Wind River Support Network

HomeCVE Database

The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.

Reset
Showing
of 216078 entries
IDDescriptionPriorityModified date
CVE-2017-8266 In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver potentially leading to a use-after-free condition. Medium Aug 22, 2017
CVE-2017-8265 In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in a video driver which can lead to a double free. Medium Aug 22, 2017
CVE-2017-8264 A userspace process can cause a Denial of Service in the camera driver in all Qualcomm products with Android releases from CAF using the Linux kernel. Medium Aug 16, 2017
CVE-2017-8263 In all Qualcomm products with Android releases from CAF using the Linux kernel, a kernel fault can occur when doing certain operations on a read-only virtual address in userspace. High Aug 22, 2017
CVE-2017-8262 In all Qualcomm products with Android releases from CAF using the Linux kernel, in some memory allocation and free functions, a race condition can potentially occur leading to a Use After Free condition. High Aug 23, 2017
CVE-2017-8261 In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentially occur. Medium Aug 23, 2017
CVE-2017-8260 In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later. Medium Aug 23, 2017
CVE-2017-8259 In the service locator in all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow can occur as the variable set for determining the size of the buffer is not used to indicate the size of the buffer. Medium Aug 16, 2017
CVE-2017-8258 An array out-of-bounds access in all Qualcomm products with Android releases from CAF using the Linux kernel can potentially occur in a camera driver. Medium Aug 16, 2017
CVE-2017-8257 In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register reading with multiple processes, one process can free the debug buffer while another process still has the debug buffer in use. Medium Aug 23, 2017
CVE-2017-8256 In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends more than 16 multicast addresses. Medium Aug 23, 2017
CVE-2017-8255 In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot. High Aug 23, 2017
CVE-2017-8254 In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checked if it is valid. Medium Aug 23, 2017
CVE-2017-8253 In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel memory can potentially be overwritten if an invalid master is sent from userspace. High Aug 23, 2017
CVE-2017-8252 Kernel can inject faults in computations during the execution of TrustZone leading to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8074, MDM9150, MDM9206, MDM9607, MDM9615, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, MSM8996AU, QCA8081, QCS605, Qualcomm 215, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 675, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SD 855, SD 8CX, SDA660, SDM439, SDM630, SDM660, SDX20, SDX24, SM7150, Snapdragon_High_Med_2016, SXR1130 MEDIUM Jun 17, 2019
CVE-2017-8251 In all Qualcomm products with Android releases from CAF using the Linux kernel, in functions msm_isp_check_stream_cfg_cmd & msm_isp_stats_update_cgc_override, 'stream_cfg_cmd->num_streams' is not checked, and could overflow the array stream_cfg_cmd->stream_handle. MEDIUM Sep 21, 2017
CVE-2017-8250 In all Qualcomm products with Android releases from CAF using the Linux kernel, user controlled variables nr_cmds and nr_bos number are passed across functions without any check. An integer overflow to buffer overflow (with a smaller buffer allocated) may occur when they are too large or negative. MEDIUM Sep 21, 2017
CVE-2017-8249 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none -- Nov 7, 2023
CVE-2017-8248 A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation. HIGH Aug 17, 2017
CVE-2017-8247 In all Qualcomm products with Android releases from CAF using the Linux kernel, if there is more than one thread doing the device open operation, the device may be opened more than once. This would lead to get_pid being called more than once, however put_pid being called only once in function msm_close. MEDIUM Sep 21, 2017
CVE-2017-8246 In function msm_pcm_playback_close() in all Android releases from CAF using the Linux kernel, prtd is assigned substream->runtime->private_data. Later, prtd is freed. However, prtd is not sanitized and set to NULL, resulting in a dangling pointer. There are other functions that access the same memory (substream->runtime->private_data) with a NULL check, such as msm_pcm_volume_ctl_put(), which means this freed memory could be used. MEDIUM May 12, 2017
CVE-2017-8245 In all Android releases from CAF using the Linux kernel, while processing a voice SVC request which is nonstandard by specifying a payload size that will overflow its own declared size, an out of bounds memory copy occurs. MEDIUM May 12, 2017
CVE-2017-8244 In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable dbg_buf, dbg_buf->curr and dbg_buf->filled_size could be modified by different threads at the same time, but they are not protected with mutex or locks. Buffer overflow is possible on race conditions. buffer->curr itself could also be overwritten, which means that it may point to anywhere of kernel memory (for write). MEDIUM May 12, 2017
CVE-2017-8243 A buffer overflow can occur in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android when processing a firmware image file. High Aug 20, 2017
CVE-2017-8242 In all Android releases from CAF using the Linux kernel, a race condition exists in a QTEE driver potentially leading to an arbitrary memory write. Medium Jun 16, 2017
CVE-2017-8241 In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a WLAN function due to an incorrect message length. High Jun 16, 2017
CVE-2017-8240 In all Android releases from CAF using the Linux kernel, a kernel driver has an off-by-one buffer over-read vulnerability. High Jun 16, 2017
CVE-2017-8239 In all Android releases from CAF using the Linux kernel, userspace-controlled parameters for flash initialization are not sanitized potentially leading to exposure of kernel memory. Medium Jun 20, 2017
CVE-2017-8238 In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a camera function. High Jun 16, 2017
CVE-2017-8237 In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists while loading a firmware image. High Jun 16, 2017
CVE-2017-8236 In all Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an IPA driver. High Jun 16, 2017
CVE-2017-8235 In all Android releases from CAF using the Linux kernel, a memory structure in a camera driver is not properly protected. Medium Jun 20, 2017
CVE-2017-8234 In all Android releases from CAF using the Linux kernel, an out of bounds access can potentially occur in a camera function. High Jun 20, 2017
CVE-2017-8233 In a camera driver function in all Android releases from CAF using the Linux kernel, a bounds check is missing when writing into an array potentially leading to an out-of-bounds heap write. High Jun 20, 2017
CVE-2017-8232 Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none -- Nov 7, 2023
CVE-2017-8230 On Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices, the users on the device are divided into 2 groups \"admin\" and \"user\". However, as a part of security analysis it was identified that a low privileged user who belongs to the \"user\" group and who has access to login in to the web administrative interface of the device can add a new administrative user to the interface using HTTP APIs provided by the device and perform all the actions as an administrative user by using that account. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /usr folder. The binary \"sonia\" is the one that has the vulnerable functions that performs the various action described in HTTP APIs. If one opens this binary in IDA-pro one will notice that this follows a ARM little endian format. The function at address 0x00429084 in IDA pro is the one that processes the HTTP API request for \"addUser\" action. If one traces the calls to this function, it can be clearly seen that the function sub_ 41F38C at address 0x0041F588 parses the call received from the browser and passes it to the \"addUser\" function without any authorization check. MEDIUM Jul 11, 2019
CVE-2017-8229 Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices allow an unauthenticated attacker to download the administrative credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /usr folder. The binary \"sonia\" is the one that has the vulnerable function that sets up the default credentials on the device. If one opens this binary in IDA-pro one will notice that this follows a ARM little endian format. The function sub_436D6 in IDA pro is identified to be setting up the configuration for the device. If one scrolls to the address 0x000437C2 then one can see that /current_config is being set as an ALIAS for /mnt/mtd/Config folder on the device. If one TELNETs into the device and navigates to /mnt/mtd/Config folder, one can observe that it contains various files such as Account1, Account2, SHAACcount1, etc. This means that if one navigates to http://[IPofcamera]/current_config/Sha1Account1 then one should be able to view the content of the files. The security researchers assumed that this was only possible only after authentication to the device. However, when unauthenticated access tests were performed for the same URL as provided above, it was observed that the device file could be downloaded without any authentication. MEDIUM Jul 11, 2019
CVE-2017-8228 Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices mishandle reboots within the past two hours. Amcrest cloud services does not perform a thorough verification when allowing the user to add a new camera to the user\'s account to ensure that the user actually owns the camera other than knowing the serial number of the camera. This can allow an attacker who knows the serial number to easily add another user\'s camera to an attacker\'s cloud account and control it completely. This is possible in case of any camera that is currently not a part of an Amcrest cloud account or has been removed from the user\'s cloud account. Also, another requirement for a successful attack is that the user should have rebooted the camera in the last two hours. However, both of these conditions are very likely for new cameras that are sold over the Internet at many ecommerce websites or vendors that sell the Amcrest products. The successful attack results in an attacker being able to completely control the camera which includes being able to view and listen on what the camera can see, being able to change the motion detection settings and also be able to turn the camera off without the user being aware of it. Note: The same attack can be executed using the Amcrest Cloud mobile application. MEDIUM Jul 11, 2019
CVE-2017-8227 Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have a timeout policy to wait for 5 minutes in case 30 incorrect password attempts are detected using the Web and HTTP API interface provided by the device. However, if the same brute force attempt is performed using the ONVIF specification (which is supported by the same binary) then there is no account lockout or timeout executed. This can allow an attacker to circumvent the account protection mechanism and brute force the credentials. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /usr folder. The binary \"sonia\" is the one that has the vulnerable function that performs the credential check in the binary for the ONVIF specification. If one opens this binary in IDA-pro one will notice that this follows a ARM little endian format. The function at address 00671618 in IDA pro is parses the WSSE security token header. The sub_ 603D8 then performs the authentication check and if it is incorrect passes to the function sub_59F4C which prints the value \"Sender not authorized.\" MEDIUM Jul 11, 2019
CVE-2017-8226 Amcrest IPM-721S V2.420.AC00.16.R.20160909 devices have default credentials that are hardcoded in the firmware and can be extracted by anyone who reverses the firmware to identify them. If the firmware version V2.420.AC00.16.R 9/9/2016 is dissected using binwalk tool, one obtains a _user-x.squashfs.img.extracted archive which contains the filesystem set up on the device that many of the binaries in the /usr folder. The binary \"sonia\" is the one that has the vulnerable function that sets up the default credentials on the device. If one opens this binary in IDA-pro, one will notice that this follows a ARM little endian format. The function sub_3DB2FC in IDA pro is identified to be setting up the values at address 0x003DB5A6. The sub_5C057C then sets this value and adds it to the Configuration files in /mnt/mtd/Config/Account1 file. HIGH Jul 11, 2019
CVE-2017-8225 On Wireless IP Camera (P2P) WIFICAM devices, access to .ini files (containing credentials) is not correctly checked. An attacker can bypass authentication by providing an empty loginuse parameter and an empty loginpas parameter in the URI. HIGH May 5, 2017
CVE-2017-8224 Wireless IP Camera (P2P) WIFICAM devices have a backdoor root account that can be accessed with TELNET. HIGH May 5, 2017
CVE-2017-8223 On Wireless IP Camera (P2P) WIFICAM devices, an attacker can use the RTSP server on port 10554/tcp to watch the streaming without authentication via tcp/av0_1 or tcp/av0_0. MEDIUM May 5, 2017
CVE-2017-8222 Wireless IP Camera (P2P) WIFICAM devices have an Apple Production IOS Push Services private RSA key and certificate stored in /system/www/pem/ck.pem inside the firmware, which allows attackers to obtain sensitive information. MEDIUM May 5, 2017
CVE-2017-8221 Wireless IP Camera (P2P) WIFICAM devices rely on a cleartext UDP tunnel protocol (aka the Cloud feature) for communication between an Android application and a camera device, which allows remote attackers to obtain sensitive information by sniffing the network. MEDIUM May 5, 2017
CVE-2017-8220 TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow remote code execution with a single HTTP request by placing shell commands in a host= line within HTTP POST data. HIGH May 9, 2017
CVE-2017-8219 TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n allow DoSing the HTTP server via a crafted Cookie header to the /cgi/ansi URI. MEDIUM May 9, 2017
CVE-2017-8218 vsftpd on TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n has a backdoor admin account with the 1234 password, a backdoor guest account with the guest password, and a backdoor test account with the test password. HIGH May 9, 2017
CVE-2017-8217 TP-Link C2 and C20i devices through firmware 0.9.1 4.2 v0032.0 Build 160706 Rel.37961n have too permissive iptables rules, e.g., SNMP is not blocked on any interface. MEDIUM May 9, 2017
CVE-2017-8216 Warsaw Huawei Smart phones with software of versions earlier than Warsaw-AL00C00B180, versions earlier than Warsaw-TL10C01B180 have a permission control vulnerability. Due to improper authorization on specific processes, an attacker with the root privilege of a mobile Android system can exploit this vulnerability to obtain some information of the user. HIGH Nov 22, 2017
The 'Fixed Release' column is displayed if a single product version is selected from the filter. The fixed release is applicable in cases when the CVE has been addressed and fixed for that product version. Requires LTSS - customers must have active LTSS (Long Term Security Shield) Support to receive up-to-date information about vulnerabilities that may affect legacy software. Please contact your Wind River account team or see https://docs.windriver.com/bundle/Support_and_Maintenance_Supplemental_Terms_and_Conditions and https://support2.windriver.com/index.php?page=plc for more information.
Live chat
Online