New vulnerabilities from the NVD: CVE-2020-11276 | |
Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation of P2P IE and NOA attribute lengths in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking Published at: February 22, 2021 at 09:15AM View on website February 22, 2021 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11275 | | Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking Published at: February 22, 2021 at 09:15AM View on website February 22, 2021 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11272 | | Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be deleted and using a stale version later can lead to use after free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Published at: February 22, 2021 at 09:15AM View on website February 22, 2021 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11271 | | Possible out of bounds while accessing global control elements due to race condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking Published at: February 22, 2021 at 09:15AM View on website February 22, 2021 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11270 | | Possible denial of service due to RTT responder consistently rejects all FTMR by transmitting FTM1 with failure status in the FTM parameter IE in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking Published at: February 22, 2021 at 09:15AM View on website February 22, 2021 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11269 | | Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking Published at: February 22, 2021 at 09:15AM View on website February 22, 2021 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11253 | | Arbitrary memory write issue in video driver while setting the internal buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile Published at: February 22, 2021 at 09:15AM View on website February 22, 2021 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11223 | | Out of bound in camera driver due to lack of check of validation of array index before copying into array in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables Published at: February 22, 2021 at 09:15AM View on website February 22, 2021 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11204 | | Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for parameters that are read from shared MSG RAM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking Published at: February 22, 2021 at 09:15AM View on website February 22, 2021 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11203 | | Stack overflow may occur if GSM/WCDMA broadcast config size received from user is larger than variable length array in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables Published at: February 22, 2021 at 09:15AM View on website February 22, 2021 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11198 | | Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking Published at: February 22, 2021 at 09:15AM View on website February 22, 2021 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11195 | | Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music Published at: February 22, 2021 at 09:15AM View on website February 22, 2021 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11194 | | Possible out of bound access in TA while processing a command from NS side due to improper length check of response buffer in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking Published at: February 22, 2021 at 09:15AM View on website February 22, 2021 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11187 | | Possible memory corruption in BSI module due to improper validation of parameter count in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Mobile Published at: February 22, 2021 at 09:15AM View on website February 22, 2021 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11177 | | User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device lock in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Published at: February 22, 2021 at 09:15AM View on website February 22, 2021 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11170 | | Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking Published at: February 22, 2021 at 09:15AM View on website February 22, 2021 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11163 | | Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile Published at: February 22, 2021 at 09:15AM View on website February 22, 2021 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2020-11147 | | Use after free issue in audio modules while removing and freeing objects during list iteration due to incorrect usage of macro in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile Published at: February 22, 2021 at 09:15AM View on website February 22, 2021 at 01:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2018-3633 | | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Published at: February 26, 2021 at 12:15AM View on website February 26, 2021 at 01:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-18947 | | Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to information disclosure. Published at: February 26, 2021 at 06:15AM View on website February 26, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-18946 | | Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to session fixation. Published at: February 26, 2021 at 06:15AM View on website February 26, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-18945 | | Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to privilege escalation vulnerability. Published at: February 26, 2021 at 06:15AM View on website February 26, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-18944 | | Micro Focus Solutions Business Manager Application Repository versions prior to 11.7.1 are vulnerable to reflected XSS. Published at: February 26, 2021 at 06:15AM View on website February 26, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-18943 | | Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to XML External Entity Processing (XXE) on certain operations. Published at: February 26, 2021 at 06:15AM View on website February 26, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-18942 | | Micro Focus Solutions Business Manager versions prior to 11.7.1 are vulnerable to stored XSS. The application reflects previously stored user input without encoding. Published at: February 26, 2021 at 06:15AM View on website February 26, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-11684 | | Improper Access Control in the RCP+ server of the Bosch Video Recording Manager (VRM) component allows arbitrary and unauthenticated access to a limited subset of certificates, stored in the underlying Microsoft Windows operating system. The fixed versions implement modified authentication checks. Prior releases of VRM software version 3.70 are considered unaffected. This vulnerability affects VRM v3.70.x, v3.71 < v3.71.0034 and v3.81 < 3.81.0050; DIVAR IP 5000 3.80 < 3.80.0039; BVMS all versions using VRM. Published at: February 26, 2021 at 06:15PM View on website February 26, 2021 at 08:36PM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-25023 | | An issue was discovered in Scytl sVote 2.1. Because the IP address from an X-Forwarded-For header (which can be manipulated client-side) is used for the internal application logs, an attacker can inject wrong IP addresses into these logs. Published at: February 27, 2021 at 07:15AM View on website February 27, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-25022 | | An issue was discovered in Scytl sVote 2.1. An attacker can inject code that gets executed by creating an election-event and injecting a payload over an event alias, because the application calls Runtime.getRuntime().exec() without validation. Published at: February 27, 2021 at 07:15AM View on website February 27, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-25021 | | An issue was discovered in Scytl sVote 2.1. Due to the implementation of the database manager, an attacker can access the OrientDB by providing admin as the admin password. A different password cannot be set because of the implementation in code. Published at: February 27, 2021 at 07:15AM View on website February 27, 2021 at 08:36AM via National Vulnerability Database |
New vulnerabilities from the NVD: CVE-2019-25020 | | An issue was discovered in Scytl sVote 2.1. Because the sdm-ws-rest API does not require authentication, an attacker can retrieve the administrative configuration by sending a POST request to the /sdm-ws-rest/preconfiguration URI. Published at: February 27, 2021 at 07:15AM View on website February 27, 2021 at 08:36AM via National Vulnerability Database |
|
| | |
|
Няма коментари:
Публикуване на коментар