CVE-2020-11125

CVE-2020-11125 affects Qualcomm/Snapdragon platforms (Kernel) with an out-of-bounds access in the MHI command processing due to insufficient channel-id validation. The vulnerability is listed in Android/Qualcomm bulletin context (kernel path) for multiple SnapdragonSoCs and was tracked in CVE-202...

CVE-2020-11141

CVE-2020-11141 describes a buffer over-read in Bluetooth estack caused by a missing length check on the L2CAP configuration request from a peer. Affected are Qualcomm Snapdragon platforms (e.g., APQ8009, APQ8053, QCA6390, QCN7605, SM8250, and others across Snapdragon Auto/Compute/Connectivity/UIs...

Platform Update Highlights for eCommerce

Akamai's October Platform Update offers a ton of new features for our customers across all industries. But if you're an online retailer, you should really be paying attention to improvements to EdgeWorkers and Image & Video Manager, which provide expanded capabilities for creating new microservic...

Product release: Virtuozzo Hybrid Infrastructure 4.0 (4.0.0-734)

In this release, Virtuozzo Hybrid Infrastructure provides a wide range of new features that enhance the end-user experience and service providers' interoperability. The improvements cover networking, storage core, appliance, object storage, monitoring, performance charts, and localization...

Denial Of Service (DoS)

libexif is vulnerable to denial of service. Unrestricted size in handling Canon EXIF MakerNote data can lead to consumption of large amounts of compute time and a potential application crash...

libexif: unrestricted size in handling Canon EXIF MakerNote data can lead to consumption of large amounts of compute time

An issue was discovered in libexif before 0.6.22. An unrestricted size in handling Canon EXIF MakerNote data could lead to consumption of large amounts of compute time for decoding EXIF data...

UBUNTU-CVE-2020-15678

When recursing through graphical layers while scrolling, an iterator may have become invalid, resulting in a potential use-after-free. This occurs because the function APZCTreeManager::ComputeClippedCompositionBounds did not follow iterator invalidation rules. This vulnerability affects Firefox 8...

Serverless at the Edge: Enabling Magical Unicorns

Before we dive straight into the magical unicorn from heaven that is serverless computing embedded within the CDN edge a direct customer quote that I want on a team T-shirt soon, let's first level-set on some basic concepts of computing. In the context of web experiences, IoT device messaging, an...

Privilege Escalation

gce-compute-image is vulnerable to privilege escation. The vulnerability allows a user that is only granted the role "roles/compute.osLogin" to escalate privileges to root. Using their membership to the "adm" group, users with this role are able to read the DHCP XID from the systemd journal. Usin...

Important: Red Hat Security Advisory: openstack-nova security update

An update for openstack-nova is now available for Red Hat OpenStack Platform 10 Newton. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: openstack-nova security update

An update for openstack-nova is now available for Red Hat OpenStack Platform 13 Queens. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: openstack-nova security update

An update for openstack-nova is now available for Red Hat OpenStack Platform 15 Stein. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: openstack-nova security update

An update for openstack-nova is now available for Red Hat OpenStack Platform 16 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Important: Red Hat Security Advisory: openstack-nova security update

An update for openstack-nova is now available for Red Hat OpenStack Platform 16.1 Train. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

CVE-2020-3617

u'Buffer over-read Issue in Q6 testbus framework due to diag packet length is not completely validated before accessing the field and leads to Information disclosure.' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Kamorta, Nicobar, QCS605, QCS610,...

Information disclosure

u'Buffer over-read Issue in Q6 testbus framework due to diag packet length is not completely validated before accessing the field and leads to Information disclosure.' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Kamorta, Nicobar, QCS605, QCS610,...

CVE-2020-3679

CVE-2020-3679 affects Qualcomm Snapdragon components (including Snapdragon Auto/Compute/Mobile etc.) where, after ASLR is enabled in QTEE, some code remains mapped at a fixed known address. This exposes local attack surfaces and can lead to confidentiality impact (per CVSS), with code execution p...

CVE-2020-3674

CVE-2020-3674 is a vulnerability affecting Qualcomm Snapdragon platforms where information can leak to userspace due to improper transfer of data from kernel to userspace. The NVD description aggregates impact as partial information disclosure without kernel integrity or availability impact, with...

CVE-2020-3617

u'Buffer over-read Issue in Q6 testbus framework due to diag packet length is not completely validated before accessing the field and leads to Information disclosure.' in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in Kamorta, Nicobar, QCS605, QCS610,...

CVE-2020-3634

The CVE-2020-3634 issue is a hardware/firmware vulnerability affecting multiple Snapdragon generations (e.g., APQ8053, MDM9xxx, SDM6/7/8 series, QCS/QMX lines) where a read overflow results from an improper length check during decoding of Generic NAS transport/EMM info. The root cause is an impro...