11 matches found
EUVD-2020-18492
Malware in sbrugna...
EUVD-2020-18491
Malware in sbrugna...
CVE-2020-25858
The QCMAPWebCLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr or strchr call in the Tokenizer function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of...
CVE-2020-25859
The QCMAPCLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system call without validating the input, while handling a SetGatewayUrl request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAPCLI ca...
CVE-2020-25859
The QCMAPCLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system call without validating the input, while handling a SetGatewayUrl request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAPCLI ca...
Design/Logic Flaw
The QCMAPCLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system call without validating the input, while handling a SetGatewayUrl request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAPCLI ca...
Design/Logic Flaw
The QCMAPWebCLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr or strchr call in the Tokenizer function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of...
CVE-2020-25859
CVE-2020-25859 concerns the QCMAP_CLI utility in Qualcomm QCMAP, where handling SetGatewayUrl() can invoke system() without input validation. This allows a local attacker with shell access to pass shell metacharacters and execute arbitrary commands. If QCMAP_CLI runs with sudo or setuid, privileg...
CVE-2020-25859
The QCMAPCLI utility in the Qualcomm QCMAP software suite prior to versions released in October 2020 uses a system call without validating the input, while handling a SetGatewayUrl request. A local attacker with shell access can pass shell metacharacters and run arbitrary commands. If QCMAPCLI ca...
CVE-2020-25858
CVE-2020-25858 affects the Qualcomm QCMAP Web UI. The issue lies in the QCMAP_Web_CLIENT binary where the Tokenizer() function does not validate the return values of strstr() or strchr(). This can let an attacker supply a crafted URL via the web interface that crashes the process, resulting in a ...
CVE-2020-25858
The QCMAPWebCLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr or strchr call in the Tokenizer function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of...