CVE-2021-29452 Any logged in user could edit any other logged in user.

a12n-server is an npm package which aims to provide a simple authentication system. A new HAL-Form was added to allow editing users in version 0.18.0. This feature should only have been accessible to admins. Unfortunately, privileges were incorrectly checked allowing any logged in user to make th...

CVE-2020-11152

Race condition in HAL layer while processing callback objects received from HIDL due to lack of synchronization between accessing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

Race condition

Race condition in HAL layer while processing callback objects received from HIDL due to lack of synchronization between accessing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

CVE-2020-11152

CVE-2020-11152 describes a race condition in the HAL layer when processing callback objects from HIDL across Qualcomm Snapdragon Auto/Compute/Consumer IoT/Industrial IoT/Mobile/Wearables families. Root cause is lack of synchronization when accessing objects, enabling a potential impact on confide...

CVE-2020-11152

Race condition in HAL layer while processing callback objects received from HIDL due to lack of synchronization between accessing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables...

CVE-2020-11130

u'Possible buffer overflow in WIFI hal process due to copying data without checking the buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55,...

CVE-2020-11121

u'Possible buffer overflow in WIFI hal process due to usage of memcpy without checking length of destination buffer' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X,...

Buffer overflow

u'Possible buffer overflow in WIFI hal process due to copying data without checking the buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55,...

Buffer overflow

u'Possible buffer overflow in WIFI hal process due to usage of memcpy without checking length of destination buffer' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X,...

CVE-2020-11130

CVE-2020-11130 affects Qualcomm Snapdragon WiFi HAL components across multiple Snapdragon families (e.g., QCM4290, SM8250, SDX55, etc.). A root cause is a buffer overflow caused by copying data without validating the destination buffer length, potentially allowing local access to the device memor...

CVE-2020-11130

u'Possible buffer overflow in WIFI hal process due to copying data without checking the buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X, SC8180XP, SDX55,...

CVE-2020-11121

CVE-2020-11121 describes a possible buffer overflow in the WIFI HAL due to memcpy being used without checking the destination buffer length. Affected products include Qualcomm Snapdragon Auto, Compute, Industrial IOT, and Mobile platforms across multiple SoCs (e.g., QCM4290, QCS4290, QM215, QSM83...

CVE-2020-11121

u'Possible buffer overflow in WIFI hal process due to usage of memcpy without checking length of destination buffer' in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile in QCM4290, QCS4290, QM215, QSM8350, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SC8180X,...

Buffer overflow in deprecated USB HALs and stack overflow in USB enumeration

Impact 1 If an application is making use of the deprecated kit protocol HALs as the communication channel to the target device an attacker can masquerade as a device and return malformed packets of arbitrary length which the protocol stack will write to the stack. HALs intended for production use...

Google Android elevation of privilege vulnerability (CNVD-2020-53775)

Android is a Linux-based open source operating system from Google and the Open Handheld Alliance OHA. A security vulnerability exists in Android version 11. The vulnerability stems from the Audio HAL and can be exploited by an attacker to elevate local privileges...

CVE-2020-0356

In the Audio HAL, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143787559...

Out-of-bounds

In the Audio HAL, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143787559...

CVE-2020-0356

CVE-2020-0356 affects the Android Audio HAL. The issue is an out-of-bounds write caused by an incorrect bounds check, enabling local privilege escalation with system-level execution privileges. Exploitation does not require user interaction. The vulnerability is documented across multiple sources...

CVE-2020-0356

In the Audio HAL, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-143787559...

CVE-2020-25056

An issue was discovered on Samsung mobile devices with Q10.0 Galaxy S20 software. Because HAL improperly checks versions, bootloading by the S.LSI NFC chipset is mishandled. The Samsung ID is SVE-2020-16169 August 2020...