CVE-2019-14028

CVE-2019-14028 is a Qualcomm Snapdragon vulnerability: a buffer overwrite during memcpy caused by a missing SSID length validation in multiple Snapdragon components (Auto, Compute, Connectivity, and related Snapdragon families on various SoCs). Root cause documented as lack of check on SSID lengt...

CVE-2019-14028

Buffer overwrite during memcpy due to lack of check on SSID length validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &...

Input Validation Error Vulnerability in Multiple Qualcomm Products (CNVD-2020-03576)

Qualcomm MDM9206 and others are products of Qualcomm Incorporated.MDM9206 is a central processing unit CPU product.MDM9607 is a central processing unit CPU product.MDM9640 is a central processing unit CPU product. An input validation error vulnerability exists in WLAN in multiple Qualcomm product...

CVE-2019-10595

Possible buffer overwrite in message handler due to lack of validation of tid value calculated from packets received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon...

CVE-2019-10605

Buffer overwrite can occur in IEEE80211 header filling function due to lack of range check of array index received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voic...

Integer overflow

Improper validation of event buffer extracted from FW response can lead to integer overflow, which will allow to pass the length check and eventually will lead to buffer overwrite when event data is copied to context buffer in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity,...

CVE-2019-10605

Buffer overwrite can occur in IEEE80211 header filling function due to lack of range check of array index received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voic...

CVE-2019-10605

The CVE-2019-10605 issue is a buffer overwrite in the IEEE80211 header filling function caused by a missing range check on an array index sourced from firmware, affecting Qualcomm Snapdragon WLAN host components across multiple SoCs (e.g., APQ8009, APQ8053, IPQ8074, MDM9607, MDM9650, SDM630, SDM6...

CVE-2019-10595

Possible buffer overwrite in message handler due to lack of validation of tid value calculated from packets received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon...

CVE-2019-10595

CVE-2019-10595 is a Qualcomm/Qualcomm WLAN issue affecting Snapdragon components (e.g., APQ8009, APQ8053, APQ8064, IPQ4019, MDM9206, SDM660, QCA9880, etc.) where a lack of validation of the tid value parsed from firmware packets can cause a buffer overwrite in the message handler. The vulnerabili...

CVE-2019-10537

Improper validation of event buffer extracted from FW response can lead to integer overflow, which will allow to pass the length check and eventually will lead to buffer overwrite when event data is copied to context buffer in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity,...

openSUSE Security Update : glibc (openSUSE-2019-422)

This update for glibc fixes the following issues : This security issue was fixed : - Fixed an buffer overwrite issue in memcpy for Knights Landing CPUs boo1092877, CVE-2018-11237 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were...

Ubuntu 14.04 LTS : Linux kernel (Azure) vulnerabilities (USN-3820-3)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3820-3 advisory. Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not properly perform input validation in some situations. An attacker could...

Ubuntu 18.04 LTS : Linux kernel vulnerabilities (USN-3820-1)

The remote Ubuntu 18.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3820-1 advisory. Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not properly perform input validation in some situations. An attacker could...

Ubuntu 14.04 LTS : Linux kernel vulnerabilities (USN-3822-1)

The remote Ubuntu 14.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3822-1 advisory. Jim Mattson discovered that the KVM implementation in the Linux kernel mismanages the BP and OF exceptions. A local attacker in a guest virtual machine...

Ubuntu: Security Advisory (USN-3820-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-3820-2)

The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-3820-2 advisory. USN-3820-1 fixed vulnerabilities in the Linux kernel for Ubuntu 18.04 LTS. This update provides the corresponding updates for the Linux Hardware Enableme...

USN-3820-1: Linux kernel vulnerabilities

Felix Wilhelm discovered that the Xen netback driver in the Linux kernel did not properly perform input validation in some situations. An attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2018-15471 It was discovered that the generic SCSI...

Updated curl packages fix security vulnerabilities

Updated curl packages fix security vulnerabilities: Peter Wu discovered that curl incorrectly handled certain SMTP buffers. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute arbitrary code CVE-2018-0500. Zhaoyang Wu discovered tha...

CVE-2018-11880

Incorrect bound check can lead to potential buffer overwrite in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660...