Skip to main content
CVE-2014-9977 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in PlayReady DRM. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2014-9968 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-5872 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, arguments to several QTEE syscalls are not properly validated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-10391 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the length in an HCI command is not properly checked for validity. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-10388 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a configuration vulnerability exists when loading a 3rd-party QTEE application. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-10347 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a hypervisor function is not properly validated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-10346 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in the hypervisor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Buffer Overflow Google Integer Overflow Qualcomm +1
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-10343 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, sSL handshake failure with ClientHello rejection results in memory leak. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9071 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9070 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9069 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the Secure File System can become corrupted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9068 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a mink syscall is not properly validated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9067 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a potential compiler optimization of memset() is addressed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9061 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, playReady DRM failed to check a length potentially leading to unauthorized access to secure memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Authentication Bypass Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9060 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not properly validated in a QTEE system call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9055 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a memory management routine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9052 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached while processing a downlink message. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9051 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on a length in a System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9050 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists where an array out of bounds access can occur during a CA call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Buffer Overflow Google Qualcomm Information Disclosure +1
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9049 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of certain responses from the USIM. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9048 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of lost RTP packets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9046 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9045 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GERAN where a buffer can be overflown while taking power measurements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9044 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9039 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in eMBMS where an assertion can be reached by a sequence of downlink messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9037 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read may occur in the processing of a downlink 3G NAS message. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9036 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an incorrect length is used to clear a memory buffer resulting in adjacent memory getting corrupted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9035 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a memory buffer fails to be freed after it is no longer needed potentially resulting in memory exhaustion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-8596 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths is missing in malware protection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-8595 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in digital television/digital radio DRM. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2014-9980 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a Sample App failed to check a length potentially leading to unauthorized access to secure memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Buffer Overflow Google Qualcomm Authentication Bypass +1
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2014-9979 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a variable is uninitialized in a TrustZone system call potentially leading to the compromise of secure memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2014-9974 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths was missing in Keymaster. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2014-9973 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2014-9411 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-10382 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to the I2C bus is not sufficient. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Qualcomm Google Authentication Bypass Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9047 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GNSS when performing a scan after bootup. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Qualcomm Google Authentication Bypass Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9040 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in a GERAN API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Qualcomm Google Authentication Bypass Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-10344 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in LTE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Google Null Pointer Dereference Qualcomm +1
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9073 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Google Null Pointer Dereference Qualcomm +1
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9072 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Google Null Pointer Dereference Qualcomm +1
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-8592 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Buffer Overflow Google Null Pointer Dereference +2
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9054 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced during GAL decoding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Google Null Pointer Dereference Qualcomm +1
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9043 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced upon the expiry of a timer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Google Null Pointer Dereference Qualcomm +1
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9038 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Google Null Pointer Dereference Qualcomm +1
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2014-9969 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-0575 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2014-9975 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.0%
CVE-2017-9767 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Name or (2) Description parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Cloudshell
NVD Exploit-DB
CVSS 3.0
5.4
EPSS
0.3%
CVE-2017-12591 MEDIUM POC This Month

ASUS DSL-N10S V2.1.16_APAC devices have reflected and stored cross site scripting, as demonstrated by the snmpSysName parameter. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Dsl N10S Firmware
NVD
CVSS 3.0
5.4
EPSS
0.2%
Prev Page 2 of 4 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy