CWE:
 

Topic
Date
Author
Med.
Solarwinds LEM 6.3.1 Management Shell Arbitrary File Read
25.04.2017
Matt Bergin
Med.
SAP MII 15.0 Directory Traversal
17.05.2016
Dmitry Chastuhin
Med.
Infoware MapSuite Path Traversal
04.06.2014
Christian


CVEMAP Search Results

CVE
Details
Description
2018-04-18
High
CVE-2015-9157

Vendor: Qualcomm
Software: Ipq4019 firmware
 

 
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810, in widevine_dash_cmd_handler(), rsp buffers are passed off to widevine commands. These rsp buffers have values in them, such as buffer lengths, that need to be validated to ensure that no buffer overflow/over-reads happen. However, rsp buffers are not always in locked memory, meaning a time-of-check, time-of-use issue can occur where we check that the value is valid, but then a race condition occurs where this memory is swapped out with a different, possibly out of range, value.

 
High
CVE-2016-10433

Vendor: Qualcomm
Software: Mdm9635m fir...
 

 
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 820, and SD 820A, TOCTOU vulnerability during SSD image decryption may cause memory corruption.

 
High
CVE-2016-10432

Vendor: Qualcomm
Software: Sd 410 firmware
 

 
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 820, and SD 820A, TOCTOU vulnerabilities may occur while sanitizing userspace values passed to tQSEE system call.

 
High
CVE-2016-10417

Vendor: Qualcomm
Software: Ipq4019 firmware
 

 
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, and SDX20, in QTEE, a TOCTOU vulnerability exists due to improper access control.

 
High
CVE-2016-10409

Vendor: Qualcomm
Software: Sd 425 firmware
 

 
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, SD 820A, and SD 835, TOCTOU vulnerability may occur while composing the RPMB request using HLOS controlled buffers.

 
High
CVE-2016-10435

Vendor: Qualcomm
Software: Mdm9206 firmware
 

 
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9625, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 820, and SD 820A, in some QTEE syscall handlers, a TOCTOU vulnerability exists.

 
2018-04-11
Low
CVE-2018-10016

Vendor: NASM
Software: Netwide asse...
 

 
Netwide Assembler (NASM) 2.14rc0 has a division-by-zero vulnerability in the expr5 function in asm/eval.c via a malformed input file.

 
2018-04-05
Medium
CVE-2015-9016

Vendor: Google
Software: Android
 

 
In blk_mq_tag_to_rq in blk-mq.c in the upstream kernel, there is a possible use after free due to a race condition when a request has been previously freed by blk_mq_complete_request. This could lead to local escalation of privilege. Product: Android. Versions: Android kernel. Android ID: A-63083046.

 
2018-04-04
Low
CVE-2018-9304

Vendor: Exiv2
Software: Exiv2
 

 
In Exiv2 0.26, a divide by zero in BigTiffImage::printIFD in bigtiffimage.cpp could result in denial of service.

 
2018-04-03
Medium
CVE-2018-0492

Vendor: Beep project
Software: BEEP
 

 
Johnathan Nightingale beep through 1.3.4, if setuid, has a race condition that allows local privilege escalation.

 

 


Copyright 2018, cxsecurity.com

 

Back to Top