The Origin Is No More

Over the last 15 years, there's been a paradigm shift. Long gone are the days when you built and managed your own data center, were responsible for the physical hardware and the management overhead, and endured the high capital investment of the build and maintenance. As soon as central cloud...

Huawei EulerOS: Security Advisory for libexif (EulerOS-SA-2020-2356)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP2 : libexif (EulerOS-SA-2020-2356)

According to the versions of the libexif package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and...

CVE-2020-3704

u'While processing invalid connection request PDU which is nonstandard interval or timeout is 0 from central device may lead peripheral system enter into dead lock state.This CVE is equivalent to InvalidConnectionRequestCVE-2019-19193 mentioned in sweyntooth paper' in Snapdragon Auto, Snapdragon...

CVE-2020-3703

u'Buffer over-read issue in Bluetooth peripheral firmware due to lack of check for invalid opcode and length of opcode received from central deviceThis CVE is equivalent to Link Layer Length Overfow issue CVE-2019-16336,CVE-2019-17519 and Silent Length Overflow issueCVE-2019-17518 mentioned in...

CVE-2020-3684

u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applies them without validation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...

CVE-2020-3693

u'Use out of range pointer issue can occur due to incorrect buffer range check during the execution of qseecom.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017,...

CVE-2020-11174

u'Array index underflow issue in adsp driver due to improper check of channel id before used as array index.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables,...

CVE-2020-11162

u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,...

CVE-2020-11169

u'Buffer over-read while processing received L2CAP packet due to lack of integer overflow check' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &...

Out-of-bounds

u'Out of bound memory access while processing GATT data received due to lack of check of pdu data length and leads to remote code execution' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industria...

Design/Logic Flaw

u'Array index underflow issue in adsp driver due to improper check of channel id before used as array index.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables,...

CVE-2020-3703

u'Buffer over-read issue in Bluetooth peripheral firmware due to lack of check for invalid opcode and length of opcode received from central deviceThis CVE is equivalent to Link Layer Length Overfow issue CVE-2019-16336,CVE-2019-17519 and Silent Length Overflow issueCVE-2019-17518 mentioned in...

CVE-2020-3694

CVE-2020-3694 affects Qualcomm Snapdragon components (Auto/Compute/Mobile/Voice & Music) with an out-of-range pointer issue caused by an incorrect buffer range check during the execution of qseecom. Affected devices/SoCs include Bitra, Nicobar, Saipan, SM6150, SM8150, SM8250, and SXR2130 under Sn...

CVE-2020-3694

u'Use out of range pointer issue can occur due to incorrect buffer range check during the execution of qseecom' in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Voice & Music in Bitra, Nicobar, Saipan, SM6150, SM8150, SM8250, SXR2130...

CVE-2020-3693

u'Use out of range pointer issue can occur due to incorrect buffer range check during the execution of qseecom.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017,...

CVE-2020-3692

CVE-2020-3692 is a buffer overflow in Qualcomm Snapdragon components (Auto, Compute, Consumer IoT, Industrial IoT, Mobile) caused by missing input validation when updating the output buffer for IMEI and Gateway Address from server parameters. Affected platforms include Snapdragon devices like Aga...

CVE-2020-3673

u'Buffer overflow can happen as part of SIP message packet processing while storing values in array due to lack of check to validate the index length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon...

CVE-2020-3654

CVE-2020-3654 is a buffer overflow in Qualcomm closed‑source components (Qualcomm/ Snapdragon) where SIP message processing fails to validate an index before copying data. The vulnerability is rated Critical (CVSS v3.1/10.0) with network access and no user interaction, implying potential remote c...

CVE-2020-11153

CVE-2020-11153 affects Qualcomm Snapdragon platforms (Auto, Compute, Connectivity, CEC, IOT, Mobile) including APQ8053, QCA6390/9379, QCN7605, SC8180X, SDX55. Root cause: out-of-bounds memory access while processing GATT data due to insufficient validation of PDU length. This can lead to remote c...