The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date |
|---|---|---|---|
| CVE-2018-12009 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-12008 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-12007 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-12006 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Users with no extra privileges can potentially access leaked data due to uninitialized padding present in display function. | Low | Feb 12, 2019 |
| CVE-2018-12005 | An unprivileged user can issue a binder call and cause a system halt in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 425, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150 | MEDIUM | May 29, 2019 |
| CVE-2018-12004 | Secure keypad is unlocked with secure display still intact in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 636, SD 712 / SD 710 / SD 670, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR1130 | MEDIUM | May 28, 2019 |
| CVE-2018-12003 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-12002 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-12001 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-12000 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-11999 | Improper input validation in trustzone can lead to denial of service in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM630, SDM660, SDX24 | Medium | Jan 24, 2019 |
| CVE-2018-11998 | While processing a packet decode request in MQTT, Race condition can occur leading to an out-of-bounds access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 427, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016 | High | Jan 24, 2019 |
| CVE-2018-11997 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-11996 | When a malformed command is sent to the device programmer, an out-of-bounds access can occur in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 600, SD 820, SD 820A, SD 835, SDA660, SDX20, SDX24. | HIGH | Nov 29, 2018 |
| CVE-2018-11995 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a partition name-check variable is not reset for every iteration which may cause improper termination in the META image. | HIGH | Nov 28, 2018 |
| CVE-2018-11994 | SMMU secure camera logic allows secure camera controllers to access HLOS memory during session in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDA845, SDX24, SXR1130. | HIGH | Nov 29, 2018 |
| CVE-2018-11993 | Improper check while accessing the local memory stack on MQTT connection request can lead to buffer overflow in snapdragon wear in versions MDM9206, MDM9607 | High | Jan 23, 2019 |
| CVE-2018-11992 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-11991 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-11990 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-11989 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-11988 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Un-trusted pointer de-reference issue by accessing a variable which is already freed. | MEDIUM | Dec 20, 2018 |
| CVE-2018-11987 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, if there is an unlikely memory alloc failure for the secure pool in boot, it can result in wrong pointer access causing kernel panic. | MEDIUM | Dec 20, 2018 |
| CVE-2018-11986 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in TX and RX FIFOs of microcontroller in camera subsystem used to exchange commands and messages between Micro FW and CPP driver. | MEDIUM | Dec 20, 2018 |
| CVE-2018-11985 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, When allocating heap using user supplied size, Possible heap overflow vulnerability due to integer overflow in roundup to native pointer. | MEDIUM | Dec 20, 2018 |
| CVE-2018-11984 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition and an out-of-bounds access can occur in the DIAG driver. | MEDIUM | Dec 20, 2018 |
| CVE-2018-11983 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Error in kernel observed while accessing freed mask pointers after reallocating memory for mask table. | MEDIUM | Dec 20, 2018 |
| CVE-2018-11982 | In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016, a double free of ASN1 heap memory used for EUTRA CAP container occurs during UTRAN to LTE Capability inquiry procedure. | HIGH | Sep 20, 2018 |
| CVE-2018-11980 | When a fake broadcast/multicast 11w rmf without mmie received, since no proper length check in wma_process_bip, buffer overflow will happen in both cds_is_mmie_valid and qdf_nbuf_trim_tail in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8937, MSM8996AU, MSM8998, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS605, SDM630, SDM636, SDM660, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130 | HIGH | Dec 22, 2019 |
| CVE-2018-11979 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-11978 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-11977 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-11976 | ECDSA signature code leaks private keys from secure world to non-secure world in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ8074, MDM9150, MDM9206, MDM9607, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 8CX, SDA660, SDM439, SDM630, SDM660, Snapdragon_High_Med_2016, SXR1130 | MEDIUM | May 29, 2019 |
| CVE-2018-11975 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-11974 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-11973 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-11972 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-11971 | Interrupt exit code flow may undermine access control policy set forth by secure world can lead to potential secure asset leakage in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 410/12, SD 615/16/SD 415, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR1130 | MEDIUM | Apr 7, 2019 |
| CVE-2018-11970 | TZ App dynamic allocations not protected from XBL loader in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in MDM9206, MDM9607, MDM9650, MDM9655, QCS605, SD 410/12, SD 636, SD 712 / SD 710 / SD 670, SD 845 / SD 850, SD 8CX, SDA660, SDM630, SDM660, SXR1130 | HIGH | Apr 7, 2019 |
| CVE-2018-11969 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
| CVE-2018-11968 | Improper check before assigning value can lead to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4020, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA8081, QCA9377, QCA9379, QCA9531, QCA9558, QCA9563, QCA9880, QCA9886, QCA9980, QCN5502, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 636, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM630, SDM660, SDX20, SDX24, SM7150, Snapdragon_High_Med_2016, SXR1130 | HIGH | May 29, 2019 |
| CVE-2018-11967 | Signature verification of the skel library could potentially be disabled as the memory region on the remote subsystem in which the library is loaded is allocated from userspace currently in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCS605, Qualcomm 215, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24 | HIGH | May 29, 2019 |
| CVE-2018-11966 | Undefined behavior in UE while processing unknown IEI in OTA message in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in MDM9150, MDM9206, MDM9607, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCS605, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SDA660, SDM439, SDM630, SDM660, SDX20, SM7150, Snapdragon_High_Med_2016, SXR1130 | HIGH | Apr 7, 2019 |
| CVE-2018-11965 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Anyone can execute proptrigger.sh which will lead to change in properties. | HIGH | Dec 20, 2018 |
| CVE-2018-11964 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Exposing the hashed content in /etc/passwd may lead to security issue. | HIGH | Dec 20, 2018 |
| CVE-2018-11963 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Buffer overread may occur due to non-null terminated strings while processing vsprintf in camera jpeg driver. | HIGH | Dec 21, 2018 |
| CVE-2018-11962 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Use-after-free issue in heap while loading audio effects config in audio effects factory. | High | Feb 12, 2019 |
| CVE-2018-11961 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possibility of accessing out of bound vector index When updating some GNSS configurations. | HIGH | Dec 21, 2018 |
| CVE-2018-11960 | In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition can occur in the SPS driver which can lead to error in kernel. | HIGH | Dec 21, 2018 |
| CVE-2018-11959 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none | -- | Nov 7, 2023 |
