CVE-2019-10525

Buffer overflow during SIB read when network configures complete sib list along with first and last segment of other SIB in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in...

Buffer overflow

Device memory may get corrupted because of buffer overflow/underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in...

Null pointer dereference

Out of bounds memcpy can occur by providing the embedded NULL character string and length greater than the actual string length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT,...

CVE-2019-2242

Device memory may get corrupted because of buffer overflow/underflow. in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in...

CVE-2019-10564

Possible OOB issue in EEPROM due to lack of check while accessing memory map array at the time of reading operation in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music...

CVE-2019-10517

CVE-2019-10517 affects a broad set of Qualcomm Snapdragon components. The issue is that memory is freed twice when two concurrent threads execute in parallel, indicating a double-free in memory management. Root cause: concurrent threads triggering a premature or multiple deallocations in affected...

CVE-2019-10487

CVE-2019-10487 affects Qualcomm Snapdragon family components (e.g., Snapdragon Auto/Compute/IoT lineups) and is caused by a buffer over-read while parsing SMS OTA messages at the transport layer when the network provides unintended values. The issue spans a wide set of Qualcomm/SC/MDM/SDA/SXR dev...

CVE-2019-10592

Possible integer overflow while multiplying two integers of 32 bit in QDCM API of get display modes as there is no check on the maximum mode count in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

CVE-2019-2288

Out of bound write in TZ while copying the secure dump structure on HLOS provided buffer as a part of memory dump in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired...

Design/Logic Flaw

Use after free issue occurs when command destructors access dynamically allocated response buffer which is already deallocated during previous command teardwon sequence in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice ...

Design/Logic Flaw

Snapshot of IB can lead to invalid address access due to missing check for size in the related function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

Hardcoded credentials

HLOS could corrupt CPZ page table memory for S1 managed VMs in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in MDM9205, QCS404, QCS605, SDA845, SDM670, SDM710,...

CVE-2019-2319

CVE-2019-2319 affects Qualcomm Snapdragon platforms (Auto, Compute, Connectivity, IoT, Mobile, etc.) where the HLOS may corrupt CPZ page table memory for S1 managed VMs. Root cause is memory corruption in the CPZ page table handling. The CVSSv3.1 vector (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) yield...

CVE-2019-10571

Snapshot of IB can lead to invalid address access due to missing check for size in the related function in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon...

CVE-2019-10571

CVE-2019-10571 targets Qualcomm Snapdragon family GPUs/graphics drivers (listed APQ/MSM/SDM devices) with a memory-access flaw: a missing size check in a function can lead to invalid address access. Public references show vendor advisories (Qualcomm November 2019 bulletin) and cross-links in Red ...

Multiple Intel NUC Firmware Multiple Security Vulnerabilities

Description Multiple Intel NUC Firmware are prone to multiple unspecified security vulnerabilities. Attackers can leverage these issues to gain elevated privileges. Technologies Affected Intel Compute Card CD1IV128MK BIOS Intel Compute Card CD1M3128MK BIOS Intel Compute Card CD1P64GK BIOS Intel...

Security Bulletin: PowerVC is impacted by an OpenStack Neutron vulnerability related to security group rules (CVE-2019-10876)

Summary OpenStack Neutron is vulnerable to a denial of service, caused by a flaw in the neutron-openvswitch-agent. By creating two security groups with separate/overlapping port ranges, a remote authenticated attacker could exploit this vulnerability to prevent Neutron from being able to configur...

Updated libcryptopp packages fix security vulnerability

The updated packages fix a security vulnerability: Crypto++ 8.3.0 and earlier contains a timing side channel in ECDSA signature generation. This allows a local or remote attacker, able to measure the duration of hundreds to thousands of signing operations, to compute the private key used. The iss...

Unspecified Vulnerability in CloudBees Jenkins Google Compute Engine Plugin (CNVD-2019-42819)

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Google Compute Engine Plugin is used in one o...

Unspecified Vulnerability in CloudBees Jenkins Google Compute Engine Plugin

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools. The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Google Compute Engine Plugin is used in one o...