diff --git a/2017/18xxx/CVE-2017-18160.json b/2017/18xxx/CVE-2017-18160.json index 77affd93437..43938c32651 100644 --- a/2017/18xxx/CVE-2017-18160.json +++ b/2017/18xxx/CVE-2017-18160.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2017-18160", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 835, SD 845, SD 850" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "AGPS session failure in GNSS module due to cyphersuites are hardcoded and needed manual update everytime in snapdragon mobile and snapdragon wear in versions MDM9635M, MDM9645, MDM9650, MDM9655, MSM8909W, SD 835, SD 845, SD 850" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Cryptographic Issues in GPS" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } + diff --git a/2017/18xxx/CVE-2017-18331.json b/2017/18xxx/CVE-2017-18331.json index ee78233b7c0..f259a502126 100644 --- a/2017/18xxx/CVE-2017-18331.json +++ b/2017/18xxx/CVE-2017-18331.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2017-18331", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Improper access control on secure display buffers in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 820, SD 820A, SD 835, SDA660" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Improper Access Control on Access Control Module" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } + diff --git a/2017/18xxx/CVE-2017-18332.json b/2017/18xxx/CVE-2017-18332.json index a4deb79c5b1..d369e2233b9 100644 --- a/2017/18xxx/CVE-2017-18332.json +++ b/2017/18xxx/CVE-2017-18332.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2017-18332", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Security keys are logged when any WCDMA call is configured or reconfigured in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Information Exposure in WCDMA" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } + diff --git a/2017/8xxx/CVE-2017-8276.json b/2017/8xxx/CVE-2017-8276.json index 09803ebdc82..018424e141a 100644 --- a/2017/8xxx/CVE-2017-8276.json +++ b/2017/8xxx/CVE-2017-8276.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2017-8276", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Improper authorization involving a fuse in TrustZone in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 632, SD 636, SD 650/52, SD 810, SD 820, SD 820A, SD 835, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016." + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Improper Authorization in TrustZone" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } + diff --git a/2018/11xxx/CVE-2018-11279.json b/2018/11xxx/CVE-2018-11279.json index 373314fc67d..5d081a28b30 100644 --- a/2018/11xxx/CVE-2018-11279.json +++ b/2018/11xxx/CVE-2018-11279.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-11279", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 810, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Lack of check of input size can make device memory get corrupted because of buffer overflow in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 615/16/SD 415, SD 625, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 810, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX20, Snapdragon_High_Med_2016, SXR1130" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Buffer Copy Without Checking Size of Input in Modem" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } + diff --git a/2018/11xxx/CVE-2018-11284.json b/2018/11xxx/CVE-2018-11284.json index 21f3dc777d5..6df48423579 100644 --- a/2018/11xxx/CVE-2018-11284.json +++ b/2018/11xxx/CVE-2018-11284.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-11284", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 636, SDA660, SDM630, SDM660, SDX20" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Spoofed SMS can be used to send a large number of messages to the device which will in turn initiate a flood of registration updates with the server in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, SD 210/SD 212/SD 205, SD 625, SD 636, SDA660, SDM630, SDM660, SDX20" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Improper Authorization in Data" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } + diff --git a/2018/11xxx/CVE-2018-11288.json b/2018/11xxx/CVE-2018-11288.json index 5f4b884dc6f..fc4a6cccaed 100644 --- a/2018/11xxx/CVE-2018-11288.json +++ b/2018/11xxx/CVE-2018-11288.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-11288", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDX24, SXR1130" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Possible undefined behavior due to lack of size check in function for parameter segment_idx can lead to a read outside of the intended region in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDX24, SXR1130" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Improper Validation of Array Index in Core" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } + diff --git a/2018/11xxx/CVE-2018-11993.json b/2018/11xxx/CVE-2018-11993.json index 2d01162adc7..f0d757d662e 100644 --- a/2018/11xxx/CVE-2018-11993.json +++ b/2018/11xxx/CVE-2018-11993.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-11993", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "MDM9206, MDM9607" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Improper check while accessing the local memory stack on MQTT connection request can lead to buffer overflow in snapdragon wear in versions MDM9206, MDM9607" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Stack-based Buffer Overflow in HLOS Data" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } + diff --git a/2018/11xxx/CVE-2018-11998.json b/2018/11xxx/CVE-2018-11998.json index 6fbafbcaf9f..ba5b0c68bb9 100644 --- a/2018/11xxx/CVE-2018-11998.json +++ b/2018/11xxx/CVE-2018-11998.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-11998", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 427, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "While processing a packet decode request in MQTT, Race condition can occur leading to an out-of-bounds access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 427, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660, Snapdragon_High_Med_2016" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Time-of-check Time-of-use (TOCTOU) Race Condition in HLOS Data" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } + diff --git a/2018/11xxx/CVE-2018-11999.json b/2018/11xxx/CVE-2018-11999.json index a39ea959612..e918ddb926a 100644 --- a/2018/11xxx/CVE-2018-11999.json +++ b/2018/11xxx/CVE-2018-11999.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-11999", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM630, SDM660, SDX24" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Improper input validation in trustzone can lead to denial of service in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 636, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM630, SDM660, SDX24" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Improper Input Validation in TrustZone" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } + diff --git a/2018/3xxx/CVE-2018-3595.json b/2018/3xxx/CVE-2018-3595.json index 39f17ae80d1..efcd980c6a7 100644 --- a/2018/3xxx/CVE-2018-3595.json +++ b/2018/3xxx/CVE-2018-3595.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-3595", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX24, SXR1130" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Anti-rollback can be bypassed in replay scenario during app loading due to improper error handling of RPMB writes in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9650, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX24, SXR1130" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Detection of Error Condition Without Action in TrustZone" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } diff --git a/2018/5xxx/CVE-2018-5867.json b/2018/5xxx/CVE-2018-5867.json index 5d6457b7686..dd2c499819b 100644 --- a/2018/5xxx/CVE-2018-5867.json +++ b/2018/5xxx/CVE-2018-5867.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-5867", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016, SXR1130" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Lack of checking input size can lead to buffer overflow In WideVine in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9635M, MDM9650, MDM9655, MSM8996AU, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 439 / SD 429, SD 450, SD 625, SD 632, SD 636, SD 650/52, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDM439, SDM630, SDM660, SDX24, Snapdragon_High_Med_2016, SXR1130" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Buffer Copy without Checking Size of Input in TrustZone" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } + diff --git a/2018/5xxx/CVE-2018-5868.json b/2018/5xxx/CVE-2018-5868.json index 81f2f9c9ae4..8b81bf5c33a 100644 --- a/2018/5xxx/CVE-2018-5868.json +++ b/2018/5xxx/CVE-2018-5868.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-5868", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Automobile, Snapdragon Mobile", + "version" : { + "version_data" : [ + { + "version_value" : "MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX24, SXR1130" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Lack of checking input size can lead to buffer overflow In WideVine in snapdragon automobile and snapdragon mobile in versions MSM8996AU, SD 425, SD 430, SD 450, SD 625, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX24, SXR1130" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Buffer Copy without Checking Size of Input in TrustZone." + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } + diff --git a/2018/5xxx/CVE-2018-5869.json b/2018/5xxx/CVE-2018-5869.json index e0ad0eec738..8e88d4f905e 100644 --- a/2018/5xxx/CVE-2018-5869.json +++ b/2018/5xxx/CVE-2018-5869.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-5869", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Mobile,Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 800, SD 810" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,7 +34,28 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Improper input validation in the QTEE keymaster app can lead to invalid memory access in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 615/16/SD 415, SD 800, SD 810" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Improper Input Validation in TrustZone" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } diff --git a/2018/5xxx/CVE-2018-5879.json b/2018/5xxx/CVE-2018-5879.json index e63ffcac10e..a683be04e8a 100644 --- a/2018/5xxx/CVE-2018-5879.json +++ b/2018/5xxx/CVE-2018-5879.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-5879", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Improper length check while processing an MQTT message can lead to heap overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Improper Restriction of Operations within the Bounds of a Memory Buffer in Data" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } + diff --git a/2018/5xxx/CVE-2018-5880.json b/2018/5xxx/CVE-2018-5880.json index 8ea58bb0c01..ac520e6eacc 100644 --- a/2018/5xxx/CVE-2018-5880.json +++ b/2018/5xxx/CVE-2018-5880.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-5880", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Improper data length check while processing an event report indication can lead to a buffer overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Improper Restriction of Operations within the Bounds of a Memory Buffer in Data" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } + diff --git a/2018/5xxx/CVE-2018-5881.json b/2018/5xxx/CVE-2018-5881.json index 1723ad32c88..cd6268406fa 100644 --- a/2018/5xxx/CVE-2018-5881.json +++ b/2018/5xxx/CVE-2018-5881.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-5881", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Improper validation of buffer length checks in the lwm2m device management protocol can leads to a buffer overflow in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 636, SD 835, SDA660, SDM630, SDM660" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Improper Restriction of Operations within the Bounds of a Memory Buffer in Data" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } + diff --git a/2018/5xxx/CVE-2018-5915.json b/2018/5xxx/CVE-2018-5915.json index 1fbc68e3728..a83968c53a5 100644 --- a/2018/5xxx/CVE-2018-5915.json +++ b/2018/5xxx/CVE-2018-5915.json @@ -1,8 +1,31 @@ { "CVE_data_meta" : { - "ASSIGNER" : "cve@mitre.org", + "ASSIGNER" : "product-security@qualcomm.com", "ID" : "CVE-2018-5915", - "STATE" : "RESERVED" + "STATE" : "PUBLIC" + }, + "affects" : { + "vendor" : { + "vendor_data" : [ + { + "product" : { + "product_data" : [ + { + "product_name" : "Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear", + "version" : { + "version_data" : [ + { + "version_value" : "MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130" + } + ] + } + } + ] + }, + "vendor_name" : "Qualcomm, Inc." + } + ] + } }, "data_format" : "MITRE", "data_type" : "CVE", @@ -11,8 +34,30 @@ "description_data" : [ { "lang" : "eng", - "value" : "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided." + "value" : "Exception in Modem IP stack while processing IPv6 packet in snapdragon automobile, snapdragon mobile and snapdragon wear in versions MDM9607, MDM9640, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 430, SD 712 / SD 710 / SD 670, SD 820, SD 820A, SD 835, SD 845 / SD 850, SDA660, SDX20, SXR1130" + } + ] + }, + "problemtype" : { + "problemtype_data" : [ + { + "description" : [ + { + "lang" : "eng", + "value" : "Reachable Assertion in MODEM IP Stack" + } + ] + } + ] + }, + "references" : { + "reference_data" : [ + { + "name" : "https://www.qualcomm.com/company/product-security/bulletins", + "refsource" : "CONFIRM", + "url" : "https://www.qualcomm.com/company/product-security/bulletins" } ] } } +