CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 8 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3651 CVE-2016-10583 310 Exec Code 2018-06-01 2019-10-03
9.3
None Remote Medium Not required Complete Complete Complete
closure-utils is Utilities for Closure Library based projects. closure-utils downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3652 CVE-2016-10582 310 Exec Code 2018-06-01 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
closurecompiler is a Closure Compiler for node.js. closurecompiler downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3653 CVE-2016-10581 310 Exec Code 2018-06-01 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Steroids is PhoneGap on Steroids, providing native UI elements, multiple WebViews and enhancements for better developer productivity. steroids downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested tarball with an attacker controlled tarball if the attacker is on the network or positioned in between the user and the remote server.
3654 CVE-2016-10580 310 Exec Code 2018-06-01 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
nodewebkit is an installer for node-webkit. nodewebkit downloads zipped resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested zip file with an attacker controlled zip file if the attacker is on the network or positioned in between the user and the remote server.
3655 CVE-2016-10576 310 Exec Code 2018-06-01 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Fuseki server wrapper and management API in fuseki before 1.0.1 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested resources with an attacker controlled copy if the attacker is on the network or positioned in between the user and the remote server.
3656 CVE-2016-10575 310 Exec Code 2018-06-01 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Kindlegen is a simple Node.js wrapper of the official kindlegen program. Kindlegen versions before 1.1.0 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3657 CVE-2016-10574 310 Exec Code 2018-06-01 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
apk-parser3 is a module to extract Android Manifest info from an APK file. apk-parser3 versions before 0.1.3 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3658 CVE-2016-10573 310 Exec Code 2018-05-29 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
baryton-saxophone is a module to install and launch Selenium Server for Mac, Linux and Windows. baryton-saxophone versions below 3.0.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3659 CVE-2016-10572 310 Exec Code 2018-05-31 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
mongodb-instance before 0.0.3 installs mongodb locally. mongodb-instance downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3660 CVE-2016-10571 310 Exec Code 2018-05-31 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
bkjs-wand is imagemagick wand support for node.js and backendjs bkjs-wand versions lower than 0.3.2 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3661 CVE-2016-10570 310 Exec Code 2018-05-29 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
pngcrush-installer is an installer for Pngcrush. pngcrush-installer versions below 1.8.10 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3662 CVE-2016-10569 310 Exec Code 2018-05-31 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
embedza is a module to create HTML snippets/embeds from URLs using info from oEmbed, Open Graph, meta tags. embedza versions below 1.2.4 download JavaScript resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server.
3663 CVE-2016-10567 310 Exec Code 2018-05-29 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
product-monitor is a HTML/JavaScript template for monitoring a product by encouraging product developers to gather all the information about the status of a product, including live monitoring, statistics, endpoints, and test results into one place. product-monitor versions below 2.2.5 download JavaScript resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested JavaScript file with an attacker controlled JavaScript file if the attacker is on the network or positioned in between the user and the remote server.
3664 CVE-2016-10566 310 Exec Code 2018-05-29 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
install-nw is a module which quickly and robustly installs and caches NW.js. install-nw versions below 1.1.5 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3665 CVE-2016-10562 310 Exec Code 2018-05-31 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
iedriver is an NPM wrapper for Selenium IEDriver. iedriver versions below 3.0.0 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3666 CVE-2016-10560 310 Exec Code 2018-05-31 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
galenframework-cli is the node wrapper for the Galen Framework. galenframework-cli below 2.3.1 download binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3667 CVE-2016-10559 310 Exec Code 2018-05-29 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
selenium-download downloads the latest versions of the selenium standalone server and the chromedriver. selenium-download before 2.0.7 downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3668 CVE-2016-10558 310 Exec Code 2018-05-29 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
aerospike is an Aerospike add-on module for Node.js. aerospike versions below 2.4.2 download binary resources over HTTP, which leaves the module vulnerable to MITM attacks. It may be possible to cause remote code execution (RCE) by swapping out the requested binary with an attacker controlled binary if the attacker is on the network or positioned in between the user and the remote server.
3669 CVE-2016-10546 94 Exec Code 2018-05-31 2019-10-09
10.0
None Remote Low Not required Complete Complete Complete
An arbitrary code injection vector was found in PouchDB 6.0.4 and lesser via the map/reduce functions used in PouchDB temporary views and design documents. The code execution engine for this branch is not properly sandboxed and may be used to run arbitrary JavaScript as well as system commands.
3670 CVE-2016-10532 287 Exec Code Bypass 2018-05-31 2018-07-20
10.0
None Remote Low Not required Complete Complete Complete
console-io is a module that allows users to implement a web console in their application. A malicious user could bypass the authentication and execute any command that the user who is running the console-io application 2.2.13 and earlier is able to run. This means that if console-io was running from root, the attacker would have full access to the system. This vulnerability exists because the console-io application does not configure socket.io to require authentication, which allows a malicious user to connect via a websocket to send commands and receive the response.
3671 CVE-2016-10512 255 2017-09-29 2017-10-11
10.0
None Remote Low Not required Complete Complete Complete
MultiTech FaxFinder before 4.1.2 stores Passwords unencrypted for maintaining the test connectivity function of its LDAP configuration. These credentials are retrieved by the system when the LDAP configuration page is opened and are embedded directly into the HTML source code in cleartext.
3672 CVE-2016-10502 190 Overflow 2018-12-10 2019-01-03
10.0
None Remote Low Not required Complete Complete Complete
While generating trusted application id, An integer overflow can occur giving the trusted application an invalid identity in Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 835 and SDA660.
3673 CVE-2016-10501 20 2018-04-18 2018-04-23
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, MDM9206, MDM9607, MDM9635M, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, and SD 835, improper input validation can occur while parsing an image.
3674 CVE-2016-10498 74 2018-04-18 2018-04-24
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, MDM9645, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, stopping of the DTR prematurely causes micro kernel to be stuck. This can be triggered with a timing change injectable in RACH procedure.
3675 CVE-2016-10496 476 2018-04-18 2018-05-01
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, SD 210/SD 212/SD 205, SD 410/12, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, and SD 810, A NULL pointer dereference can occur during an SSL handshake.
3676 CVE-2016-10495 118 2018-04-18 2018-04-24
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, made changes to map the scan type value to an index value that is in range.
3677 CVE-2016-10494 190 Overflow 2018-04-18 2018-04-24
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, integer overflow may lead to buffer overflows in IPC router Root-PD driver.
3678 CVE-2016-10493 119 Overflow Mem. Corr. 2018-04-18 2018-05-01
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, NPA routines on the rootPD that handle resource requests remoted over QDI may not validate pointers passed from user space which may result in guest OS memory corruption.
3679 CVE-2016-10491 190 Overflow 2018-04-18 2018-05-02
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, an integer overflow leading to buffer overflow can occur in a QuRT API function.
3680 CVE-2016-10490 189 Overflow 2018-04-18 2018-04-24
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, if a negative value is passed as argument "max" to qurt_qdi_state_local_new_handle_from_obj, an buffer overflow occurs, due to typecasting the signed integer to unsigned.
3681 CVE-2016-10489 476 2018-04-18 2018-04-24
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400, lack of address argument validation in qsee_get_tz_app_name() may lead to an untrusted pointer dereference.
3682 CVE-2016-10487 476 2018-04-18 2018-05-01
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, in a QuRT API function, an untrusted pointer dereference can occur.
3683 CVE-2016-10486 119 Overflow 2018-04-18 2018-05-01
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9640, MDM9645, SD 210/SD 212/SD 205, SD 450, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, and SD 820A, PD failure reason string from user PD is used directly in root PD, so if the buffer parameter is non-NULL terminated in Diag F3 APIs, a buffer overread occurs.
3684 CVE-2016-10485 119 Overflow 2018-04-18 2018-05-02
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 810, and SDX20, lack of proper bounds checking may lead to a buffer overflow.
3685 CVE-2016-10484 119 Overflow 2018-04-18 2018-05-01
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, and SDX20, if a RPMB listener is registered with a very small buffer size, the calculation of the maximum transfer size for read and write operations may underflow, resulting in buffer overflow.
3686 CVE-2016-10482 20 2018-04-18 2018-05-02
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, while processing downlink information, an assert can be reached.
3687 CVE-2016-10481 17 2018-04-18 2018-05-02
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 210/SD 212/SD 205, SD 425, SD 600, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, if WLAN FW receives the WMI_STA_SMPS_PARAM_CMDID ioctl in not-associated state, when the virtual channel handle is not assigned, the code doesn't check for NULL virtual channel handle, so an assert occurs.
3688 CVE-2016-10480 190 Overflow Mem. Corr. 2018-04-18 2018-05-02
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, possible memory corruption due to invalid integer overflow checks in exif parsing.
3689 CVE-2016-10479 787 2018-04-18 2018-05-01
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9607, MDM9615, MDM9635M, MDM9640, SD 210/SD 212/SD 205, SD 400, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 810, and SD 820, an arbitrary length value from an incoming message to QMI Proxy can lead to an out-of-bounds write in the stack variable message.
3690 CVE-2016-10478 190 Overflow 2018-04-18 2018-05-01
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 617, incorrect size calculation in QCRIL SCWS processing have Integer overflow which will lead to a buffer overflow.
3691 CVE-2016-10477 119 Overflow 2018-04-18 2018-05-01
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, and SD 820, while processing smart card requests, a buffer overflow can occur.
3692 CVE-2016-10476 119 Overflow 2018-04-18 2018-05-02
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, missing array index checks on app index in function qcril_uim_clear_encrypted_pin results in accessing addresses outside the bounds of the buffer when app index is too large.
3693 CVE-2016-10475 190 Overflow 2018-04-18 2018-05-01
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, and SD 820, lack input validation may lead to a integer overflow that could potentially lead to a buffer overflow.
3694 CVE-2016-10474 119 Overflow 2018-04-18 2018-05-01
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, if the buffer length passed to the RIL interface is too large, the buffer size calculation may overflow, resulting in an undersize allocation for the buffer, and subsequently buffer overwrite.
3695 CVE-2016-10473 119 Overflow 2018-04-18 2018-05-02
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, in a supplementary services function, a buffer overflow can occur.
3696 CVE-2016-10472 284 2018-04-18 2018-05-02
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, address and size passed to SCM command 'TZ_INFO_GET_SECURE_STATE_LEGACY_ID' from HLOS Kernel were not being checked, so access outside DDR would occur.
3697 CVE-2016-10471 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, an unsigned RTIC health report susceptible to tampering by malware executing in the context of the HLOS may be requested.
3698 CVE-2016-10467 320 2018-04-18 2018-05-01
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 820, and SD 820A, function ce_pkcs1_pss_padding_verify_auto_recover_saltlen assumes that the size of the encoded message is equal to the size of the RSA modulus. This assumption is true for most RSA keys, but it fails when modulus_bitlen % 8 == 1.
3699 CVE-2016-10466 388 2018-04-18 2018-05-02
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, during SSL handshake, if RNG function (crypto API) returns error, SSL uses hard-coded random value.
3700 CVE-2016-10462 284 2018-04-18 2018-05-01
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, the Access Control policy for HLOS allows access to Slimbus, GPU, GIC resources.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.