CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In April 2018

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2014-3413 798 +Info 2018-04-05 2018-08-10
10.0
None Remote Low Not required Complete Complete Complete
The MySQL server in Juniper Networks Junos Space before 13.3R1.8 has an unspecified account with a hardcoded password, which allows remote attackers to obtain sensitive information and consequently obtain administrative control by leveraging database access.
2 CVE-2014-6120 77 Exec Code 2018-04-12 2018-05-11
10.0
None Remote Low Not required Complete Complete Complete
IBM Rational AppScan Source 8.0 through 8.0.0.2 and 8.5 through 8.5.0.1 and Security AppScan Source 8.6 through 8.6.0.2, 8.7 through 8.7.0.1, 8.8, 9.0 through 9.0.0.1, and 9.0.1 allow remote attackers to execute arbitrary commands on the installation server via unspecified vectors. IBM X-Force ID: 96721.
3 CVE-2014-8888 77 Exec Code 2018-04-12 2018-05-18
10.0
None Remote Low Not required Complete Complete Complete
The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an "HTTP command injection issue."
4 CVE-2014-9953 264 2018-04-04 2018-05-08
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714770.
5 CVE-2014-9954 264 2018-04-04 2018-05-08
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36388559.
6 CVE-2014-9955 264 2018-04-04 2018-05-08
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384686.
7 CVE-2014-9956 264 2018-04-04 2018-05-08
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36389611.
8 CVE-2014-9957 264 2018-04-04 2018-05-08
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36387564.
9 CVE-2014-9958 264 2018-04-04 2018-05-08
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384774.
10 CVE-2014-9959 264 2018-04-04 2018-05-08
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36383694.
11 CVE-2014-9985 388 Bypass 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, SD 400, and SD 800, TOCTOU condition may result in bypassing error condition checks, leading to undefined behavior.
12 CVE-2014-9987 119 Overflow 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, a buffer over-read can occur in a DRM API.
13 CVE-2014-9988 119 Overflow 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear SD 820A, IPQ4019, MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, SD 845, SD 450, and SD 850, lack of input validation for message length causes buffer over read in drm_app_encapsulate_save_keys.
14 CVE-2014-9989 129 2018-04-18 2018-05-11
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, and SD 450, if an incorrect endpoint number or direction is passed, an out of bounds array access may occur in the USB management module.
15 CVE-2014-9990 129 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, and SD 450, lack of input validation could lead to an out of bound array access.
16 CVE-2014-9991 119 Overflow 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 625, SD 650/52, SD 808, SD 810, and SD 450, if a client or host sends more than 16k bytes of USB mass storage transfer, a buffer overflow occurs.
17 CVE-2014-9993 119 Overflow 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 450, and SD 850, buffer overread vulnerability may occur while provisioning a content with a large message.
18 CVE-2014-9994 119 Overflow 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, lack of validation of input could cause a integer overflow that could subsequently lead to a buffer overflow.
19 CVE-2014-9995 119 Overflow 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, in drmprov_cmd_verify_key(), the variable feature_name_length is not validated. There is a check for feature_name_len + filePathLen but there might be an integer wrap when checking feature_name_len + filePathLen. This leads to a buffer overflow.
20 CVE-2014-9996 119 Overflow 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400 and SD 800, while verifying provisioning, a buffer overflow can occur.
21 CVE-2014-9997 119 Overflow 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 450, SD 625, SD 650/52, SD 808, and SD 810, lack of input validation in PRDiagMaintenanceHandler can leads to buffer over read.
22 CVE-2014-9998 119 Overflow 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9558, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 625, SD 808, SD 810, SD 820, and SDX20, while processing firmware image signature, the internal buffer may overflow if the firmware signature size is large.
23 CVE-2014-10039 19 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, SD 400, and SD 800, calling qsee_app_entry_return() without first calling qsee_app_entry() will cause the stack to be restored to an older state resulting in a return to an unexpected location.
24 CVE-2014-10045 119 Overflow 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 820, and SDX20, buffer overflow vulnerability exist in Sahara boot when program header are parsing.
25 CVE-2014-10046 416 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, and SD 810, use after free vulnerability when the PDN throttle info block is freed without clearing the corresponding active timer.
26 CVE-2014-10048 129 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, and SDX20, while setting the offsets, time-services allows the user to set bases greater than valid base value which will lead to array index out-of-bound.
27 CVE-2014-10050 284 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MSM8996, MSM8939, MSM8976, MSM8917, SDM845, and SDM660, access control collision vulnerability when accessing the replay protected memory block.
28 CVE-2014-10051 20 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SDX20, after loading a dynamically loaded code section, I-Cache is not invalidated, which could lead to executing code from stale cache lines.
29 CVE-2014-10052 119 Overflow 2018-04-18 2018-05-10
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 810, SD 835, and SDX20, the reserved memory of TZ subsystem (like TZ apps and some PIL image subsystem) is not cleared after being used.
30 CVE-2014-10053 284 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, data access is not properly validated in the Widevine secure application.
31 CVE-2014-10054 264 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, MSM8909W, QCA6174A, QCA6574AU, QCA9377, QCA9379, SD 210/SD 212/SD 205, SD 400, SD 450, SD 410/12, SD 425, SD 430, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SDX20, lack of input validation on BT HCI commands processing allows privilege escalation.
32 CVE-2014-10056 119 Overflow 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, A buffer overflow can potentially occur in any OpenCL application that calls clBuildProgram() with a device of type CL_DEVICE_TYPE_CPU in its device_list argument.
33 CVE-2014-10057 264 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 425, SD 430, SD 435, SD 617, SD 625, and Snapdragon_High_Med_2016, binary Calibration files under data/misc/audio have 777 permissions.
34 CVE-2014-10059 284 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, SD 210/SD 212/SD 205, SD 400, and SD 800, improper access control on ATCMD service allows third party services to access without user knowledge.
35 CVE-2015-9008 264 2018-04-04 2018-05-08
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384689.
36 CVE-2015-9009 264 2018-04-04 2018-05-08
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393600.
37 CVE-2015-9010 264 2018-04-04 2018-05-08
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393101.
38 CVE-2015-9011 264 2018-04-04 2018-05-08
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36714882.
39 CVE-2015-9012 264 2018-04-04 2018-05-08
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36384691.
40 CVE-2015-9013 264 2018-04-04 2018-05-08
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393251.
41 CVE-2015-9014 264 2018-04-04 2018-05-08
10.0
None Remote Low Not required Complete Complete Complete
An elevation of privilege vulnerability in Qualcomm closed source components. Product: Android. Versions: Android kernel. Android ID: A-36393750.
42 CVE-2015-9108 20 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, no address argument validation performed on calls to a QSEE syscall may lead to arbitrary read/write or NULL Pointer exception when calling a downstream function.
43 CVE-2015-9109 476 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, lack of address argument validation inqsee_fuse_write could lead to untrusted pointer dereference.
44 CVE-2015-9110 20 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, no address argument validation is performed on calls to the qsee_get_secure_state syscall.
45 CVE-2015-9111 476 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, in a QTEE syscall handler, an untrusted pointer dereference can occur.
46 CVE-2015-9112 119 Overflow 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 400, SD 800, SD 820, and SD 820A, lack of input validation in QSEE can cause potential buffer overflow.
47 CVE-2015-9113 476 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 810, SD 820, and SD 820A, untrusted pointer dereference in QSEE Syscall without proper validation can lead to access of blacklisted memory.
48 CVE-2015-9114 476 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 820, and SD 820A, lack of address argument validation in qsee_query_counter syscall could lead to untrusted pointer dereference.
49 CVE-2015-9115 20 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, and SD 820A, no address argument validation is performed on calls to the qsee_prng_getdata syscall.
50 CVE-2015-9116 20 2018-04-18 2018-05-09
10.0
None Remote Low Not required Complete Complete Complete
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430, SD 450, SD 625, SD 650/52, SD 810, SD 820, and SD 820A, in a QTEE syscall handler, an untrusted pointer dereference can occur.
Total number of vulnerabilities : 1672   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.