CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Qualcomm : Security Vulnerabilities (Gain Privilege)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-6123 20 +Priv 2014-01-13 2014-01-27
6.9
None Local Medium Not required Complete Complete Complete
Multiple array index errors in drivers/media/video/msm/server/msm_cam_server.c in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges by leveraging camera device-node access, related to the (1) msm_ctrl_cmd_done, (2) msm_ioctl_server, and (3) msm_server_send_ctrl functions.
2 CVE-2013-4740 362 DoS +Priv Mem. Corr. 2013-11-12 2013-11-14
6.9
None Local Medium Not required Complete Complete Complete
goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, relies on user-space length values for kernel-memory copies of procfs file content, which allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that provides crafted values.
3 CVE-2013-4738 119 Overflow +Priv 2014-02-02 2014-02-21
7.2
None Local Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges via (1) a crafted VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c, or (2) a crafted VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c.
4 CVE-2013-2596 189 Overflow +Priv 2013-04-12 2013-10-10
6.9
Admin Local Medium Not required Complete Complete Complete
Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.
5 CVE-2005-3098 +Priv 2005-09-28 2008-09-05
4.6
User Local Low Not required Partial Partial Partial
poppassd in Qualcomm qpopper 4.0.8 allows local users to modify arbitrary files and gain privileges via the -t (trace file) command line argument.
6 CVE-2001-1046 Overflow +Priv 2001-06-02 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 allows remote attackers gain privileges via a long username.
7 CVE-2000-0442 +Priv 2000-05-24 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Qpopper 2.53 and earlier allows local users to gain privileges via a formatting string in the From: header, which is processed by the euidl command.
8 CVE-2000-0096 Overflow +Priv 2000-01-26 2008-09-10
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in qpopper 3.0 beta versions allows local users to gain privileges via a long LIST command.
Total number of vulnerabilities : 8   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.