admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

- Synchronized data.

Browse Source
This commit is contained in:
CVE Team 2018-09-19 10:26:48 -04:00
parent 599daf6220
commit 30e59030eb
No known key found for this signature in database
GPG Key ID: 0DA1F9F56BC892E8
57 changed files with 426 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
2017/15xxx/CVE-2017-15818.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while loading a user application in qseecom, an integer overflow could potentially occur if the application partition size is rounded up to page_size."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while loading a user application in qseecom, an integer overflow could potentially occur if the application partition size is rounded up to page_size."
}
]
},

2
2017/15xxx/CVE-2017-15825.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a gpt update, an out of bounds memory access may potentially occur."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a gpt update, an out of bounds memory access may potentially occur."
}
]
},

2
2017/15xxx/CVE-2017-15828.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing the keystore in LK, an integer overflow vulnerability exists which may potentially lead to a buffer overflow."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing the keystore in LK, an integer overflow vulnerability exists which may potentially lead to a buffer overflow."
}
]
},

2
2017/15xxx/CVE-2017-15844.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the function for writing device values into flash, uninitialized memory can be written to flash."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the function for writing device values into flash, uninitialized memory can be written to flash."
}
]
},

2
2018/11xxx/CVE-2018-11265.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possible buffer overflow while incrementing the log_buf of type uint64_t in memcpy function, since the log_buf pointer can access the memory beyond the size to store the data after pointer increment."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possible buffer overflow while incrementing the log_buf of type uint64_t in memcpy function, since the log_buf pointer can access the memory beyond the size to store the data after pointer increment."
}
]
},

2
2018/11xxx/CVE-2018-11270.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated with devm_kzalloc is automatically released by the kernel if the probe function fails with an error code. This may result in data corruption."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, memory allocated with devm_kzalloc is automatically released by the kernel if the probe function fails with an error code. This may result in data corruption."
}
]
},

2
2018/11xxx/CVE-2018-11273.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, 'voice_svc_dev' is allocated as a device-managed resource. If error 'cdev_alloc_err' occurs, 'device_destroy' will free all associated resources, including 'voice_svc_dev' leading to a double free."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, 'voice_svc_dev' is allocated as a device-managed resource. If error 'cdev_alloc_err' occurs, 'device_destroy' will free all associated resources, including 'voice_svc_dev' leading to a double free."
}
]
},

2
2018/11xxx/CVE-2018-11274.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow may occur when payload size is extremely large."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, buffer overflow may occur when payload size is extremely large."
}
]
},

2
2018/11xxx/CVE-2018-11275.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when flashing image using FastbootLib if size is not divisible by block size, information leak occurs."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when flashing image using FastbootLib if size is not divisible by block size, information leak occurs."
}
]
},

2
2018/11xxx/CVE-2018-11276.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, double free of memory allocation is possible in Kernel when it explicitly tries to free that memory on driver probe failure, since memory allocated is automatically freed on probe."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, double free of memory allocation is possible in Kernel when it explicitly tries to free that memory on driver probe failure, since memory allocated is automatically freed on probe."
}
]
},

2
2018/11xxx/CVE-2018-11278.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is not found in entire buffer, there is over-fetch beyond allocation length. This leads to page fault."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Venus HW searches for start code when decoding input bit stream buffers. If start code is not found in entire buffer, there is over-fetch beyond allocation length. This leads to page fault."
}
]
},

2
2018/11xxx/CVE-2018-11280.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing user-space there is no size validation of the NAT entry input. If the user input size of the NAT entry is greater than the max allowed size, memory exhaustion will occur."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing user-space there is no size validation of the NAT entry input. If the user input size of the NAT entry is greater than the max allowed size, memory exhaustion will occur."
}
]
},

2
2018/11xxx/CVE-2018-11281.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while calling IPA_IOC_MDFY_RT_RULE IPA IOCTL, header entry is not checked before use. If IPA_IOC_MDFY_RT_RULE IOCTL called for header entries formerly deleted, a Use after free condition will occur."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while calling IPA_IOC_MDFY_RT_RULE IPA IOCTL, header entry is not checked before use. If IPA_IOC_MDFY_RT_RULE IOCTL called for header entries formerly deleted, a Use after free condition will occur."
}
]
},

2
2018/11xxx/CVE-2018-11286.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing global variable \"debug_client\" in multi-thread manner, Use after free issue occurs"
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while accessing global variable \"debug_client\" in multi-thread manner, Use after free issue occurs"
}
]
},

2
2018/11xxx/CVE-2018-11293.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in wma_ndp_confirm_event_handler and wma_ndp_indication_event_handler, ndp_cfg len and num_ndp_app_info is from fw. If they are not checked, it may cause buffer over-read once the value is too large."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in wma_ndp_confirm_event_handler and wma_ndp_indication_event_handler, ndp_cfg len and num_ndp_app_info is from fw. If they are not checked, it may cause buffer over-read once the value is too large."
}
]
},

2
2018/11xxx/CVE-2018-11294.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WLAN handler indication from the firmware gets the information for 4 access categories. While processing this information only the first 3 AC information is copied due to the improper conditional logic used to compare with the max number of categories."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WLAN handler indication from the firmware gets the information for 4 access categories. While processing this information only the first 3 AC information is copied due to the improper conditional logic used to compare with the max number of categories."
}
]
},

2
2018/11xxx/CVE-2018-11295.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WMA handler carries a fixed event data from the firmware to the host . If the length and anqp length from this event data exceeds the max length, an OOB write would happen."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, WMA handler carries a fixed event data from the firmware to the host . If the length and anqp length from this event data exceeds the max length, an OOB write would happen."
}
]
},

2
2018/11xxx/CVE-2018-11296.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a message from firmware in WLAN handler, a buffer overwrite can occur."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing a message from firmware in WLAN handler, a buffer overwrite can occur."
}
]
},

2
2018/11xxx/CVE-2018-11297.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a buffer over-read can occur In the WMA NDP event handler functions due to lack of validation of input value event_info which is received from FW."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a buffer over-read can occur In the WMA NDP event handler functions due to lack of validation of input value event_info which is received from FW."
}
]
},

2
2018/11xxx/CVE-2018-11298.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing SET_PASSPOINT_LIST vendor command HDD does not make sure that the realm string that gets passed by upper-layer is NULL terminated. This may lead to buffer overflow as strlen is used to get realm string length to construct the PASSPOINT WMA command."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing SET_PASSPOINT_LIST vendor command HDD does not make sure that the realm string that gets passed by upper-layer is NULL terminated. This may lead to buffer overflow as strlen is used to get realm string length to construct the PASSPOINT WMA command."
}
]
},

2
2018/11xxx/CVE-2018-11299.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when WLAN FW has not filled the vdev id correctly in stats events then WLAN host driver tries to access interface array without proper bound check which can lead to invalid memory access and as a side effect kernel panic or page fault."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when WLAN FW has not filled the vdev id correctly in stats events then WLAN host driver tries to access interface array without proper bound check which can lead to invalid memory access and as a side effect kernel panic or page fault."
}
]
},

2
2018/11xxx/CVE-2018-11300.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, callback executed from the other thread has freed memory which is also used in wlan function and may result in to a \"Use after free\" scenario."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, callback executed from the other thread has freed memory which is also used in wlan function and may result in to a \"Use after free\" scenario."
}
]
},

2
2018/11xxx/CVE-2018-11301.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on buffer length while processing debug log event from firmware can lead to an integer overflow."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on buffer length while processing debug log event from firmware can lead to an integer overflow."
}
]
},

2
2018/11xxx/CVE-2018-11302.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received from userspace before copying into buffer can lead to potential array overflow in WLAN."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received from userspace before copying into buffer can lead to potential array overflow in WLAN."
}
]
},

4
2018/11xxx/CVE-2018-11761.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "Apache Tika's XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack."
"value" : "In Apache Tika 0.1 to 1.18, the XML parsers were not configured to limit entity expansion. They were therefore vulnerable to an entity expansion vulnerability which can lead to a denial of service attack."
}
]
},
@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "[tika-dev] 20180919 [CVE-2018-11761] Apache Tika DoS XML Entity Expansion Vulnerability",
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/5553e10bba5604117967466618f219c0cae710075819c70cfb3fb421@%3Cdev.tika.apache.org%3E"
}
]

4
2018/11xxx/CVE-2018-11762.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as \"C:/evil.bat\", tika-app would overwrite that file."
"value" : "In Apache Tika 0.9 to 1.18, in a rare edge case where a user does not specify an extract directory on the commandline (--extract-dir=) and the input file has an embedded file with an absolute path, such as \"C:/evil.bat\", tika-app would overwrite that file."
}
]
},
@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "[tika-dev] 20180919 [CVE-2018-11762] Zip Slip Vulnerability in Apache Tika's tika-app",
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/ab2e1af38975f5fc462ba89b517971ef892ec3d06bee12ea2258895b@%3Cdev.tika.apache.org%3E"
}
]

2
2018/11xxx/CVE-2018-11818.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, LUT configuration is passed down to driver from userspace via ioctl. Simultaneous update from userspace while kernel drivers are updating LUT registers can lead to race condition."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, LUT configuration is passed down to driver from userspace via ioctl. Simultaneous update from userspace while kernel drivers are updating LUT registers can lead to race condition."
}
]
},

2
2018/11xxx/CVE-2018-11826.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on integer overflow while calculating memory can lead to Buffer overflow in WLAN ext scan handler."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on integer overflow while calculating memory can lead to Buffer overflow in WLAN ext scan handler."
}
]
},

2
2018/11xxx/CVE-2018-11827.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper validation of array index in WMA roam synchronization handler can lead to OOB write."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper validation of array index in WMA roam synchronization handler can lead to OOB write."
}
]
},

2
2018/11xxx/CVE-2018-11832.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of input size validation before copying to buffer in PMIC function can lead to heap overflow."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of input size validation before copying to buffer in PMIC function can lead to heap overflow."
}
]
},

2
2018/11xxx/CVE-2018-11836.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check can lead to out-of-bounds access in WLAN function."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check can lead to out-of-bounds access in WLAN function."
}
]
},

2
2018/11xxx/CVE-2018-11840.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the WLAN driver command ioctl a temporary buffer used to construct the reply message may be freed twice."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing the WLAN driver command ioctl a temporary buffer used to construct the reply message may be freed twice."
}
]
},

2
2018/11xxx/CVE-2018-11842.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, during wlan association, driver allocates memory. In case the mem allocation fails driver does a mem free though the memory was not allocated."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, during wlan association, driver allocates memory. In case the mem allocation fails driver does a mem free though the memory was not allocated."
}
]
},

2
2018/11xxx/CVE-2018-11843.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack fo check on return value in WMA response handler can lead to potential use after free."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack fo check on return value in WMA response handler can lead to potential use after free."
}
]
},

2
2018/11xxx/CVE-2018-11851.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on input received to calculate the buffer length can lead to out of bound write to kernel stack."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on input received to calculate the buffer length can lead to out of bound write to kernel stack."
}
]
},

2
2018/11xxx/CVE-2018-11852.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper check In the WMA API for the inputs received from the firmware and then fills the same to the host structure will lead to OOB write."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper check In the WMA API for the inputs received from the firmware and then fills the same to the host structure will lead to OOB write."
}
]
},

2
2018/11xxx/CVE-2018-11860.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a potential buffer over flow could occur while processing the ndp event due to lack of check on the message length."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a potential buffer over flow could occur while processing the ndp event due to lack of check on the message length."
}
]
},

2
2018/11xxx/CVE-2018-11863.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received from firmware to calculate the length of WMA roam synch buffer can lead to buffer overwrite during memcpy."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received from firmware to calculate the length of WMA roam synch buffer can lead to buffer overwrite during memcpy."
}
]
},

2
2018/11xxx/CVE-2018-11868.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in nan response event handler."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in nan response event handler."
}
]
},

2
2018/11xxx/CVE-2018-11869.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in WMA handler."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to buffer overflow in WMA handler."
}
]
},

8
2018/11xxx/CVE-2018-11878.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel,Possibility of invalid memory access while processing driver command in WLAN function."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, possibility of invalid memory access while processing driver command in WLAN function."
}
]
},
@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=443edf4a19b89593f472c39e820a6a9adee76341",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=443edf4a19b89593f472c39e820a6a9adee76341"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
@ -60,4 +65,3 @@
]
}
}

8
2018/11xxx/CVE-2018-11883.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel,In policy mgr unit test if mode parameter in wlan function is given an out of bound value it can cause an out of bound access while accessing the PCL table."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in policy mgr unit test if mode parameter in wlan function is given an out of bound value it can cause an out of bound access while accessing the PCL table."
}
]
},
@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=5f21c4fa98f05423552da8716c80abfb7ca43091",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=5f21c4fa98f05423552da8716c80abfb7ca43091"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
@ -60,4 +65,3 @@
]
}
}

8
2018/11xxx/CVE-2018-11886.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel,Lack of check while calculating the MPDU data length will cause an integer overflow and then to buffer overflow in WLAN function."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check while calculating the MPDU data length will cause an integer overflow and then to buffer overflow in WLAN function."
}
]
},
@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=cc0e6489d67d3fc7b196cf6806a7a5edcff33a88",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=cc0e6489d67d3fc7b196cf6806a7a5edcff33a88"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
@ -60,4 +65,3 @@
]
}
}

16
2018/11xxx/CVE-2018-11889.json
View File

@ -11,18 +11,18 @@
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
"vendor_name" : "n/a"
}
]
}
@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel,When requesting rssi timeout, access invalid memory may occur since local variable context stack data of wlan function is free."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when requesting rssi timeout, access invalid memory may occur since local variable 'context' stack data of wlan function is free."
}
]
},
@ -44,7 +44,7 @@
"description" : [
{
"lang" : "eng",
"value" : "Return of Stack Variable Address in WLAN"
"value" : "n/a"
}
]
}
@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=4e9edcdbb8d7087dd2c7cc250813426c9c27c4d2",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=4e9edcdbb8d7087dd2c7cc250813426c9c27c4d2"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
@ -60,4 +65,3 @@
]
}
}

8
2018/11xxx/CVE-2018-11891.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel,Lack of check on the length of array while accessing can lead to an out of bound read in WLAN HOST function."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on the length of array while accessing can lead to an out of bound read in WLAN HOST function."
}
]
},
@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=2fc3e8a2ae8233690872d313fbfb4c74d0c61daa",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=2fc3e8a2ae8233690872d313fbfb4c74d0c61daa"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
@ -60,4 +65,3 @@
]
}
}

16
2018/11xxx/CVE-2018-11893.json
View File

@ -11,18 +11,18 @@
"product" : {
"product_data" : [
{
"product_name" : "Android for MSM, Firefox OS for MSM, QRD Android",
"product_name" : "n/a",
"version" : {
"version_data" : [
{
"version_value" : "All Android releases from CAF using the Linux kernel"
"version_value" : "n/a"
}
]
}
}
]
},
"vendor_name" : "Qualcomm, Inc."
"vendor_name" : "n/a"
}
]
}
@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel,While processing vendor scan request, when input argument length of request IEs is greater than maximum can lead to a buffer overflow."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing vendor scan request, when input argument - length of request IEs is greater than maximum can lead to a buffer overflow."
}
]
},
@ -44,7 +44,7 @@
"description" : [
{
"lang" : "eng",
"value" : "Buffer Copy without Checking Size of Input in WLAN"
"value" : "n/a"
}
]
}
@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=9564f777e20bab7dc29dbbb22d353cd1348b1ec2",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=9564f777e20bab7dc29dbbb22d353cd1348b1ec2"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
@ -60,4 +65,3 @@
]
}
}

8
2018/11xxx/CVE-2018-11894.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel,While processing preferred network offload scan results integer overflow may lead to buffer overflow when large frame length is received from FW."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing preferred network offload scan results integer overflow may lead to buffer overflow when large frame length is received from FW."
}
]
},
@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e60c5608f843ec106a98a98b33de0c3be070d557",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e60c5608f843ec106a98a98b33de0c3be070d557"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
@ -60,4 +65,3 @@
]
}
}

8
2018/11xxx/CVE-2018-11895.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel,Improper length check Validation in WLAN fucntion can lead to driver writes the default rsn capabilities to the memory not allocated to the frame."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper length check Validation in WLAN function can lead to driver writes the default rsn capabilities to the memory not allocated to the frame."
}
]
},
@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=3dfe93028c0c6564db7aa4607a85413195925aa4",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=3dfe93028c0c6564db7aa4607a85413195925aa4"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
@ -60,4 +65,3 @@
]
}
}

8
2018/11xxx/CVE-2018-11897.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel,While processing diag event after associating to a network out of bounds read occurs if ssid of the network joined is greater than max limit."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing diag event after associating to a network out of bounds read occurs if ssid of the network joined is greater than max limit."
}
]
},
@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=7500b7660997121039001f0ff91ce3b63040544b",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=7500b7660997121039001f0ff91ce3b63040544b"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
@ -60,4 +65,3 @@
]
}
}

13
2018/11xxx/CVE-2018-11898.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel,While processing start bss request from upper layer, out of bounds read occurs if ssid length is greater than maximum."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing start bss request from upper layer, out of bounds read occurs if ssid length is greater than maximum."
}
]
},
@ -52,6 +52,16 @@
},
"references" : {
"reference_data" : [
{
"name" : "https://source.android.com/security/bulletin/2018-09-01#qualcomm-components",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/2018-09-01#qualcomm-components"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=dc657f502adb3038784b7488d2f183ed31b6aac3",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=dc657f502adb3038784b7488d2f183ed31b6aac3"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
@ -60,4 +70,3 @@
]
}
}

7
2018/11xxx/CVE-2018-11902.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel,Lack of length validation check for value received from firmware can lead to OOB access in WLAN HOST."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from firmware can lead to OOB access in WLAN HOST."
}
]
},
@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e6298b787b3510c295dd0c9276194b3578f3cf09",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=e6298b787b3510c295dd0c9276194b3578f3cf09"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",

8
2018/11xxx/CVE-2018-11903.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel,Lack of length validation check for value received from caller function used as an array index for WMA interfaces can lead to OOB write in WLAN HOST."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check for value received from caller function used as an array index for WMA interfaces can lead to OOB write in WLAN HOST."
}
]
},
@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=84cd3bee44fa37b196cfad8b15d858408534862d",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=84cd3bee44fa37b196cfad8b15d858408534862d"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
@ -60,4 +65,3 @@
]
}
}

253
2018/11xxx/CVE-2018-11904.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel,Asynchronous callbacks received a pointer to a callers local variable. Should the caller return early (e.g., timeout), the callback will dereference an invalid pointer."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, asynchronous callbacks received a pointer to a callers local variable. Should the caller return early (e.g., timeout), the callback will dereference an invalid pointer."
}
]
},
@ -52,6 +52,256 @@
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=0a755b400876ab4d58151e98462d3fa8fe099f61",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=0a755b400876ab4d58151e98462d3fa8fe099f61"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=00022c12e0cad8b735f94d6ee3785a557b4a3df2",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=00022c12e0cad8b735f94d6ee3785a557b4a3df2"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=3815e870ef906409af4a228f66d9400081227b75",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=3815e870ef906409af4a228f66d9400081227b75"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=667b3108d10e9580bf9f6d337c759dc88a1a0bdc",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=667b3108d10e9580bf9f6d337c759dc88a1a0bdc"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=731ebf70a25ab2cdc32d2626dcebe60fe3b09481",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=731ebf70a25ab2cdc32d2626dcebe60fe3b09481"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=85ea1c126b05f133206cd9c6d8d9fbf137d81d27",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=85ea1c126b05f133206cd9c6d8d9fbf137d81d27"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=8ee65e3c9addab1d3c15ba013401f5698fb73594",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=8ee65e3c9addab1d3c15ba013401f5698fb73594"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=9a8f1aeb8055de80137e769fae637cd480495509",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=9a8f1aeb8055de80137e769fae637cd480495509"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=a009a84d04bfac2a5c01101f38a70d216960fac0",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=a009a84d04bfac2a5c01101f38a70d216960fac0"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=a4b4267f94802e0a4d93999649710bbf340796d5",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=a4b4267f94802e0a4d93999649710bbf340796d5"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=be70d02f12cb9a71a9b07b601f0efafc99718ec9",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=be70d02f12cb9a71a9b07b601f0efafc99718ec9"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=ebf1042efb9bd4517cd09a543bb4e3a164de8771",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=ebf1042efb9bd4517cd09a543bb4e3a164de8771"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=ec9896d0bc7521bbbe6dc28a198635dc281e7358",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=ec9896d0bc7521bbbe6dc28a198635dc281e7358"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=f9f86fd07af5606d0cb74c3eca5b2cbfda509345",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=f9f86fd07af5606d0cb74c3eca5b2cbfda509345"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?h=wlan-cld2.driver.lnx.1.0.r21-rel&id=391d37818aaa8038a06662075dd8893501452931",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?h=wlan-cld2.driver.lnx.1.0.r21-rel&id=391d37818aaa8038a06662075dd8893501452931"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=106f5c62b01b5a212bb53d13e3a3e70db2baedee",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=106f5c62b01b5a212bb53d13e3a3e70db2baedee"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=174c053d1aa1bf5395647e3927d718255f3cbe75",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=174c053d1aa1bf5395647e3927d718255f3cbe75"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=17f6fbb4b52a6acdd831ebaffdac9bbc88d2f423",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=17f6fbb4b52a6acdd831ebaffdac9bbc88d2f423"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=191f02a7ec2a4cccaebbdac8d36897e1ae125244",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=191f02a7ec2a4cccaebbdac8d36897e1ae125244"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=335ae3f8b353b6c7260eacb6aa706bb30f8a6bdc",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=335ae3f8b353b6c7260eacb6aa706bb30f8a6bdc"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=3ea5197d268c6f4ed08fb866b587349f7049c6d5",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=3ea5197d268c6f4ed08fb866b587349f7049c6d5"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=4aa30844e28eb4b410f86d97e970a39fcdfd797d",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=4aa30844e28eb4b410f86d97e970a39fcdfd797d"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=4abed07fd2380b6073f5cc9f2a701773e914f86f",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=4abed07fd2380b6073f5cc9f2a701773e914f86f"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=54e7d8fa44202a8528ef33d85381bca63d7749a5",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=54e7d8fa44202a8528ef33d85381bca63d7749a5"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=57a5e1f62cd3230fd046b199eee902507100e18c",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=57a5e1f62cd3230fd046b199eee902507100e18c"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=78a681f9d0d8e9843223dc42d02443e911b196a1",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=78a681f9d0d8e9843223dc42d02443e911b196a1"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=846f561170f0f4f6345d6b0ce1c35bf7059126cb",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=846f561170f0f4f6345d6b0ce1c35bf7059126cb"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=8dc81c98ed72c99983660d5b94c2c8283bc1ff7f",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=8dc81c98ed72c99983660d5b94c2c8283bc1ff7f"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=9048145ff167fb8f9f8d2a9845ee1d1b45c4884c",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=9048145ff167fb8f9f8d2a9845ee1d1b45c4884c"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=99c0ddb04e8de0b8139778c7fb77b1957d113769",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=99c0ddb04e8de0b8139778c7fb77b1957d113769"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=9e040e43da5fe987747e16b305d7adf66977420f",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=9e040e43da5fe987747e16b305d7adf66977420f"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=a978afb1838273e0d7a7ec86dd8bc9db85dff49d",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=a978afb1838273e0d7a7ec86dd8bc9db85dff49d"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=b98f8aafb23cbc8e883870bcc9dac165b3d75ae6",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=b98f8aafb23cbc8e883870bcc9dac165b3d75ae6"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=d42e72aa69a02531396b5a37cadebf927a757aa6",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=d42e72aa69a02531396b5a37cadebf927a757aa6"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=eb72224cc57092448663fecc2c9bfa0f775eb770",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=eb72224cc57092448663fecc2c9bfa0f775eb770"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=fb2f07b3b0d637a403bb891c57e76b6345a92cf0",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=fb2f07b3b0d637a403bb891c57e76b6345a92cf0"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=002cb97a955832197f3ceebfa8b32bd12b946151",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=002cb97a955832197f3ceebfa8b32bd12b946151"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=0c5a2ba407f23efd89cac6dc45e2ab9bdba3ada1",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=0c5a2ba407f23efd89cac6dc45e2ab9bdba3ada1"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=17275491f327909b32945ec1f465968021d22a7f",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=17275491f327909b32945ec1f465968021d22a7f"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=239aba9a1a4a474d86bde9cb67bfb1b2d6379a7c",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=239aba9a1a4a474d86bde9cb67bfb1b2d6379a7c"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=7af334bfc3375c9f85a330b84db17c0db1d6dade",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=7af334bfc3375c9f85a330b84db17c0db1d6dade"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=9ab5a5a0b63075cfd095ed6bcf506b4704c523e1",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=9ab5a5a0b63075cfd095ed6bcf506b4704c523e1"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a544494791b6307a2fe52fa282768083deb8a317",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a544494791b6307a2fe52fa282768083deb8a317"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a6ace5b9ea34f22b136a35248087efc2ceb35fd4",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=a6ace5b9ea34f22b136a35248087efc2ceb35fd4"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=c13bdf105aa20559d2d783508051ad2dd3cfa65b",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=c13bdf105aa20559d2d783508051ad2dd3cfa65b"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=dd9ae2971b493909879cc2fd0fa97d12e1560762",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=dd9ae2971b493909879cc2fd0fa97d12e1560762"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=dda167ca8104de77f46fd29c66f66f807c63b309",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=dda167ca8104de77f46fd29c66f66f807c63b309"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=ee9797fbefb45eee88c92420a24cda838cff6b45",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=ee9797fbefb45eee88c92420a24cda838cff6b45"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f11eeadd214e081a824f30aec5cb52d390ef576c",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f11eeadd214e081a824f30aec5cb52d390ef576c"
},
{
"name" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f7ee321d5f31ce5bc6a4cbec72a965d272b3b77b",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f7ee321d5f31ce5bc6a4cbec72a965d272b3b77b"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
@ -60,4 +310,3 @@
]
}
}

8
2018/3xxx/CVE-2018-3573.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel,While relocating kernel images with a specially crafted boot image, an out of bounds access can occur."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while relocating kernel images with a specially crafted boot image, an out of bounds access can occur."
}
]
},
@ -52,6 +52,11 @@
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=49ecadaf98f99d7ef0b5a05a8320e5328da42008",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=49ecadaf98f99d7ef0b5a05a8320e5328da42008"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
@ -60,4 +65,3 @@
]
}
}

23
2018/3xxx/CVE-2018-3574.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel,Userspace can request ION cache maintenance on a secure ION buffer for which the ION_FLAG_SECURE ion flag is not set and cause the kernel to attempt to perform cache maintenance on memory which does not belong to HLOS."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, userspace can request ION cache maintenance on a secure ION buffer for which the ION_FLAG_SECURE ion flag is not set and cause the kernel to attempt to perform cache maintenance on memory which does not belong to HLOS."
}
]
},
@ -52,6 +52,26 @@
},
"references" : {
"reference_data" : [
{
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=3286b75d91519073d2f20bee85f22e294d5f1a18",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=3286b75d91519073d2f20bee85f22e294d5f1a18"
},
{
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=09874396dfbf546e5a628d810fcf5ea51a4d5785",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=09874396dfbf546e5a628d810fcf5ea51a4d5785"
},
{
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=53261410da625aaa2e070555aaa150a8533e5be4",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-4.9/commit/?id=53261410da625aaa2e070555aaa150a8533e5be4"
},
{
"name" : "https://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000049462",
"refsource" : "CONFIRM",
"url" : "https://support.blackberry.com/kb/articleDetail?language=en_US&articleNumber=000049462"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
@ -60,4 +80,3 @@
]
}
}

18
2018/5xxx/CVE-2018-5905.json
View File

@ -34,7 +34,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel,A race condition while accessing num of clients in DIAG services can lead to out of boundary access."
"value" : "In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, a race condition while accessing num of clients in DIAG services can lead to out of boundary access."
}
]
},
@ -52,6 +52,21 @@
},
"references" : {
"reference_data" : [
{
"name" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000051163",
"refsource" : "CONFIRM",
"url" : "http://support.blackberry.com/kb/articleDetail?articleNumber=000051163"
},
{
"name" : "https://source.android.com/security/bulletin/pixel/2018-08-01#qualcomm-components",
"refsource" : "CONFIRM",
"url" : "https://source.android.com/security/bulletin/pixel/2018-08-01#qualcomm-components"
},
{
"name" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=6eb2f4f6fde1b210712d6ac66b40b9e7684d77db",
"refsource" : "CONFIRM",
"url" : "https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=6eb2f4f6fde1b210712d6ac66b40b9e7684d77db"
},
{
"name" : "https://www.codeaurora.org/security-bulletin/2018/09/04/september-2018-code-aurora-security-bulletin",
"refsource" : "CONFIRM",
@ -60,4 +75,3 @@
]
}
}

4
2018/8xxx/CVE-2018-8017.json
View File

@ -35,7 +35,7 @@
"description_data" : [
{
"lang" : "eng",
"value" : "A carefully crafted file can trigger an infinite loop in Apache Tika's IptcAnpaParser."
"value" : "In Apache Tika 1.2 to 1.18, a carefully crafted file can trigger an infinite loop in the IptcAnpaParser."
}
]
},
@ -54,6 +54,8 @@
"references" : {
"reference_data" : [
{
"name" : "[tika-dev] 20180919 [CVE-2018-8017] Apache Tika Denial of Service Vulnerability -- Potential Infinite Loop in IptcAnpaParser",
"refsource" : "MLIST",
"url" : "https://lists.apache.org/thread.html/72df7a3f0dda49a912143a1404b489837a11f374dfd1961061873a91@%3Cdev.tika.apache.org%3E"
}
]