QCA6174A Hardware solutions / Firmware QCA6574AU Hardware solutions / Firmware QCA9377 Hardware solutions / Firmware QCA9379 Hardware solutions / Firmware QCA9531 Hardware solutions / Firmware QCA9558 Hardware solutions / Firmware QCA9980 Hardware solutions / Firmware MDM9205 Mobile applications / Mobile firmware & hardware MDM9615 Mobile applications / Mobile firmware & hardware MDM9625 Mobile applications / Mobile firmware & hardware MDM9635M Mobile applications / Mobile firmware & hardware MDM9645 Mobile applications / Mobile firmware & hardware MDM9655 Mobile applications / Mobile firmware & hardware MSM8909 Mobile applications / Mobile firmware & hardware QCS610 Mobile applications / Mobile firmware & hardware SA415M Mobile applications / Mobile firmware & hardware SA515M Mobile applications / Mobile firmware & hardware SC7180 Mobile applications / Mobile firmware & hardware SDM850 Mobile applications / Mobile firmware & hardware QCS404 Mobile applications / Mobile firmware & hardware APQ8076 Mobile applications / Mobile firmware & hardware IPQ6018 Mobile applications / Mobile firmware & hardware Bitra Mobile applications / Mobile firmware & hardware QCA8081 Mobile applications / Mobile firmware & hardware QCA6574 Mobile applications / Mobile firmware & hardware QCA6584AU Mobile applications / Mobile firmware & hardware QCA9563 Mobile applications / Mobile firmware & hardware QCA9880 Mobile applications / Mobile firmware & hardware QCA9886 Mobile applications / Mobile firmware & hardware QCN5500 Mobile applications / Mobile firmware & hardware QCN5502 Mobile applications / Mobile firmware & hardware QCA6390 Mobile applications / Mobile firmware & hardware IPQ5018 Mobile applications / Mobile firmware & hardware QCA4531 Mobile applications / Mobile firmware & hardware QCN550x Mobile applications / Mobile firmware & hardware QCA955x Mobile applications / Mobile firmware & hardware QCA956x Mobile applications / Mobile firmware & hardware AR938x Mobile applications / Mobile firmware & hardware AR958x Mobile applications / Mobile firmware & hardware AR934x Mobile applications / Mobile firmware & hardware AR9331 Mobile applications / Mobile firmware & hardware AR9287 Mobile applications / Mobile firmware & hardware QCA9565 Mobile applications / Mobile firmware & hardware QCA9462 Mobile applications / Mobile firmware & hardware QCA9485 Mobile applications / Mobile firmware & hardware IPS PDF releases prior to IPS System 2020. Mobile applications / Mobile firmware & hardware QCN7606 Mobile applications / Mobile firmware & hardware |
| Vendor | Qualcomm |
Security Bulletin
This security bulletin contains information about 50 vulnerabilities.
1) Integer overflow
EUVDB-ID: #VU109338
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-3624
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in Storage. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8009: All versions
APQ8017: All versions
APQ8053: All versions
APQ8096AU: All versions
APQ8098: All versions
Kamorta: All versions
MDM9150: All versions
MDM9205: All versions
MDM9206: All versions
MDM9207C: All versions
MDM9607: All versions
MDM9615: All versions
MDM9625: All versions
MDM9635M: All versions
MDM9640: All versions
MDM9645: All versions
MDM9650: All versions
MDM9655: All versions
MSM8905: All versions
MSM8909: All versions
MSM8909W: All versions
MSM8917: All versions
MSM8920: All versions
MSM8937: All versions
MSM8940: All versions
MSM8953: All versions
MSM8996AU: All versions
MSM8998: All versions
Nicobar: All versions
QCM2150: All versions
QCN7605: All versions
QCS605: All versions
QCS610: All versions
QM215: All versions
Rennell: All versions
SA415M: All versions
SA515M: All versions
Saipan: All versions
SC7180: All versions
SC8180X: All versions
SDA660: All versions
SDA845: All versions
SDM429: All versions
SDM429W: All versions
SDM439: All versions
SDM450: All versions
SDM630: All versions
SDM632: All versions
SDM636: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SDX20: All versions
SDX24: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SXR1130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8009:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8017:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8053:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8096au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9150:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9205:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9206:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9207c:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9607:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9615:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9625:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9635m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9640:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9645:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9650:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9655:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8905:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:msm8909:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8909w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8917:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8920:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8937:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8940:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8953:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcm2150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcn7605:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qm215:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa415m:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa515m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:saipan:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm439:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm450:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm630:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm632:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm636:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx20:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx24:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Integer overflow
EUVDB-ID: #VU109326
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2019-14056
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in TrustZone. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsKamorta: All versions
MDM9150: All versions
MDM9205: All versions
MDM9607: All versions
MDM9650: All versions
Nicobar: All versions
QCS404: All versions
QCS405: All versions
QCS605: All versions
QCS610: All versions
Rennell: All versions
SA6155P: All versions
SC7180: All versions
SC8180X: All versions
SDA660: All versions
SDA845: All versions
SDM630: All versions
SDM636: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SXR1130: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9150:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9205:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9607:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9650:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sa6155p:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm630:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm636:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Double Free
EUVDB-ID: #VU109327
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2019-14065
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in TrustZone. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8009: All versions
APQ8098: All versions
Kamorta: All versions
MDM9150: All versions
MDM9205: All versions
MDM9206: All versions
MDM9607: All versions
MDM9650: All versions
MSM8905: All versions
MSM8909: All versions
MSM8998: All versions
Nicobar: All versions
QCS404: All versions
QCS405: All versions
QCS605: All versions
QCS610: All versions
Rennell: All versions
SA515M: All versions
SA6155P: All versions
SC7180: All versions
SC8180X: All versions
SDA660: All versions
SDA845: All versions
SDM630: All versions
SDM636: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR1130: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8009:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9150:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9205:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9206:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9607:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9650:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8905:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:msm8909:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa515m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sa6155p:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm630:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm636:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Key Management Errors
EUVDB-ID: #VU109329
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2019-14089
CWE-ID:
CWE-320 - Key Management Errors
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in HLOS. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsKamorta: All versions
Nicobar: All versions
QCS404: All versions
QCS610: All versions
Rennell: All versions
SA515M: All versions
SA6155P: All versions
SC7180: All versions
SC8180X: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa515m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sa6155p:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Exposure of sensitive information to an unauthorized actor
EUVDB-ID: #VU109330
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2019-14115
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in Content Protection. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8009: All versions
APQ8017: All versions
APQ8053: All versions
APQ8076: All versions
APQ8096AU: All versions
APQ8098: All versions
Kamorta: All versions
MDM9150: All versions
MDM9205: All versions
MDM9206: All versions
MDM9607: All versions
MDM9650: All versions
MSM8905: All versions
MSM8909: All versions
MSM8917: All versions
MSM8920: All versions
MSM8937: All versions
MSM8940: All versions
MSM8953: All versions
MSM8996: All versions
MSM8996AU: All versions
MSM8998: All versions
Nicobar: All versions
QCM2150: All versions
QCS404: All versions
QCS405: All versions
QCS605: All versions
QCS610: All versions
QM215: All versions
Rennell: All versions
SA415M: All versions
SA515M: All versions
SA6155P: All versions
SC7180: All versions
SC8180X: All versions
SDA660: All versions
SDA845: All versions
SDM429: All versions
SDM429W: All versions
SDM439: All versions
SDM450: All versions
SDM630: All versions
SDM632: All versions
SDM636: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SDX24: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR1130: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8009:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8017:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8053:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:apq8076:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8096au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9150:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9205:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9206:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9607:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9650:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8905:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:msm8909:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8917:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8920:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8937:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8940:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8953:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996o:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcm2150:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qm215:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa415m:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa515m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sa6155p:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm439:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm450:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm630:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm632:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm636:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx24:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Time-of-check Time-of-use (TOCTOU) Race Condition
EUVDB-ID: #VU109331
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2019-14119
CWE-ID:
CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in QTEE. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsIPQ6018: All versions
Kamorta: All versions
MDM9205: All versions
MDM9607: All versions
Nicobar: All versions
QCS404: All versions
QCS405: All versions
QCS605: All versions
QCS610: All versions
Rennell: All versions
SA415M: All versions
SA515M: All versions
SA6155P: All versions
SC7180: All versions
SC8180X: All versions
SDM670: All versions
SDM710: All versions
SDX24: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR1130: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:a:qualcomm:ipq6018:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9205:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9607:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa415m:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa515m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sa6155p:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx24:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Untrusted Pointer Dereference
EUVDB-ID: #VU109332
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-11122
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in Video. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8098: All versions
Bitra: All versions
Kamorta: All versions
SA6155P: All versions
Saipan: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:bitra:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sa6155p:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:saipan:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Stack-based buffer overflow
EUVDB-ID: #VU109334
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-11133
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsMSM8998: All versions
QCS605: All versions
SDA845: All versions
SDM630: All versions
SDM636: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SXR1130: All versions
CPE2.3- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm630:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm636:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper Access Control
EUVDB-ID: #VU109335
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-3611
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in Core. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8098: All versions
Kamorta: All versions
MSM8998: All versions
QCS404: All versions
QCS605: All versions
SDA660: All versions
SDA845: All versions
SDM630: All versions
SDM636: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SXR1130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm630:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm636:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Integer overflow
EUVDB-ID: #VU109336
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-3620
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in Qualcomm IPC. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8009: All versions
APQ8017: All versions
APQ8053: All versions
APQ8096AU: All versions
APQ8098: All versions
Bitra: All versions
IPQ6018: All versions
IPQ8074: All versions
Kamorta: All versions
MDM9150: All versions
MDM9205: All versions
MDM9206: All versions
MDM9607: All versions
MDM9640: All versions
MDM9645: All versions
MDM9650: All versions
MDM9655: All versions
MSM8905: All versions
MSM8909: All versions
MSM8917: All versions
MSM8920: All versions
MSM8937: All versions
MSM8940: All versions
MSM8953: All versions
MSM8996: All versions
MSM8996AU: All versions
MSM8998: All versions
Nicobar: All versions
QCA8081: All versions
QCM2150: All versions
QCN7605: All versions
QCS404: All versions
QCS405: All versions
QCS605: All versions
QCS610: All versions
QM215: All versions
Rennell: All versions
SA415M: All versions
SA6155P: All versions
Saipan: All versions
SC7180: All versions
SC8180X: All versions
SDA660: All versions
SDA845: All versions
SDM429: All versions
SDM429W: All versions
SDM439: All versions
SDM450: All versions
SDM630: All versions
SDM632: All versions
SDM636: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SDX20: All versions
SDX24: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR1130: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8009:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8017:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8053:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8096au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:bitra:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:ipq6018:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:ipq8074:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9150:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9205:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9206:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9607:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9640:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9645:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9650:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9655:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8905:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:msm8909:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8917:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8920:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8937:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8940:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8953:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996o:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca8081:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcm2150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcn7605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qm215:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa415m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sa6155p:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:saipan:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm439:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm450:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm630:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm632:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm636:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx20:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx24:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper input validation
EUVDB-ID: #VU109337
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-3622
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in Qualcomm IPC. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8009: All versions
APQ8017: All versions
APQ8053: All versions
APQ8096AU: All versions
APQ8098: All versions
Bitra: All versions
IPQ6018: All versions
IPQ8074: All versions
Kamorta: All versions
MDM9150: All versions
MDM9205: All versions
MDM9206: All versions
MDM9607: All versions
MDM9640: All versions
MDM9645: All versions
MDM9650: All versions
MDM9655: All versions
MSM8905: All versions
MSM8909: All versions
MSM8917: All versions
MSM8920: All versions
MSM8937: All versions
MSM8940: All versions
MSM8953: All versions
MSM8996: All versions
MSM8996AU: All versions
MSM8998: All versions
Nicobar: All versions
QCA8081: All versions
QCM2150: All versions
QCN7605: All versions
QCS404: All versions
QCS405: All versions
QCS605: All versions
QCS610: All versions
QM215: All versions
Rennell: All versions
SA415M: All versions
SA6155P: All versions
Saipan: All versions
SC7180: All versions
SC8180X: All versions
SDA660: All versions
SDA845: All versions
SDM429: All versions
SDM429W: All versions
SDM439: All versions
SDM450: All versions
SDM630: All versions
SDM632: All versions
SDM636: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SDX20: All versions
SDX24: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR1130: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8009:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8017:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8053:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8096au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:bitra:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:ipq6018:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:ipq8074:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9150:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9205:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9206:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9607:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9640:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9645:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9650:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9655:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8905:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:msm8909:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8917:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8920:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8937:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8940:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8953:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996o:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca8081:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcm2150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcn7605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qm215:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa415m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sa6155p:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:saipan:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm439:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm450:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm630:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm632:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm636:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx20:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx24:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Buffer overflow
EUVDB-ID: #VU109339
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-3629
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in DSP Services. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsBitra: All versions
Kamorta: All versions
Rennell: All versions
SC7180: All versions
SDM845: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:a:qualcomm:bitra:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Untrusted Pointer Dereference
EUVDB-ID: #VU109324
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2019-14025
CWE-ID:
CWE-822 - Untrusted Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in Content Protection. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsKamorta: All versions
QCS404: All versions
QCS610: All versions
Rennell: All versions
SC7180: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8250: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Use of Out-of-range Pointer Offset
EUVDB-ID: #VU109340
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-3636
CWE-ID:
CWE-823 - Use of Out-of-range Pointer Offset
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in Content Protection. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsKamorta: All versions
QCS404: All versions
QCS610: All versions
Rennell: All versions
SC7180: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8250: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Incorrect Calculation of Buffer Size
EUVDB-ID: #VU109341
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-3640
CWE-ID:
CWE-131 - Incorrect Calculation of Buffer Size
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in Content Protection. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsBitra: All versions
Kamorta: All versions
QCS404: All versions
QCS610: All versions
Rennell: All versions
Saipan: All versions
SC7180: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8250: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:a:qualcomm:bitra:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:saipan:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Exposure of sensitive information to an unauthorized actor
EUVDB-ID: #VU109342
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-3643
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in Content Protection. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8009: All versions
APQ8017: All versions
APQ8053: All versions
APQ8076: All versions
APQ8096AU: All versions
APQ8098: All versions
IPQ6018: All versions
Kamorta: All versions
MDM9150: All versions
MDM9205: All versions
MDM9206: All versions
MDM9607: All versions
MDM9650: All versions
MSM8905: All versions
MSM8909: All versions
MSM8917: All versions
MSM8920: All versions
MSM8937: All versions
MSM8940: All versions
MSM8953: All versions
MSM8996: All versions
MSM8996AU: All versions
MSM8998: All versions
Nicobar: All versions
QCM2150: All versions
QCS404: All versions
QCS405: All versions
QCS605: All versions
QCS610: All versions
QM215: All versions
Rennell: All versions
SA415M: All versions
SA515M: All versions
SA6155P: All versions
SC7180: All versions
SC8180X: All versions
SDA660: All versions
SDA845: All versions
SDM429: All versions
SDM429W: All versions
SDM439: All versions
SDM450: All versions
SDM630: All versions
SDM632: All versions
SDM636: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SDX24: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR1130: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8009:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8017:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8053:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:apq8076:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8096au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:ipq6018:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9150:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9205:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9206:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9607:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9650:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8905:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:msm8909:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8917:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8920:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8937:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8940:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8953:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996o:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcm2150:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qm215:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa415m:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa515m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sa6155p:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm439:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm450:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm630:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm632:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm636:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx24:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Exposure of sensitive information to an unauthorized actor
EUVDB-ID: #VU109343
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-3644
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in Content Protection. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8009: All versions
APQ8096AU: All versions
APQ8098: All versions
Kamorta: All versions
MDM9150: All versions
MDM9205: All versions
MDM9206: All versions
MDM9607: All versions
MDM9650: All versions
MSM8905: All versions
MSM8909: All versions
MSM8996: All versions
MSM8996AU: All versions
MSM8998: All versions
Nicobar: All versions
QCS404: All versions
QCS405: All versions
QCS605: All versions
QCS610: All versions
Rennell: All versions
SA415M: All versions
SA515M: All versions
SA6155P: All versions
SC7180: All versions
SC8180X: All versions
SDA660: All versions
SDA845: All versions
SDM630: All versions
SDM636: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SDX24: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR1130: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8009:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8096au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9150:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9205:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9206:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9607:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9650:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8905:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:msm8909:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996o:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa415m:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa515m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sa6155p:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm630:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm636:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx24:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Stack-based buffer overflow
EUVDB-ID: #VU109344
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-3666
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8009: All versions
APQ8017: All versions
APQ8053: All versions
APQ8096AU: All versions
APQ8098: All versions
IPQ4019: All versions
IPQ6018: All versions
IPQ8064: All versions
IPQ8074: All versions
MDM9206: All versions
MDM9207C: All versions
MDM9607: All versions
MDM9640: All versions
MDM9650: All versions
MSM8996AU: All versions
MSM8998: All versions
QCA6174A: All versions
QCA6574: All versions
QCA6574AU: All versions
QCA6584AU: All versions
QCA8081: All versions
QCA9377: All versions
QCA9379: All versions
QCA9531: All versions
QCA9558: All versions
QCA9563: All versions
QCA9880: All versions
QCA9886: All versions
QCA9980: All versions
QCN5500: All versions
QCN5502: All versions
QCS404: All versions
QCS405: All versions
QCS605: All versions
SA6155P: All versions
SDA845: All versions
SDM630: All versions
SDM636: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SDX20: All versions
SDX24: All versions
SXR1130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8009:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8017:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8053:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8096au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:ipq4019:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:ipq6018:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:ipq8064:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:ipq8074:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9206:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9207c:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9607:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9640:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9650:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qca6174a:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca6574:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qca6574au:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca6584au:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca8081:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qca9377:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qca9379:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qca9531:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qca9558:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca9563:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca9880:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca9886:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qca9980:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcn5500:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcn5502:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sa6155p:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm630:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm636:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx20:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx24:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Buffer overflow
EUVDB-ID: #VU109345
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-3668
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsIPQ6018: All versions
IPQ8074: All versions
Kamorta: All versions
Nicobar: All versions
QCA6390: All versions
QCA8081: All versions
QCN7605: All versions
QCS404: All versions
QCS405: All versions
QCS605: All versions
Rennell: All versions
SA415M: All versions
SC7180: All versions
SC8180X: All versions
SDA845: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SXR1130: All versions
CPE2.3- cpe:2.3:a:qualcomm:ipq6018:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:ipq8074:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca6390:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca8081:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcn7605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa415m:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Use of Out-of-range Pointer Offset
EUVDB-ID: #VU109346
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-3669
CWE-ID:
CWE-823 - Use of Out-of-range Pointer Offset
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8098: All versions
IPQ5018: All versions
IPQ6018: All versions
IPQ8074: All versions
Kamorta: All versions
MSM8998: All versions
Nicobar: All versions
QCA6390: All versions
QCA8081: All versions
QCN7605: All versions
QCS404: All versions
QCS405: All versions
QCS605: All versions
Rennell: All versions
SA415M: All versions
SC7180: All versions
SC8180X: All versions
SDA845: All versions
SDM630: All versions
SDM636: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR1130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:ipq5018:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:ipq6018:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:ipq8074:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca6390:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca8081:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcn7605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa415m:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm630:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm636:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Buffer over-read
EUVDB-ID: #VU109347
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-3675
CWE-ID:
CWE-126 - Buffer over-read
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsIPQ5018: All versions
IPQ6018: All versions
IPQ8074: All versions
Kamorta: All versions
Nicobar: All versions
QCA6390: All versions
QCN7605: All versions
QCS404: All versions
QCS405: All versions
Rennell: All versions
SA415M: All versions
Saipan: All versions
SC7180: All versions
SC8180X: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
CPE2.3- cpe:2.3:a:qualcomm:ipq5018:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:ipq6018:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:ipq8074:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca6390:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcn7605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa415m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:saipan:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Use After Free
EUVDB-ID: #VU109350
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2019-14117
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsBitra: All versions
MDM9607: All versions
QCS405: All versions
Saipan: All versions
SC8180X: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:a:qualcomm:bitra:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9607:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:saipan:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Use After Free
EUVDB-ID: #VU109353
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-11120
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8096AU: All versions
APQ8098: All versions
Bitra: All versions
Kamorta: All versions
MSM8917: All versions
MSM8953: All versions
MSM8998: All versions
QCM2150: All versions
QCS405: All versions
QCS605: All versions
QM215: All versions
Rennell: All versions
Saipan: All versions
SDM429: All versions
SDM439: All versions
SDM450: All versions
SDM632: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8096au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:bitra:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8917:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8953:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcm2150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qm215:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:saipan:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm439:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm450:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm632:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Use of Uninitialized Variable
EUVDB-ID: #VU109325
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2019-14052
CWE-ID:
CWE-457 - Use of Uninitialized Variable
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in MODEM. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8009: All versions
APQ8017: All versions
APQ8053: All versions
APQ8096AU: All versions
APQ8098: All versions
MDM9150: All versions
MDM9206: All versions
MDM9607: All versions
MDM9615: All versions
MDM9625: All versions
MDM9635M: All versions
MDM9640: All versions
MDM9645: All versions
MDM9650: All versions
MDM9655: All versions
MSM8905: All versions
MSM8909: All versions
MSM8909W: All versions
MSM8917: All versions
MSM8920: All versions
MSM8937: All versions
MSM8940: All versions
MSM8953: All versions
MSM8996AU: All versions
MSM8998: All versions
Nicobar: All versions
QCM2150: All versions
QCS605: All versions
QCS610: All versions
QM215: All versions
SA415M: All versions
SC8180X: All versions
SDA660: All versions
SDA845: All versions
SDM429: All versions
SDM439: All versions
SDM450: All versions
SDM630: All versions
SDM632: All versions
SDM636: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SDX20: All versions
SDX24: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SXR1130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8009:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8017:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8053:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8096au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9206:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9607:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9615:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9625:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9635m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9640:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9645:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9650:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9655:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8905:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:msm8909:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8909w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8917:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8920:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8937:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8940:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8953:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcm2150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qm215:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa415m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm439:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm450:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm630:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm632:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm636:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx20:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx24:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Integer overflow
EUVDB-ID: #VU109323
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2019-13999
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in Qualcomm IPC. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8009: All versions
APQ8017: All versions
APQ8053: All versions
APQ8096AU: All versions
APQ8098: All versions
IPQ6018: All versions
IPQ8074: All versions
Kamorta: All versions
MDM9150: All versions
MDM9205: All versions
MDM9206: All versions
MDM9607: All versions
MDM9640: All versions
MDM9645: All versions
MDM9650: All versions
MDM9655: All versions
MSM8905: All versions
MSM8909: All versions
MSM8917: All versions
MSM8920: All versions
MSM8937: All versions
MSM8940: All versions
MSM8953: All versions
MSM8996: All versions
MSM8996AU: All versions
MSM8998: All versions
Nicobar: All versions
QCA8081: All versions
QCM2150: All versions
QCN7605: All versions
QCS404: All versions
QCS405: All versions
QCS605: All versions
QCS610: All versions
QM215: All versions
Rennell: All versions
SA415M: All versions
SA515M: All versions
SA6155P: All versions
SC7180: All versions
SC8180X: All versions
SDA660: All versions
SDA845: All versions
SDM429: All versions
SDM429W: All versions
SDM439: All versions
SDM450: All versions
SDM630: All versions
SDM632: All versions
SDM636: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SDX20: All versions
SDX24: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR1130: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8009:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8017:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8053:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8096au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:ipq6018:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:ipq8074:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9150:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9205:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9206:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9607:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9640:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9645:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9650:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9655:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8905:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:msm8909:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8917:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8920:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8937:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8940:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8953:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996o:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca8081:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcm2150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcn7605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qm215:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa415m:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa515m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sa6155p:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm439:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm450:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm630:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm632:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm636:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx20:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx24:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Buffer overflow
EUVDB-ID: #VU109349
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-11116
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8009: All versions
APQ8053: All versions
APQ8096AU: All versions
APQ8098: All versions
Bitra: All versions
Kamorta: All versions
MDM9206: All versions
MDM9207C: All versions
MDM9607: All versions
MDM9640: All versions
MDM9650: All versions
MSM8905: All versions
MSM8909W: All versions
MSM8917: All versions
MSM8920: All versions
MSM8937: All versions
MSM8940: All versions
MSM8953: All versions
MSM8996AU: All versions
QCA6174A: All versions
QCA6574AU: All versions
QCA9377: All versions
QCA9379: All versions
QCM2150: All versions
QCN7605: All versions
QCS405: All versions
QCS605: All versions
QCS610: All versions
QM215: All versions
SA6155P: All versions
Saipan: All versions
SC8180X: All versions
SDA845: All versions
SDM429: All versions
SDM429W: All versions
SDM439: All versions
SDM450: All versions
SDM630: All versions
SDM632: All versions
SDM636: All versions
SDM660: All versions
SDM845: All versions
SDX20: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8009:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8053:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8096au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:bitra:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9206:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9207c:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9607:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9640:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9650:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8905:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8909w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8917:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8920:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8937:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8940:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8953:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qca6174a:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qca6574au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qca9377:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qca9379:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcm2150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcn7605:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qm215:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sa6155p:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:saipan:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm439:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm450:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm630:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm632:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm636:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx20:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Improper Authentication
EUVDB-ID: #VU109307
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2019-10562
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in QTEE. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsIPQ6018: All versions
Kamorta: All versions
MSM8998: All versions
Nicobar: All versions
QCS404: All versions
QCS605: All versions
QCS610: All versions
Rennell: All versions
SA415M: All versions
SA6155P: All versions
SC7180: All versions
SDA660: All versions
SDA845: All versions
SDM630: All versions
SDM636: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SDX24: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR1130: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:a:qualcomm:ipq6018:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa415m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sa6155p:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm630:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm636:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx24:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Exposure of sensitive information to an unauthorized actor
EUVDB-ID: #VU109351
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-11115
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8009: All versions
APQ8053: All versions
APQ8096AU: All versions
APQ8098: All versions
Bitra: All versions
Kamorta: All versions
MDM9206: All versions
MDM9207C: All versions
MDM9607: All versions
MDM9640: All versions
MDM9650: All versions
MSM8905: All versions
MSM8909W: All versions
MSM8917: All versions
MSM8920: All versions
MSM8937: All versions
MSM8940: All versions
MSM8953: All versions
MSM8996AU: All versions
MSM8998: All versions
QCA6174A: All versions
QCA6574AU: All versions
QCA9377: All versions
QCA9379: All versions
QCM2150: All versions
QCN7605: All versions
QCS405: All versions
QCS605: All versions
QM215: All versions
Rennell: All versions
SA415M: All versions
Saipan: All versions
SC8180X: All versions
SDA845: All versions
SDM429: All versions
SDM429W: All versions
SDM439: All versions
SDM450: All versions
SDM632: All versions
SDM660: All versions
SDM845: All versions
SDX20: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8009:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8053:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8096au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:bitra:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9206:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9207c:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9607:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9640:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9650:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8905:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8909w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8917:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8920:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8937:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8940:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8953:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qca6174a:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qca6574au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qca9377:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qca9379:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcm2150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcn7605:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qm215:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa415m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:saipan:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm439:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm450:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm632:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx20:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Exposure of sensitive information to an unauthorized actor
EUVDB-ID: #VU109352
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-11118
CWE-ID:
CWE-200 - Exposure of sensitive information to an unauthorized actor
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8009: All versions
APQ8017: All versions
APQ8053: All versions
APQ8096AU: All versions
APQ8098: All versions
Bitra: All versions
Kamorta: All versions
MDM9150: All versions
MDM9206: All versions
MDM9207C: All versions
MDM9607: All versions
MDM9640: All versions
MDM9650: All versions
MSM8905: All versions
MSM8909W: All versions
MSM8917: All versions
MSM8920: All versions
MSM8937: All versions
MSM8940: All versions
MSM8953: All versions
MSM8998: All versions
Nicobar: All versions
QCA6174A: All versions
QCA6574AU: All versions
QCA9377: All versions
QCA9379: All versions
QCM2150: All versions
QCN7605: All versions
QCS405: All versions
QCS605: All versions
QCS610: All versions
QM215: All versions
Rennell: All versions
Saipan: All versions
SC8180X: All versions
SDM429: All versions
SDM429W: All versions
SDM439: All versions
SDM450: All versions
SDM630: All versions
SDM632: All versions
SDM636: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDX20: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR1130: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8009:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8017:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8053:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8096au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:bitra:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9206:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9207c:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9607:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9640:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9650:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8905:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8909w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8917:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8920:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8937:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8940:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8953:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qca6174a:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qca6574au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qca9377:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qca9379:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcm2150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcn7605:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qm215:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:saipan:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm439:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm450:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm630:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm632:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm636:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx20:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Improper input validation
EUVDB-ID: #VU109312
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-11117
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in lbd service. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsIPQ4019: All versions
IPQ6018: All versions
IPQ8064: All versions
IPQ8074: All versions
QCA4531: All versions
QCA9531: All versions
QCA9980: All versions
CPE2.3- cpe:2.3:h:qualcomm:ipq4019:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:ipq6018:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:ipq8064:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:ipq8074:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca4531:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qca9531:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qca9980:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Cryptographic Issues
EUVDB-ID: #VU109316
Risk: Medium
CVSSv4.0: 2.3 [CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:H/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2020-3702
CWE-ID:
CWE-310 - Cryptographic Issues
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access top sensitive information.
The vulnerability exists due to improper input validation in WIFI driver(Krook). A remote attacker can temporary disable WPA2 or the WPA/WPA2 mixed-mode encryption and intercept traffic in clear text.
MitigationInstall security update from vendor's website.
Vulnerable software versionsQCN550x: All versions
QCA9531: All versions
QCA955x: All versions
QCA956x: All versions
AR938x: All versions
AR958x: All versions
AR934x: All versions
AR9331: All versions
AR9287: All versions
QCA4531: All versions
QCA9565: All versions
QCA9462: All versions
QCA9485: All versions
CPE2.3- cpe:2.3:a:qualcomm:qcn550x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qca9531:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca955x:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca956x:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:ar938x:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:ar958x:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:ar934x:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:ar9331:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:ar9287:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca4531:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca9565:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca9462:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca9485:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Integer overflow
EUVDB-ID: #VU109328
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2019-14074
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in Diag Services. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8009: All versions
APQ8017: All versions
APQ8053: All versions
APQ8076: All versions
APQ8096AU: All versions
APQ8098: All versions
Bitra: All versions
IPQ6018: All versions
IPQ8074: All versions
Kamorta: All versions
MDM9150: All versions
MDM9205: All versions
MDM9206: All versions
MDM9207C: All versions
MDM9607: All versions
MDM9625: All versions
MDM9635M: All versions
MDM9640: All versions
MDM9645: All versions
MDM9650: All versions
MDM9655: All versions
MSM8905: All versions
MSM8909: All versions
MSM8909W: All versions
MSM8917: All versions
MSM8920: All versions
MSM8937: All versions
MSM8940: All versions
MSM8953: All versions
MSM8996: All versions
MSM8996AU: All versions
MSM8998: All versions
Nicobar: All versions
QCA8081: All versions
QCM2150: All versions
QCN7605: All versions
QCS404: All versions
QCS405: All versions
QCS605: All versions
QCS610: All versions
QM215: All versions
Rennell: All versions
SA415M: All versions
SA6155P: All versions
Saipan: All versions
SC7180: All versions
SC8180X: All versions
SDA660: All versions
SDA845: All versions
SDM429: All versions
SDM429W: All versions
SDM439: All versions
SDM450: All versions
SDM630: All versions
SDM632: All versions
SDM636: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SDX20: All versions
SDX24: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR1130: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8009:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8017:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8053:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:apq8076:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8096au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:bitra:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:ipq6018:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:ipq8074:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9150:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9205:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9206:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9207c:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9607:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9625:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9635m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9640:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9645:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9650:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9655:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8905:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:msm8909:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8909w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8917:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8920:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8937:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8940:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8953:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996o:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca8081:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcm2150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcn7605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qm215:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa415m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sa6155p:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:saipan:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm439:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm450:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm630:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm632:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm636:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx20:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx24:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Improper Validation of Array Index
EUVDB-ID: #VU109333
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-11128
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in Diag Services. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8009: All versions
APQ8096AU: All versions
APQ8098: All versions
Bitra: All versions
Kamorta: All versions
MDM9150: All versions
MDM9607: All versions
MDM9650: All versions
MSM8917: All versions
MSM8920: All versions
MSM8937: All versions
MSM8940: All versions
MSM8953: All versions
MSM8998: All versions
QCM2150: All versions
QCS405: All versions
QCS605: All versions
QCS610: All versions
QM215: All versions
Rennell: All versions
SA515M: All versions
SA6155P: All versions
Saipan: All versions
SC8180X: All versions
SDM429: All versions
SDM429W: All versions
SDM439: All versions
SDM450: All versions
SDM632: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDX24: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR1130: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8009:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8096au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:bitra:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9607:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9650:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8917:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8920:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8937:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8940:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8953:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcm2150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qm215:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa515m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sa6155p:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:saipan:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm439:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm450:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm632:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx24:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Buffer overflow
EUVDB-ID: #VU109354
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-3646
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in Video. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsBitra: All versions
MSM8909W: All versions
QCM2150: All versions
QCS405: All versions
QCS605: All versions
Saipan: All versions
SC8180X: All versions
SDA845: All versions
SDM429W: All versions
SDX24: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:a:qualcomm:bitra:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8909w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcm2150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:saipan:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx24:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Stack-based buffer overflow
EUVDB-ID: #VU109355
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-3647
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in Neural Processing Unit. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsMDM9607: All versions
QCS405: All versions
SC8180X: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
CPE2.3- cpe:2.3:h:qualcomm:mdm9607:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Use of Out-of-range Pointer Offset
EUVDB-ID: #VU109356
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-3648
CWE-ID:
CWE-823 - Use of Out-of-range Pointer Offset
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in DSP Services. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsMSM8909W: All versions
CPE2.3 External linkshttps://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) NULL Pointer Dereference
EUVDB-ID: #VU109348
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-11158
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in PDF-Compatible Interpreter. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsIPS PDF releases prior to IPS System 2020.: All versions
CPE2.3 External linkshttps://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Improper Validation of Array Index
EUVDB-ID: #VU109308
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2019-10628
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in Kernel. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8098: All versions
Bitra: All versions
MDM9205: All versions
MDM9650: All versions
MSM8998: All versions
Nicobar: All versions
QCA6390: All versions
QCN7605: All versions
QCS404: All versions
QCS405: All versions
QCS605: All versions
QCS610: All versions
Rennell: All versions
SA415M: All versions
SA6155P: All versions
Saipan: All versions
SC7180: All versions
SC8180X: All versions
SDA660: All versions
SDA845: All versions
SDM630: All versions
SDM636: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SDX20: All versions
SDX24: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR1130: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:bitra:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9205:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9650:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca6390:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcn7605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa415m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sa6155p:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:saipan:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm630:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm636:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx20:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx24:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Integer overflow
EUVDB-ID: #VU109322
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2019-13995
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in Trustzone. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8009: All versions
APQ8017: All versions
APQ8053: All versions
APQ8096AU: All versions
APQ8098: All versions
Bitra: All versions
IPQ6018: All versions
IPQ8074: All versions
Kamorta: All versions
MDM9150: All versions
MDM9205: All versions
MDM9206: All versions
MDM9607: All versions
MDM9640: All versions
MDM9645: All versions
MDM9650: All versions
MDM9655: All versions
MSM8905: All versions
MSM8909: All versions
MSM8917: All versions
MSM8920: All versions
MSM8937: All versions
MSM8940: All versions
MSM8953: All versions
MSM8996: All versions
MSM8996AU: All versions
MSM8998: All versions
Nicobar: All versions
QCA8081: All versions
QCM2150: All versions
QCN7605: All versions
QCS404: All versions
QCS405: All versions
QCS605: All versions
QCS610: All versions
QM215: All versions
Rennell: All versions
SA415M: All versions
SA6155P: All versions
Saipan: All versions
SC7180: All versions
SC8180X: All versions
SDA660: All versions
SDA845: All versions
SDM429: All versions
SDM429W: All versions
SDM439: All versions
SDM450: All versions
SDM630: All versions
SDM632: All versions
SDM636: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SDX20: All versions
SDX24: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR1130: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8009:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8017:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8053:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8096au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:bitra:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:ipq6018:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:ipq8074:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9150:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9205:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9206:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9607:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9640:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9645:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9650:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9655:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8905:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:msm8909:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8917:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8920:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8937:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8940:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8953:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996o:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca8081:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcm2150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcn7605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qm215:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa415m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sa6155p:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:saipan:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm439:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm450:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm630:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm632:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm636:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx20:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx24:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Improper Validation of Array Index
EUVDB-ID: #VU109309
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2019-10629
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in kernel. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsBitra: All versions
IPQ6018: All versions
IPQ8074: All versions
MDM9205: All versions
Nicobar: All versions
QCA8081: All versions
QCN7605: All versions
QCS404: All versions
QCS405: All versions
QCS605: All versions
QCS610: All versions
Rennell: All versions
SA415M: All versions
SA6155P: All versions
Saipan: All versions
SC7180: All versions
SC8180X: All versions
SDA845: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SDX20: All versions
SDX24: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR1130: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:a:qualcomm:bitra:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:ipq6018:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:ipq8074:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9205:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca8081:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcn7605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa415m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sa6155p:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:saipan:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx20:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx24:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Integer overflow
EUVDB-ID: #VU109310
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2019-13994
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in Trustzone. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8009: All versions
APQ8017: All versions
APQ8053: All versions
APQ8096AU: All versions
APQ8098: All versions
Bitra: All versions
IPQ6018: All versions
IPQ8074: All versions
Kamorta: All versions
MDM9150: All versions
MDM9205: All versions
MDM9206: All versions
MDM9607: All versions
MDM9640: All versions
MDM9645: All versions
MDM9650: All versions
MDM9655: All versions
MSM8905: All versions
MSM8909: All versions
MSM8917: All versions
MSM8920: All versions
MSM8937: All versions
MSM8940: All versions
MSM8953: All versions
MSM8996: All versions
MSM8996AU: All versions
MSM8998: All versions
Nicobar: All versions
QCA8081: All versions
QCM2150: All versions
QCN7605: All versions
QCS404: All versions
QCS405: All versions
QCS605: All versions
QCS610: All versions
QM215: All versions
Rennell: All versions
SA415M: All versions
SA6155P: All versions
Saipan: All versions
SC7180: All versions
SC8180X: All versions
SDA660: All versions
SDA845: All versions
SDM429: All versions
SDM429W: All versions
SDM439: All versions
SDM450: All versions
SDM630: All versions
SDM632: All versions
SDM636: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SDX20: All versions
SDX24: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR1130: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8009:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8017:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8053:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8096au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:bitra:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:ipq6018:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:ipq8074:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9150:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9205:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9206:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9607:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9640:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9645:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9650:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9655:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8905:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:msm8909:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8917:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8920:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8937:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8940:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8953:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996o:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca8081:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcm2150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcn7605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qm215:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa415m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sa6155p:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:saipan:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm439:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm450:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm630:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm632:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm636:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx20:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx24:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Integer overflow
EUVDB-ID: #VU109311
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2019-13998
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in Qualcomm IPC. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8009: All versions
APQ8017: All versions
APQ8053: All versions
APQ8096AU: All versions
APQ8098: All versions
Bitra: All versions
IPQ6018: All versions
IPQ8074: All versions
Kamorta: All versions
MDM9150: All versions
MDM9205: All versions
MDM9206: All versions
MDM9607: All versions
MDM9640: All versions
MDM9645: All versions
MDM9650: All versions
MDM9655: All versions
MSM8905: All versions
MSM8909: All versions
MSM8917: All versions
MSM8920: All versions
MSM8937: All versions
MSM8940: All versions
MSM8953: All versions
MSM8996: All versions
MSM8996AU: All versions
MSM8998: All versions
Nicobar: All versions
QCA8081: All versions
QCM2150: All versions
QCN7605: All versions
QCS404: All versions
QCS405: All versions
QCS605: All versions
QCS610: All versions
QM215: All versions
Rennell: All versions
SA415M: All versions
SA515M: All versions
SA6155P: All versions
Saipan: All versions
SC7180: All versions
SC8180X: All versions
SDA660: All versions
SDA845: All versions
SDM429: All versions
SDM429W: All versions
SDM439: All versions
SDM450: All versions
SDM630: All versions
SDM632: All versions
SDM636: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SDX20: All versions
SDX24: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR1130: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8009:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8017:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8053:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8096au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:bitra:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:ipq6018:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:ipq8074:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9150:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9205:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9206:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9607:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9640:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9645:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9650:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9655:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8905:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:msm8909:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8917:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8920:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8937:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8940:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8953:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996o:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca8081:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcm2150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcn7605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qm215:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa415m:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa515m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sa6155p:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:saipan:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm439:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm450:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm630:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm632:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm636:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx20:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx24:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Time-of-check Time-of-use (TOCTOU) Race Condition
EUVDB-ID: #VU109313
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-3619
CWE-ID:
CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in Graphics. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8009: All versions
APQ8017: All versions
APQ8053: All versions
APQ8098: All versions
IPQ8074: All versions
Kamorta: All versions
MDM9150: All versions
MDM9206: All versions
MDM9607: All versions
MDM9650: All versions
MSM8905: All versions
MSM8909: All versions
MSM8917: All versions
MSM8920: All versions
MSM8937: All versions
MSM8940: All versions
MSM8953: All versions
MSM8998: All versions
QCA8081: All versions
QCS404: All versions
QCS605: All versions
QCS610: All versions
QM215: All versions
Rennell: All versions
SA415M: All versions
SC7180: All versions
SDA660: All versions
SDA845: All versions
SDM429: All versions
SDM439: All versions
SDM450: All versions
SDM630: All versions
SDM632: All versions
SDM636: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SDX24: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SXR1130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8009:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8017:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8053:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:ipq8074:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9206:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9607:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9650:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8905:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:msm8909:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8917:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8920:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8937:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8940:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8953:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca8081:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qm215:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa415m:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm439:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm450:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm630:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm632:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm636:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx24:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Improper Validation of Array Index
EUVDB-ID: #VU109314
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-3621
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in Qualcomm IPC. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8009: All versions
APQ8017: All versions
APQ8053: All versions
APQ8096AU: All versions
APQ8098: All versions
Bitra: All versions
IPQ6018: All versions
IPQ8074: All versions
Kamorta: All versions
MDM9150: All versions
MDM9205: All versions
MDM9206: All versions
MDM9607: All versions
MDM9640: All versions
MDM9645: All versions
MDM9650: All versions
MDM9655: All versions
MSM8905: All versions
MSM8909: All versions
MSM8917: All versions
MSM8920: All versions
MSM8937: All versions
MSM8940: All versions
MSM8953: All versions
MSM8996: All versions
MSM8996AU: All versions
MSM8998: All versions
Nicobar: All versions
QCA8081: All versions
QCM2150: All versions
QCN7605: All versions
QCS404: All versions
QCS405: All versions
QCS605: All versions
QCS610: All versions
QM215: All versions
Rennell: All versions
SA415M: All versions
SA6155P: All versions
Saipan: All versions
SC7180: All versions
SC8180X: All versions
SDA660: All versions
SDA845: All versions
SDM429: All versions
SDM429W: All versions
SDM439: All versions
SDM450: All versions
SDM630: All versions
SDM632: All versions
SDM636: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SDX20: All versions
SDX24: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR1130: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8009:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8017:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8053:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8096au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:bitra:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:ipq6018:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:ipq8074:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9150:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9205:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9206:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9607:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9640:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9645:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9650:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9655:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8905:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:msm8909:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8917:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8920:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8937:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8940:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8953:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996o:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca8081:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcm2150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcn7605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qm215:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa415m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sa6155p:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:saipan:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm439:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm450:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm630:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm632:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm636:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx20:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx24:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Buffer overflow
EUVDB-ID: #VU109315
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2020-3667
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in WLAN. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8098: All versions
IPQ5018: All versions
IPQ6018: All versions
IPQ8074: All versions
Kamorta: All versions
MSM8998: All versions
Nicobar: All versions
QCA6390: All versions
QCA8081: All versions
QCS404: All versions
QCS405: All versions
QCS605: All versions
Rennell: All versions
SA415M: All versions
Saipan: All versions
SC7180: All versions
SC8180X: All versions
SDA845: All versions
SDM630: All versions
SDM636: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR1130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:ipq5018:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:ipq6018:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:ipq8074:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca6390:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca8081:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa415m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:saipan:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm630:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm636:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) NULL Pointer Dereference
EUVDB-ID: #VU109317
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2018-13903
CWE-ID:
CWE-476 - NULL Pointer Dereference
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in Modem. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8053: All versions
MDM9205: All versions
MDM9206: All versions
MSM8909W: All versions
MSM8917: All versions
MSM8920: All versions
MSM8937: All versions
MSM8940: All versions
MSM8953: All versions
SDM450: All versions
SM8150: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8053:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9205:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9206:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8909w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8917:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8920:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8937:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8940:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8953:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm450:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Improper Validation of Array Index
EUVDB-ID: #VU109318
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2019-10527
CWE-ID:
CWE-129 - Improper Validation of Array Index
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in Mproc. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8009: All versions
APQ8017: All versions
APQ8053: All versions
APQ8096AU: All versions
APQ8098: All versions
Bitra: All versions
IPQ6018: All versions
IPQ8074: All versions
Kamorta: All versions
MDM9150: All versions
MDM9205: All versions
MDM9206: All versions
MDM9207C: All versions
MDM9607: All versions
MDM9640: All versions
MDM9650: All versions
MSM8905: All versions
MSM8909: All versions
MSM8909W: All versions
MSM8917: All versions
MSM8920: All versions
MSM8937: All versions
MSM8940: All versions
MSM8953: All versions
MSM8996: All versions
MSM8996AU: All versions
MSM8998: All versions
Nicobar: All versions
QCA4531: All versions
QCA6574AU: All versions
QCA8081: All versions
QCM2150: All versions
QCN7605: All versions
QCN7606: All versions
QCS404: All versions
QCS405: All versions
QCS605: All versions
QCS610: All versions
QM215: All versions
Rennell: All versions
SA415M: All versions
SA515M: All versions
SA6155P: All versions
Saipan: All versions
SC7180: All versions
SC8180X: All versions
SDA660: All versions
SDA845: All versions
SDM429: All versions
SDM429W: All versions
SDM439: All versions
SDM450: All versions
SDM630: All versions
SDM632: All versions
SDM636: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SDX20: All versions
SDX24: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR1130: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8009:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8017:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8053:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8096au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:bitra:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:ipq6018:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:ipq8074:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9150:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9205:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9206:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9207c:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9607:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9640:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9650:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8905:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:msm8909:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8909w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8917:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8920:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8937:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8940:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8953:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996o:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca4531:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qca6574au:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca8081:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcm2150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcn7605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcn7606:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qm215:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa415m:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa515m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sa6155p:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:saipan:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm439:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm450:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm630:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm632:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm636:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx20:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx24:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Improper Access Control
EUVDB-ID: #VU109319
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2019-10596
CWE-ID:
CWE-284 - Improper Access Control
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in KERNEL. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsBitra: All versions
Nicobar: All versions
QCS605: All versions
QCS610: All versions
Rennell: All versions
SA6155P: All versions
Saipan: All versions
SC7180: All versions
SC8180X: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR1130: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:a:qualcomm:bitra:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sa6155p:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:saipan:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Integer overflow
EUVDB-ID: #VU109320
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2019-10615
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in Trusted Application. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsAPQ8009: All versions
APQ8017: All versions
APQ8053: All versions
APQ8096AU: All versions
APQ8098: All versions
Kamorta: All versions
MDM9150: All versions
MDM9205: All versions
MDM9206: All versions
MDM9607: All versions
MDM9650: All versions
MSM8905: All versions
MSM8909: All versions
MSM8909W: All versions
MSM8917: All versions
MSM8920: All versions
MSM8937: All versions
MSM8940: All versions
MSM8953: All versions
MSM8996: All versions
MSM8996AU: All versions
MSM8998: All versions
Nicobar: All versions
QCM2150: All versions
QCS404: All versions
QCS405: All versions
QCS605: All versions
QCS610: All versions
QM215: All versions
Rennell: All versions
SA415M: All versions
SA515M: All versions
SA6155P: All versions
SC7180: All versions
SC8180X: All versions
SDA660: All versions
SDA845: All versions
SDM429: All versions
SDM429W: All versions
SDM439: All versions
SDM450: All versions
SDM630: All versions
SDM632: All versions
SDM636: All versions
SDM660: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SDX24: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR1130: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:h:qualcomm:apq8009:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8017:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8053:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8096au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:apq8098:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:kamorta:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9150:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9205:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9206:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9607:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:mdm9650:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8905:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:msm8909:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8909w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8917:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8920:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8937:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8940:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8953:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996o:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8996au:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:msm8998:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcm2150:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qm215:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa415m:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa515m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sa6155p:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm429w:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm439:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm450:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm630:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm632:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm636:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm660:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx24:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
50) Buffer overflow
EUVDB-ID: #VU109321
Risk:
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:/VI:/VA:/SC:N/SI:N/SA:N/E:U/U:]
CVE-ID: CVE-2019-13992
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows #AV# #AU# to #BASIC_IMPACT#.
The vulnerability exists due to improper input validation in kernel. #AV# #AU# can #EXT_IMPACT#.
MitigationInstall security update from vendor's website.
Vulnerable software versionsBitra: All versions
IPQ6018: All versions
IPQ8074: All versions
MDM9205: All versions
Nicobar: All versions
QCA8081: All versions
QCN7605: All versions
QCS404: All versions
QCS405: All versions
QCS605: All versions
QCS610: All versions
Rennell: All versions
SA415M: All versions
SA6155P: All versions
Saipan: All versions
SC7180: All versions
SC8180X: All versions
SDA845: All versions
SDM670: All versions
SDM710: All versions
SDM845: All versions
SDM850: All versions
SDX20: All versions
SDX24: All versions
SDX55: All versions
SM6150: All versions
SM7150: All versions
SM8150: All versions
SM8250: All versions
SXR1130: All versions
SXR2130: All versions
CPE2.3- cpe:2.3:a:qualcomm:bitra:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:ipq6018:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:ipq8074:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:mdm9205:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:nicobar:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qca8081:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcn7605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs404:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs405:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:qcs605:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:qcs610:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:rennell:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sa415m:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sa6155p:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:saipan:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sc7180:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sc8180x:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sda845:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm670:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm710:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdm845:*:*:*:*:*:*:*:*
- cpe:2.3:a:qualcomm:sdm850:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx20:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx24:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sdx55:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm6150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm7150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8150:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sm8250:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr1130:*:*:*:*:*:*:*:*
- cpe:2.3:h:qualcomm:sxr2130:*:*:*:*:*:*:*:*
https://www.qualcomm.com/company/product-security/bulletins/august-2020-security-bulletin
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
