Qualcomm SD650 Firmware
Approved changes feed: RSS · Atom
cpe:2.3:o:qualcomm:sd650_firmware:-:*:*:*:*:*:*:*
part: o version: - update: *
| Vendor | Qualcomm (4194a0de-9926-556d-a143-7609c2315dd6) |
|---|---|
| Product | Sd650 Firmware (ed36b85e-325d-5f20-a648-fe24c6b32f30) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2018-5871 |
vulnerable | 2026-06-03 14:38:58.787079 |
Details available
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests (for privacy reasons) is not done properly due to a flawed RNG which produces repeating output much earlier than expected.
Published: 2018-09-20T13:00:00.000Z
Updated: 2024-08-05T05:47:55.965Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-11982 |
vulnerable | 2026-06-03 14:38:02.565749 |
Details available
In Snapdragon (Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 835, Snapdragon_High_Med_2016, a double free of ASN1 heap memory used for EUTRA CAP container occurs during UTRAN to LTE Capability inquiry procedure.
Published: 2018-09-20T13:00:00.000Z
Updated: 2024-08-05T08:24:03.377Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-11292 |
vulnerable | 2026-06-03 14:38:01.327149 |
Details available
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 820A, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, lack of input validation in WLANWMI command handlers can lead to integer & heap overflows.
Published: 2018-09-20T13:00:00.000Z
Updated: 2024-08-05T08:01:52.813Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-11291 |
vulnerable | 2026-06-03 14:38:01.325030 |
Details available
In Snapdragon (Automobile, Mobile, Wear) in version IPQ8074, MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA4531, QCA6174A, QCA6564, QCA6574, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, cryptographic issues due to the random number generator was not a strong one in NAN.
Published: 2018-09-20T13:00:00.000Z
Updated: 2024-08-05T08:01:52.821Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-11290 |
vulnerable | 2026-06-03 14:38:01.309068 |
Details available
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9640, MDM9650, MSM8996AU, QCA6574AU, QCA6584, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820A, SD 845, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, MAC address randomization performed during probe requests is not done properly due to a flawed RNG in use.
Published: 2018-09-20T13:00:00.000Z
Updated: 2024-08-05T08:01:52.881Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-11287 |
vulnerable | 2026-06-03 14:38:01.270462 |
Details available
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, Snapdragon_High_Med_2016, incorrect control flow implementation in Video while checking buffer sufficiency.
Published: 2018-09-20T13:00:00.000Z
Updated: 2024-08-05T08:01:52.972Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-11285 |
vulnerable | 2026-06-03 14:38:01.267724 |
Details available
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, while parsing FLAC file with corrupted picture block, a buffer over-read can occur.
Published: 2018-09-20T13:00:00.000Z
Updated: 2024-08-05T08:01:52.839Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-11277 |
vulnerable | 2026-06-03 14:38:01.237906 |
Details available
In Snapdragon (Automobile, Mobile, Wear) in version MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SDA660, the com.qualcomm.embms is a vendor package deployed in the system image which has an inadequate permission level and allows any application installed from Play Store to request this permission at install-time. The system application interfaces with the Radio Interface Layer leading to potential access control issue.
Published: 2018-09-20T13:00:00.000Z
Updated: 2024-08-05T08:01:52.986Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-11269 |
vulnerable | 2026-06-03 14:38:01.195915 |
Details available
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, a potential buffer overflow exists when parsing TFTP options.
Published: 2018-09-20T13:00:00.000Z
Updated: 2024-08-05T08:01:52.896Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-11268 |
vulnerable | 2026-06-03 14:38:01.181040 |
Details available
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDM710, SDX20, Snapdragon_High_Med_2016, a potential buffer overflow exists when parsing TFTP options.
Published: 2018-09-20T13:00:00.000Z
Updated: 2024-08-05T08:01:52.864Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2018-11267 |
vulnerable | 2026-06-03 14:38:01.162749 |
Details available
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9615, MDM9640, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SD 850, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, when sending an malformed XML data to deviceprogrammer/firehose it may do an out of bounds buffer write allowing a region of memory to be filled with 0x20.
Published: 2018-09-20T13:00:00.000Z
Updated: 2024-08-05T08:01:52.834Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18314 |
vulnerable | 2026-06-03 14:36:56.835275 |
Details available
In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, on TZ cold boot the CNOC_QDSS RG0 locked by xBL_SEC is cleared by TZ.
Published: 2018-09-20T13:00:00.000Z
Updated: 2024-08-05T21:20:50.354Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18302 |
vulnerable | 2026-06-03 14:36:56.781247 |
Details available
In Snapdragon (Automobile ,Mobile) in version MSM8996AU, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDA660, SDM429, SDM439, SDM630, SDM632, SDM636, SDM660, Snapdragon_High_Med_2016, a crafted HLOS client can modify the structure in memory passed to a QSEE application between the time of check and the time of use, resulting in arbitrary writes to TZ kernel memory regions.
Published: 2018-09-20T13:00:00.000Z
Updated: 2024-08-05T21:20:51.029Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18301 |
vulnerable | 2026-06-03 14:36:56.747785 |
Details available
In Small Cell SoC and Snapdragon (Automobile, Mobile, Wear) in version FSM9055, FSM9955, MDM9607, MDM9640, MDM9650, MSM8909W, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SD 845, SDM630, SDM636, SDM660, SDX20, Snapdragon_High_Med_2016, providing the NULL argument of ICE regulator while processing create key IOCTL results in system restart.
Published: 2018-09-20T13:00:00.000Z
Updated: 2024-08-05T21:20:51.126Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18282 |
vulnerable | 2026-06-03 14:36:56.718149 |
Details available
Non-secure SW can cause SDCC to generate secure bus accesses, which may expose RPM access in Snapdragon Mobile, Snapdragon Wear in version MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 835, SDA660.
Published: 2018-10-23T13:00:00.000Z
Updated: 2024-08-05T21:20:49.699Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2017-18280 |
vulnerable | 2026-06-03 14:36:56.708692 |
Details available
In Snapdragon (Automobile, Mobile, Wear) in version MDM9607, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 820, SD 820A, SD 835, SDM429, SDM439, SDM632, Snapdragon_High_Med_2016, when a Trusted Application has opened the SPI/I2C interface to a particular device, it is possible for another Trusted Application to read the data on this open interface by calling the SPI/I2C read function.
Published: 2018-09-20T13:00:00.000Z
Updated: 2024-08-05T21:13:49.271Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.