718 matches found
CVE-2020-11127
CVE-2020-11127 affects Qualcomm Snapdragon firmware components (extensible boot loader) across multiple Snapdragon product lines. The issue is described as an integer overflow that can cause a buffer overflow due to a missing table-length check during validation of security metadata while process...
CVE-2020-11123
u'information disclosure in gatekeeper trustzone implementation as the throttling mechanism to prevent brute force attempts at getting users lock-screen password can be bypassed by performing the standard gatekeeper operations.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity,...
CVE-2020-3704
u'While processing invalid connection request PDU which is nonstandard interval or timeout is 0 from central device may lead peripheral system enter into dead lock state.This CVE is equivalent to InvalidConnectionRequestCVE-2019-19193 mentioned in sweyntooth paper' in Snapdragon Auto, Snapdragon...
CVE-2020-11174
u'Array index underflow issue in adsp driver due to improper check of channel id before used as array index.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables,...
CVE-2020-3684
u'QSEE reads the access permission policy for the SMEM TOC partition from the SMEM TOC contents populated by XBL Loader and applies them without validation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...
CVE-2020-11162
u'Possible buffer overflow in MHI driver due to lack of input parameter validation of EOT events received from MHI device side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,...
CVE-2020-11169
u'Buffer over-read while processing received L2CAP packet due to lack of integer overflow check' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &...
Design/Logic Flaw
u'Array index underflow issue in adsp driver due to improper check of channel id before used as array index.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables,...
CVE-2020-11172
CVE-2020-11172 describes a stack overflow in Snapdragon Wired Infrastructure and Networking components (IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA9531, QCA9980) caused by fscanf reading a string from a file into a statically allocated stack buffer. The result is a high-severity issue with network at...
CVE-2020-11172
u'fscanf reads a string from a file and stores its contents on a statically allocated stack memory which leads to stack overflow' in Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018, IPQ8064, IPQ8074, QCA9531, QCA9980...
CVE-2020-11141
CVE-2020-11141 describes a buffer over-read in Bluetooth estack caused by a missing length check on the L2CAP configuration request from a peer. Affected are Qualcomm Snapdragon platforms (e.g., APQ8009, APQ8053, QCA6390, QCN7605, SM8250, and others across Snapdragon Auto/Compute/Connectivity/UIs...
Facebook Promises Privacy Reform. Critics Aren't Convinced
In an interview with WIRED, Facebook's chief privacy officers argue that the company has turned a corner. Again...
CVE-2020-3552 Cisco Aironet Access Points Ethernet Wired Clients Denial of Service Vulnerability
A vulnerability in the Ethernet packet handling of Cisco Aironet Access Points APs Software could allow an unauthenticated, adjacent attacker to cause a denial of service DoS condition on an affected device. The vulnerability is due to insufficient input validation. An attacker could exploit this...
CVE-2020-1472/Zerologon. As an IT manager should I worry?
TL;DR Yes, apply the update from Microsoft. The new MS08-067? CVE-2020-1472 is an elevation of privilege vulnerability in a cryptographic authentication scheme used by the Netlogon service and was discovered and named Zerologon by Tom Tervoort at Secura. It does not require authentication. It can...
CVE-2020-3679
CVE-2020-3679 affects Qualcomm Snapdragon components (including Snapdragon Auto/Compute/Mobile etc.) where, after ASLR is enabled in QTEE, some code remains mapped at a fixed known address. This exposes local attack surfaces and can lead to confidentiality impact (per CVSS), with code execution p...
CVE-2020-3669
u'Buffer Overflow issue in WLAN tcp ip verification due to usage of out of range pointer offset' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &...
CVE-2020-3644
u'Information disclosure issue occurs as in current logic Secure Touch session is released without terminating display session' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music,...
CVE-2020-3621
u'Lack of check to ensure that the TX read index & RX write index that are read from shared memory are less than the FIFO size results into memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics...
CVE-2020-3666
u'Out of bounds memory access during memory copy while processing Host command' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdrago...
CVE-2020-11117
u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.' in Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ6018,...