CVE-2019-14089

CVE-2019-14089 affects Qualcomm Snapdragon platforms (Kamorta, Nicobar, QCS404/610, Rennell, SA5x, SC7x, SDX55, SM6x/7x/8x, SXR2130) in multiple Snapdragon families. The vulnerability concerns Keymaster attestation key and device IDs provisioning, a one-time process that is incorrectly allowed to...

CVE-2019-14065

CVE-2019-14065 is a vulnerability described as a pointer double free in HavenSvc caused by not resetting the freed pointer to NULL. It affects a wide range of Qualcomm-Snapdragon platforms (Snapdragon Auto, Compute, Consumer IoT, Industrial IoT, Mobile, Voice & Music, Wired Networking) across mul...

CVE-2019-13999

CVE-2019-13999 involves a lack of check for integer overflow during round-up and addition, causing memory corruption and potential information leakage on multiple Qualcomm/Snapdragon platforms. The vulnerability affects a wide range of Snapdragon products (Auto, Compute, Connectivity, Consumer El...

CVE-2019-10596

u'Improper access control can lead signed process to guess pid of other processes and access their address space' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking ...

CVE-2019-10562

u'Improper authentication and signature verification of debug polices in secure boot loader will allow unverified debug policies to be loaded into secure memory and leads to memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon...

CVE-2019-10562

CVE-2019-10562 affects Qualcomm Snapdragon families (including IPQ6018, MSM CPUs) with an improper authentication and signature verification of debug policies in the secure boot loader. The root cause is insecure policy loading into secure memory, leading to memory corruption and potential local ...

ABUS Secvest Hybrid Module FUMO50110 Authentication Bypass Vulnerability

ABUS Secvest Hybrid module FUMO50110 suffers an authentication bypass vulnerability. The hybrid module does not have any security mechanism that ensures confidentiality or integrity of RF packets that are exchanged between the ABUS Secvest alarm panel and the ABUS Secvest Hybrid module. Thus, an...

CVE-2019-14130

Memory corruption can occurs in trusted application if offset size from HLOS is more than actual mapped buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130...

CVE-2019-14124

Memory failure in content protection module due to not having pointer within the scope in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130...

Memory corruption

Memory corruption can occurs in trusted application if offset size from HLOS is more than actual mapped buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130...

CVE-2019-14130

Memory corruption can occurs in trusted application if offset size from HLOS is more than actual mapped buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130...

CVE-2019-14124

Memory failure in content protection module due to not having pointer within the scope in Snapdragon Auto, Snapdragon Compute, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking in Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130...

CVE-2019-14130

CVE-2019-14130 describes memory corruption in Qualcomm closed-source components affecting Snapdragon Auto/Compute/Mobile/Wired Infrastructure and Networking products (Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130). The vulnerability arises when the offset size from the ...

CVE-2019-14123

CVE-2019-14123 describes a possible buffer overflow and out-of-bounds read due to missing bounds checks for fixed limits in the Widevine HLOS client across Qualcomm Snapdragon platforms (e.g., Kamorta, QCS404, Rennell, SC7180, SDX55, SM6150, SM7150, SM8250, SXR2130). The CVE is reflected in multi...

CVE-2020-10281

This vulnerability applies to the Micro Air Vehicle Link MAVLink protocol and allows a remote attacker to gain access to sensitive information provided it has access to the communication medium. MAVLink is a header-based protocol that does not perform encryption to improve transfer and reception...

CVE-2020-10272

MiR100, MiR200 and other MiR robots use the Robot Operating System ROS default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with...

Command injection

MiR100, MiR200 and other MiR robots use the Robot Operating System ROS default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with...

Deserialization of untrusted data

MiR100, MiR200 and other MiR robots use the Robot Operating System ROS default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as...

CVE-2020-10271 RVD#2555: MiR ROS computational graph is exposed to all network interfaces, including poorly secured wireless networks and open wired ones

MiR100, MiR200 and other MiR robots use the Robot Operating System ROS default packages exposing the computational graph to all network interfaces, wireless and wired. This is the result of a bad set up and can be mitigated by appropriately configuring ROS and/or applying custom patches as...

CVE-2020-10272 RVD#2554: MiR ROS computational graph presents no authentication mechanisms

MiR100, MiR200 and other MiR robots use the Robot Operating System ROS default packages exposing the computational graph without any sort of authentication. This allows attackers with access to the internal wireless and wired networks to take control of the robot seamlessly. In combination with...