CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2020/07/30 12:15 p.m.•20 views

CVE-2019-14130

Memory corruption can occurs in trusted application if offset size from HLOS is more than actual mapped buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130...

7.8CVSS8.1AI score0.00199EPSS

Prion•added 2020/07/30 12:15 p.m.•14 views

Buffer overflow

Device misbehavior may be observed when incorrect offset, length or number of buffers is passed by user space in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8053, MDM9206, MDM9207C...

4.6CVSS8.3AI score0.00199EPSS

Prion•added 2020/07/30 12:15 p.m.•22 views

Design/Logic Flaw

When kernel thread unregistered listener, Use after free issue happened as the listener clients private data has been already freed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in...

4.6CVSS7.9AI score0.00199EPSS

Prion•added 2020/07/30 12:15 p.m.•24 views

Memory corruption

4.6CVSS8AI score0.00199EPSS

CVE•added 2020/07/30 11:40 a.m.•106 views

CVE-2020-3698

CVE-2020-3698 describes an out-of-bounds write during QoS DSCP mapping caused by improper input validation of data from an association response frame in Qualcomm-powered Snapdragon platforms (widely listed devices such as APQ8009/SDM66x families and others). The underlying issue affects data hand...

9.8CVSS9.3AI score0.00884EPSS

Cvelist•added 2020/07/30 11:40 a.m.•28 views

CVE-2020-3671

Use-after-free issue could occur due to dangling pointer when generating a frame buffer in OpenGL ES in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, Nicobar, QCM2150, QCS405, Saipan, SDM845, SM8150, SM8250, SXR2130...

9.4AI score0.0091EPSS

Cvelist•added 2020/07/30 11:40 a.m.•29 views

CVE-2019-14130

8.1AI score0.00199EPSS

Cvelist•added 2020/07/30 11:40 a.m.•29 views

CVE-2019-14124

7.7AI score0.00199EPSS

CVE•added 2020/07/30 11:40 a.m.•50 views

CVE-2019-14130

CVE-2019-14130 describes memory corruption in Qualcomm closed-source components affecting Snapdragon Auto/Compute/Mobile/Wired Infrastructure and Networking products (Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130). The vulnerability arises when the offset size from the ...

7.8CVSS8AI score0.00199EPSS

CVE•added 2020/07/30 11:40 a.m.•54 views

CVE-2019-14123

CVE-2019-14123 describes a possible buffer overflow and out-of-bounds read due to missing bounds checks for fixed limits in the Widevine HLOS client across Qualcomm Snapdragon platforms (e.g., Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130). The CVE is reflected in multi...

7.8CVSS7.8AI score0.00198EPSS

Cvelist•added 2020/07/30 11:40 a.m.•33 views

CVE-2019-14099

8.3AI score0.00199EPSS

Cvelist•added 2020/07/30 11:40 a.m.•25 views

CVE-2019-10580

7.9AI score0.00199EPSS

CVE•added 2020/07/30 11:40 a.m.•105 views

CVE-2019-10580

CVE-2019-10580 describes a local use-after-free in the Qualcomm Snapdragon kernel: when a listener is unregistered, the listener’s private data may already have been freed. Affected are Snapdragon Auto/Compute/Consumer IOT/Industrial IOT/Mobile/Voice & Music/Wearables platforms (listed in the des...

7.8CVSS7.8AI score0.00199EPSS

Tenable Nessus•added 2020/07/30 12:0 a.m.•34 views

EulerOS 2.0 SP8 : libexif (EulerOS-SA-2020-1809)

According to the versions of the libexif package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in libexif before 0.6.22. Several buffer over-reads in EXIF MakerNote handling could lead to information disclosure and...

9.1CVSS7.4AI score0.02633EPSS

Exploits0References4

RedHat Linux•added 2020/07/22 12:13 p.m.•1 views

openstack-keystone: EC2 and credential endpoints are not protected from a scoped context

A vulnerability was found in Keystone's EC2 credentials API. This flaw allows any user authenticated within a limited scope trust/OAuth/application credential to create an EC2 credential with escalated permissions, for example, obtaining an "admin" role, while the user is on a limited "viewer" ro...

8.8CVSS5.8AI score0.01562EPSS

Exploits0References5

VulnCheck KEV•added 2020/07/20 12:0 a.m.•1 views

VulnCheck KEV: CVE-2020-11261

Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

7.8CVSS7AI score0.01772EPSS