admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #15 from CVEProject/master

Browse Source 
"-Synchronized-Data."
This commit is contained in:
TWCERTCC - CNA 2021-05-11 14:02:59 +08:00 committed by GitHub
commit a388f4c5df
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1787 changed files with 58747 additions and 4119 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
2002/0xxx/CVE-2002-0316.json
View File

@ -66,6 +66,11 @@
"name": "4167",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/4167"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2003/0xxx/CVE-2003-0375.json
View File

@ -66,6 +66,11 @@
"name": "20030522 XMB 1.8 Partagium cross site scripting vulnerability",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105363936402228&w=2"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2003/0xxx/CVE-2003-0483.json
View File

@ -56,6 +56,11 @@
"name": "20030623 Many XSS Vulnerabilities in XMB Forum.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=105638720409307&w=2"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2004/0xxx/CVE-2004-0322.json
View File

@ -81,6 +81,11 @@
"name": "20040223 [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq&m=107756526625179&w=2"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2004/0xxx/CVE-2004-0323.json
View File

@ -81,6 +81,11 @@
"name": "20040326 [waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 SP3 and 1.9 beta]",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0265.html"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2004/1xxx/CVE-2004-1862.json
View File

@ -96,6 +96,11 @@
"name": "14986",
"refsource": "OSVDB",
"url": "http://osvdb.org/14986"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2004/1xxx/CVE-2004-1863.json
View File

@ -86,6 +86,11 @@
"name": "14991",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/14991"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2004/1xxx/CVE-2004-1864.json
View File

@ -76,6 +76,11 @@
"name": "16886",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/16886"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2004/2xxx/CVE-2004-2588.json
View File

@ -81,6 +81,11 @@
"name": "20040326 [waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 SP3 and 1.9 beta]",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2004-03/0265.html"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2005/0xxx/CVE-2005-0885.json
View File

@ -61,6 +61,11 @@
"name": "1013515",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1013515"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2005/2xxx/CVE-2005-2574.json
View File

@ -61,6 +61,11 @@
"name": "http://forums.xmbforum.com/viewthread.php?tid=754523",
"refsource": "MISC",
"url": "http://forums.xmbforum.com/viewthread.php?tid=754523"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2005/2xxx/CVE-2005-2575.json
View File

@ -61,6 +61,11 @@
"name": "14523",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14523"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2005/3xxx/CVE-2005-3544.json
View File

@ -76,6 +76,11 @@
"name": "17458",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17458"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2005/3xxx/CVE-2005-3688.json
View File

@ -81,6 +81,11 @@
"name": "1015237",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015237"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2005/3xxx/CVE-2005-3689.json
View File

@ -76,6 +76,11 @@
"name": "ADV-2005-2488",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2488"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2006/0xxx/CVE-2006-0365.json
View File

@ -66,6 +66,11 @@
"name": "20060118 XMB Forum HTML Code Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/422277/100/0/threaded"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2006/0xxx/CVE-2006-0778.json
View File

@ -96,6 +96,11 @@
"name": "http://www.gulftech.org/?node=research&article_id=00100-02122006",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00100-02122006"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2006/0xxx/CVE-2006-0779.json
View File

@ -86,6 +86,11 @@
"name": "http://www.gulftech.org/?node=research&article_id=00100-02122006",
"refsource": "MISC",
"url": "http://www.gulftech.org/?node=research&article_id=00100-02122006"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2006/1xxx/CVE-2006-1748.json
View File

@ -66,6 +66,11 @@
"name": "20060409 XMB Forum 1.9.5-Final XSS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430432/100/0/threaded"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2006/3xxx/CVE-2006-3994.json
View File

@ -76,6 +76,11 @@
"name": "ADV-2006-3088",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/3088"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2006/4xxx/CVE-2006-4191.json
View File

@ -91,6 +91,11 @@
"name": "19494",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/19494"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2007/0xxx/CVE-2007-0519.json
View File

@ -71,6 +71,11 @@
"name": "http://aria-security.com/forum/showthread.php?p=129",
"refsource": "MISC",
"url": "http://aria-security.com/forum/showthread.php?p=129"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2007/6xxx/CVE-2007-6728.json
View File

@ -56,6 +56,11 @@
"name": "http://forum.antichat.ru/showpost.php?p=340740",
"refsource": "MISC",
"url": "http://forum.antichat.ru/showpost.php?p=340740"
},
{
"refsource": "MISC",
"name": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History",
"url": "https://docs.xmbforum2.com/index.php?title=Security_Issue_History"
}
]
}

5
2010/4xxx/CVE-2010-4344.json
View File

@ -211,6 +211,11 @@
"name": "[oss-security] 20101210 Exim remote root",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/10/1"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
"url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"
}
]
}

5
2010/4xxx/CVE-2010-4345.json
View File

@ -186,6 +186,11 @@
"name": "[oss-security] 20101210 Exim remote root",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2010/12/10/1"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
"url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"
}
]
}

5
2014/2xxx/CVE-2014-2957.json
View File

@ -61,6 +61,11 @@
"name": "http://git.exim.org/exim.git/commitdiff/5b7a7c051c9ab9ee7c924a611f90ef2be03e0ad0",
"refsource": "CONFIRM",
"url": "http://git.exim.org/exim.git/commitdiff/5b7a7c051c9ab9ee7c924a611f90ef2be03e0ad0"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
"url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"
}
]
}

15
2014/9xxx/CVE-2014-9342.json
View File

@ -56,6 +56,21 @@
"name": "20141202 F5 BIGIP - (OLD!) Persistent XSS in ASM Module",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/534137/100/0/threaded"
},
{
"refsource": "CONFIRM",
"name": "https://support.f5.com/kb/en-us/solutions/public/15000/900/sol15939.html",
"url": "https://support.f5.com/kb/en-us/solutions/public/15000/900/sol15939.html"
},
{
"refsource": "SECUNIA",
"name": "62000",
"url": "http://secunia.com/advisories/62000"
},
{
"refsource": "MISC",
"name": "https://support.f5.com/csp/article/K15939",
"url": "https://support.f5.com/csp/article/K15939"
}
]
}

5
2015/0xxx/CVE-2015-0235.json
View File

@ -481,6 +481,11 @@
"refsource": "CONFIRM",
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-994726.pdf"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
"url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"
}
]
}

15
2016/1xxx/CVE-2016-1247.json
View File

@ -111,6 +111,21 @@
"name": "http://packetstormsecurity.com/files/139750/Nginx-Debian-Based-Distros-Root-Privilege-Escalation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/139750/Nginx-Debian-Based-Distros-Root-Privilege-Escalation.html"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-10c1cd4cba",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P3WOO7E5R2HT5XVOIOFPEFALILVOWZUF/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-1556d440ba",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ESTIADC7BDB6VTH4JAP6C6OCW2CQ4NHP/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-3aa9ac7fd1",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CBIZEKHBOCKO7FUMCO4X53ENMWU5OYFX/"
}
]
}

67
2016/20xxx/CVE-2016-20010.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-20010",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "EWWW Image Optimizer before 2.8.5 allows remote command execution because it relies on a protection mechanism involving boolval, which is unavailable before PHP 5.5."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.wordfence.com/blog/2016/06/vulnerability-ewww-image-optimizer/",
"refsource": "MISC",
"name": "https://www.wordfence.com/blog/2016/06/vulnerability-ewww-image-optimizer/"
},
{
"url": "https://plugins.trac.wordpress.org/browser/ewww-image-optimizer/trunk/changelog.txt",
"refsource": "MISC",
"name": "https://plugins.trac.wordpress.org/browser/ewww-image-optimizer/trunk/changelog.txt"
}
]
}
}

5
2016/2xxx/CVE-2016-2170.json
View File

@ -116,6 +116,11 @@
"refsource": "MLIST",
"name": "[ofbiz-notifications] 20210329 [jira] [Commented] (OFBIZ-6942) Comment out RMI related code because of the Java deserialization issue [CVE-2016-2170]",
"url": "https://lists.apache.org/thread.html/r3ee005dd767cd83f522719423f5e7dd316f168ddbd1dc51a13d4e244@%3Cnotifications.ofbiz.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[ofbiz-notifications] 20210427 [jira] [Updated] (OFBIZ-12212) Comment out the SOAP and HTTP engines - Fix [CVE-2021-30128]",
"url": "https://lists.apache.org/thread.html/rbe512e5ccd6b11169c6379daa1234bc805f3d53c5a38224e956295ce@%3Cnotifications.ofbiz.apache.org%3E"
}
]
}

7
2016/2xxx/CVE-2016-2388.json
View File

@ -34,7 +34,7 @@
"description_data": [
{
"lang": "eng",
"value": "The Universal Worklist Configuration in SAP NetWeaver 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846."
"value": "The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846."
}
]
},
@ -81,6 +81,11 @@
"name": "43495",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43495/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/145860/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html",
"url": "http://packetstormsecurity.com/files/145860/SAP-NetWeaver-J2EE-Engine-7.40-SQL-Injection.html"
}
]
}

5
2016/4xxx/CVE-2016-4971.json
View File

@ -111,6 +111,11 @@
"name": "https://security.paloaltonetworks.com/CVE-2016-4971",
"refsource": "CONFIRM",
"url": "https://security.paloaltonetworks.com/CVE-2016-4971"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/162395/GNU-wget-Arbitrary-File-Upload-Code-Execution.html",
"url": "http://packetstormsecurity.com/files/162395/GNU-wget-Arbitrary-File-Upload-Code-Execution.html"
}
]
}

5
2017/16xxx/CVE-2017-16943.json
View File

@ -101,6 +101,11 @@
"name": "https://bugs.exim.org/show_bug.cgi?id=2199",
"refsource": "MISC",
"url": "https://bugs.exim.org/show_bug.cgi?id=2199"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
"url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"
}
]
}

5
2017/16xxx/CVE-2017-16944.json
View File

@ -91,6 +91,11 @@
"name": "43184",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/43184/"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
"url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"
}
]
}

10
2017/9xxx/CVE-2017-9438.json
View File

@ -61,6 +61,16 @@
"name": "https://github.com/VirusTotal/yara/commit/10e8bd3071677dd1fa76beeef4bc2fc427cea5e7",
"refsource": "CONFIRM",
"url": "https://github.com/VirusTotal/yara/commit/10e8bd3071677dd1fa76beeef4bc2fc427cea5e7"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-f41d5fc954",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXM224OLGI6KAOROLDPPGGCZ2OQVQ6HH/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-dd62918333",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKNXSH5ERG6NELTXCYVJLUPJJJ2TNEBD/"
}
]
}

5
2018/12xxx/CVE-2018-12541.json
View File

@ -111,6 +111,11 @@
"refsource": "MLIST",
"name": "[bookkeeper-issues] 20210421 [GitHub] [bookkeeper] lhotari commented on pull request #2693: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541",
"url": "https://lists.apache.org/thread.html/rbdc279ecdb7ac496a03befb05a53605c4ce2b67e14f8f4df4cfa1203@%3Cissues.bookkeeper.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[bookkeeper-issues] 20210507 [GitHub] [bookkeeper] dlg99 commented on pull request #2693: [Security] Upgrade vertx to 3.9.7, addresses CVE-2018-12541",
"url": "https://lists.apache.org/thread.html/r1af71105539fe01fcecb92d2ecd8eea56c515fb1c80ecab4df424553@%3Cissues.bookkeeper.apache.org%3E"
}
]
}

18
2018/25xxx/CVE-2018-25009.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-25009",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/25xxx/CVE-2018-25010.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-25010",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/25xxx/CVE-2018-25011.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-25011",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/25xxx/CVE-2018-25012.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-25012",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/25xxx/CVE-2018-25013.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-25013",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

18
2018/25xxx/CVE-2018-25014.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2018-25014",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

5
2019/0xxx/CVE-2019-0161.json
View File

@ -73,6 +73,11 @@
"refsource": "FEDORA",
"name": "FEDORA-2019-d47a9d4b8b",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TQYVZRFEXSN3KS43AVH4D7QX553EZQYP/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html"
}
]
},

5
2019/10xxx/CVE-2019-10127.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1707098",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1707098"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210430-0004/",
"url": "https://security.netapp.com/advisory/ntap-20210430-0004/"
}
]
},

5
2019/10xxx/CVE-2019-10128.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1707102",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1707102"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210430-0004/",
"url": "https://security.netapp.com/advisory/ntap-20210430-0004/"
}
]
},

5
2019/10xxx/CVE-2019-10149.json
View File

@ -138,6 +138,11 @@
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/154198/Exim-4.91-Local-Privilege-Escalation.html",
"url": "http://packetstormsecurity.com/files/154198/Exim-4.91-Local-Privilege-Escalation.html"
},
{
"refsource": "MLIST",
"name": "[oss-security] 20210504 21Nails: Multiple vulnerabilities in Exim",
"url": "http://www.openwall.com/lists/oss-security/2021/05/04/7"
}
]
},

123
2019/10xxx/CVE-2019-10574.json
View File

@ -1,62 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2019-10574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
"version": {
"version_data": [
{
"version_value": "APQ8009, APQ8016, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCM2150, QCS605, QM215, Rennell, SC7180, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of boundary checks for data offsets received from HLOS can lead to out-of-bound read in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCM2150, QCS605, QM215, Rennell, SC7180, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Over-read Issue in HLOS"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2019-10574",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
"version": {
"version_data": [
{
"version_value": "APQ8009, APQ8016, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCM2150, QCS605, QM215, Rennell, SC7180, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Lack of boundary checks for data offsets received from HLOS can lead to out-of-bound read in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8016, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCM2150, QCS605, QM215, Rennell, SC7180, SDA660, SDA845, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SM6150, SM7150, SM8150, SXR1130, SXR2130"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Over-read Issue in HLOS"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/april-2020-bulletin"
},
{
"refsource": "MISC",
"name": "https://research.checkpoint.com/2019/the-road-to-qualcomm-trustzone-apps-fuzzing/",
"url": "https://research.checkpoint.com/2019/the-road-to-qualcomm-trustzone-apps-fuzzing/"
}
]
}
}

5
2019/12xxx/CVE-2019-12425.json
View File

@ -63,6 +63,11 @@
"refsource": "MLIST",
"name": "[ofbiz-commits] 20210321 [ofbiz-site] branch master updated: Updates security page for CVE-2021-26295 fixed in 17.12.06",
"url": "https://lists.apache.org/thread.html/r0a0a701610b3bcdf14634047313adab3f1628bb9aa55cf29cd262ef5@%3Ccommits.ofbiz.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[ofbiz-commits] 20210427 [ofbiz-site] branch master updated: Updates security page for CVE-2021-29200 and 30128 fixed in 17.12.07",
"url": "https://lists.apache.org/thread.html/r108a964764b8bd21ebd32ccd4f51c183ee80a251c105b849154a8e9d@%3Ccommits.ofbiz.apache.org%3E"
}
]
},

5
2019/14xxx/CVE-2019-14558.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00356.html",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00356.html"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html"
}
]
},

5
2019/14xxx/CVE-2019-14559.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://bugzilla.tianocore.org/show_bug.cgi?id=2031",
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=2031"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html"
}
]
},

5
2019/14xxx/CVE-2019-14562.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://bugzilla.tianocore.org/show_bug.cgi?id=2215",
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=2215"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html"
}
]
},

5
2019/14xxx/CVE-2019-14563.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://bugzilla.tianocore.org/show_bug.cgi?id=2001",
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=2001"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html"
}
]
},

5
2019/14xxx/CVE-2019-14575.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://bugzilla.tianocore.org/show_bug.cgi?id=1608",
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1608"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html"
}
]
},

5
2019/14xxx/CVE-2019-14586.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://bugzilla.tianocore.org/show_bug.cgi?id=1995",
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1995"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html"
}
]
},

5
2019/14xxx/CVE-2019-14587.json
View File

@ -48,6 +48,11 @@
"refsource": "MISC",
"name": "https://bugzilla.tianocore.org/show_bug.cgi?id=1989",
"url": "https://bugzilla.tianocore.org/show_bug.cgi?id=1989"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210429 [SECURITY] [DLA 2645-1] edk2 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00032.html"
}
]
},

15
2019/17xxx/CVE-2019-17195.json
View File

@ -91,6 +91,21 @@
"refsource": "MLIST",
"name": "[avro-dev] 20210416 [jira] [Commented] (AVRO-3111) CVE-2019-17195",
"url": "https://lists.apache.org/thread.html/r35f6301a3e6a56259224786dd9c2a935ba27ff6b494d15a3b66efe6a@%3Cdev.avro.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[druid-commits] 20210506 [GitHub] [druid] jihoonson commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791",
"url": "https://lists.apache.org/thread.html/r33dc233634aedb04fa77db3eb79ea12d15ca4da89fa46a1c585ecb0b@%3Ccommits.druid.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[druid-commits] 20210506 [GitHub] [druid] maytasm commented on a change in pull request #11215: Suppressing false positive CVE-2020-7791",
"url": "https://lists.apache.org/thread.html/r2667286c8ceffaf893b16829b9612d8f7c4ee6b30362c6c1b583e3c2@%3Ccommits.druid.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[druid-commits] 20210507 [druid] branch 0.21.1 updated: Suppressing false positive CVE-2020-7791 (#11215) (#11217)",
"url": "https://lists.apache.org/thread.html/r5e08837e695efd36be73510ce58ec05785dbcea077819d8acc2d990d@%3Ccommits.druid.apache.org%3E"
}
]
}

10
2019/17xxx/CVE-2019-17571.json
View File

@ -458,6 +458,16 @@
"refsource": "MLIST",
"name": "[tinkerpop-dev] 20210316 [jira] [Created] (TINKERPOP-2534) Log4j flagged as critical security violation",
"url": "https://lists.apache.org/thread.html/rd3a9511eebab60e23f224841390a3f8cd5358cff605c5f7042171e47@%3Cdev.tinkerpop.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[activemq-users] 20210427 Release date for ActiveMQ v5.16.2 to fix CVEs",
"url": "https://lists.apache.org/thread.html/r8244fd0831db894d5e89911ded9c72196d395a90ae655414d23ed0dd@%3Cusers.activemq.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[activemq-users] 20210427 Re: Release date for ActiveMQ v5.16.2 to fix CVEs",
"url": "https://lists.apache.org/thread.html/r3543ead2317dcd3306f69ee37b07dd383dbba6e2f47ff11eb55879ad@%3Cusers.activemq.apache.org%3E"
}
]
},

5
2019/19xxx/CVE-2019-19004.json
View File

@ -66,6 +66,11 @@
"refsource": "CONFIRM",
"name": "https://github.com/autotrace/autotrace/pull/40",
"url": "https://github.com/autotrace/autotrace/pull/40"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-cb871c9e6c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC6MUH2RLVEA634LHBNZ2KO7MQKI2RDZ/"
}
]
}

5
2019/19xxx/CVE-2019-19005.json
View File

@ -61,6 +61,11 @@
"refsource": "CONFIRM",
"name": "https://github.com/autotrace/autotrace/pull/40",
"url": "https://github.com/autotrace/autotrace/pull/40"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-cb871c9e6c",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC6MUH2RLVEA634LHBNZ2KO7MQKI2RDZ/"
}
]
}

10
2019/19xxx/CVE-2019-19648.json
View File

@ -56,6 +56,16 @@
"url": "https://github.com/VirusTotal/yara/issues/1178",
"refsource": "MISC",
"name": "https://github.com/VirusTotal/yara/issues/1178"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-f41d5fc954",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XXM224OLGI6KAOROLDPPGGCZ2OQVQ6HH/"
},
{
"refsource": "FEDORA",
"name": "FEDORA-2021-dd62918333",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKNXSH5ERG6NELTXCYVJLUPJJJ2TNEBD/"
}
]
}

5
2019/25xxx/CVE-2019-25013.json
View File

@ -116,6 +116,11 @@
"refsource": "MLIST",
"name": "[kafka-jira] 20210423 [jira] [Comment Edited] (KAFKA-12698) CVE-2019-25013 high priority vulnerability reported in Kafka",
"url": "https://lists.apache.org/thread.html/r4806a391091e082bdea17266452ca656ebc176e51bb3932733b3a0a2@%3Cjira.kafka.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[zookeeper-issues] 20210506 [jira] [Resolved] (ZOOKEEPER-4285) High CVE-2019-25013 reported by Clair scanner for Zookeeper 3.6.1",
"url": "https://lists.apache.org/thread.html/rd2354f9ccce41e494fbadcbc5ad87218de6ec0fff8a7b54c8462226c@%3Cissues.zookeeper.apache.org%3E"
}
]
}

72
2019/25xxx/CVE-2019-25031.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25031",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-in-the-middle attack against a cleartext HTTP session."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
"refsource": "MISC",
"name": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210507-0007/",
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
]
}
}

72
2019/25xxx/CVE-2019-25032.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25032",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
"refsource": "MISC",
"name": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210507-0007/",
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
]
}
}

72
2019/25xxx/CVE-2019-25033.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25033",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
"refsource": "MISC",
"name": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210507-0007/",
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
]
}
}

72
2019/25xxx/CVE-2019-25034.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25034",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-bounds write."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
"refsource": "MISC",
"name": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210507-0007/",
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
]
}
}

72
2019/25xxx/CVE-2019-25035.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25035",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
"refsource": "MISC",
"name": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210507-0007/",
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
]
}
}

72
2019/25xxx/CVE-2019-25036.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25036",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
"refsource": "MISC",
"name": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210507-0007/",
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
]
}
}

72
2019/25xxx/CVE-2019-25037.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25037",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid packet."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
"refsource": "MISC",
"name": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210507-0007/",
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
]
}
}

72
2019/25xxx/CVE-2019-25038.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25038",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
"refsource": "MISC",
"name": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210507-0007/",
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
]
}
}

72
2019/25xxx/CVE-2019-25039.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25039",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
"refsource": "MISC",
"name": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210507-0007/",
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
]
}
}

72
2019/25xxx/CVE-2019-25040.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25040",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
"refsource": "MISC",
"name": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210507-0007/",
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
]
}
}

72
2019/25xxx/CVE-2019-25041.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25041",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
"refsource": "MISC",
"name": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210507-0007/",
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
]
}
}

72
2019/25xxx/CVE-2019-25042.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25042",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/",
"refsource": "MISC",
"name": "https://ostif.org/our-audit-of-unbound-dns-by-x41-d-sec-full-results/"
},
{
"refsource": "MLIST",
"name": "[debian-lts-announce] 20210506 [SECURITY] [DLA 2652-1] unbound1.9 security update",
"url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00007.html"
},
{
"refsource": "CONFIRM",
"name": "https://security.netapp.com/advisory/ntap-20210507-0007/",
"url": "https://security.netapp.com/advisory/ntap-20210507-0007/"
}
]
}
}

62
2019/25xxx/CVE-2019-25043.json Normal file
View File

@ -0,0 +1,62 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-25043",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ModSecurity 3.x before 3.0.4 mishandles key-value pair parsing, as demonstrated by a \"string index out of range\" error and worker-process crash for a \"Cookie: =abc\" header."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://github.com/SpiderLabs/ModSecurity/issues/2566",
"refsource": "MISC",
"name": "https://github.com/SpiderLabs/ModSecurity/issues/2566"
}
]
}
}

5
2019/3xxx/CVE-2019-3810.json
View File

@ -67,6 +67,11 @@
"url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372",
"name": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372",
"refsource": "CONFIRM"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/162399/Moodle-3.6.1-Cross-Site-Scripting.html",
"url": "http://packetstormsecurity.com/files/162399/Moodle-3.6.1-Cross-Site-Scripting.html"
}
]
},

10
2020/0xxx/CVE-2020-0454.json
View File

@ -48,6 +48,16 @@
"refsource": "MISC",
"name": "https://source.android.com/security/bulletin/2020-11-01",
"url": "https://source.android.com/security/bulletin/2020-11-01"
},
{
"refsource": "MISC",
"name": "https://www.usenix.org/conference/usenixsecurity19/presentation/reardon",
"url": "https://www.usenix.org/conference/usenixsecurity19/presentation/reardon"
},
{
"refsource": "MISC",
"name": "https://www.usenix.org/system/files/sec19-reardon.pdf",
"url": "https://www.usenix.org/system/files/sec19-reardon.pdf"
}
]
},

5
2020/10xxx/CVE-2020-10713.json
View File

@ -103,6 +103,11 @@
"refsource": "MISC",
"name": "https://cve.openeuler.org/#/CVEInfo/CVE-2020-10713",
"url": "https://cve.openeuler.org/#/CVEInfo/CVE-2020-10713"
},
{
"refsource": "GENTOO",
"name": "GLSA-202104-05",
"url": "https://security.gentoo.org/glsa/202104-05"
}
]
},

2
2020/10xxx/CVE-2020-10746.json
View File

@ -55,7 +55,7 @@
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in Infinispan version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion, and shutdown of the entire server."
"value": "A flaw was found in Infinispan (org.infinispan:infinispan-server-runtime) version 10, where it permits local access to controls via both REST and HotRod APIs. This flaw allows a user authenticated to the local machine to perform all operations on the caches, including the creation, update, deletion, and shutdown of the entire server."
}
]
}

10
2020/11xxx/CVE-2020-11022.json
View File

@ -228,6 +228,16 @@
"refsource": "MLIST",
"name": "[flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E"
}
]
},

10
2020/11xxx/CVE-2020-11023.json
View File

@ -338,6 +338,16 @@
"refsource": "MLIST",
"name": "[flink-issues] 20210422 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"url": "https://lists.apache.org/thread.html/rede9cfaa756e050a3d83045008f84a62802fc68c17f2b4eabeaae5e4@%3Cissues.flink.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[flink-issues] 20210429 [jira] [Commented] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"url": "https://lists.apache.org/thread.html/r54565a8f025c7c4f305355fdfd75b68eca442eebdb5f31c2e7d977ae@%3Cissues.flink.apache.org%3E"
},
{
"refsource": "MLIST",
"name": "[flink-issues] 20210429 [jira] [Updated] (FLINK-20014) Resolve CVE-2020-11022 and CVE-2020-11023 in scala-compiler",
"url": "https://lists.apache.org/thread.html/re4ae96fa5c1a2fe71ccbb7b7ac1538bd0cb677be270a2bf6e2f8d108@%3Cissues.flink.apache.org%3E"
}
]
},

128
2020/11xxx/CVE-2020-11201.json
View File

@ -1,62 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA845, SDM640, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "u'Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA845, SDM640, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Pointer Dereference in Video"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11201",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA845, SDM640, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA845, SDM640, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Pointer Dereference in Video"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/",
"url": "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/"
},
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin"
},
{
"refsource": "MISC",
"name": "https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/",
"url": "https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/"
}
]
}
}

128
2020/11xxx/CVE-2020-11202.json
View File

@ -1,62 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA845, SDM640, SDM670, SDM710, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "u'Buffer overflow/underflow occurs when typecasting the buffer passed by CPU internally in the library which is not aligned with the actual size of the structure' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA845, SDM640, SDM670, SDM710, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation in Video"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11202",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA845, SDM640, SDM670, SDM710, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow/underflow occurs when typecasting the buffer passed by CPU internally in the library which is not aligned with the actual size of the structure' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in QCM6125, QCS410, QCS603, QCS605, QCS610, QCS6125, SA6145P, SA6155, SA6155P, SA8155, SA8155P, SDA640, SDA670, SDA845, SDM640, SDM670, SDM710, SDM830, SDM845, SDX50M, SDX55, SDX55M, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM7125, SM7150, SM7150P, SM8150, SM8150P"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation in Video"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/",
"url": "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/"
},
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin"
},
{
"refsource": "MISC",
"name": "https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/",
"url": "https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/"
}
]
}
}

128
2020/11xxx/CVE-2020-11206.json
View File

@ -1,62 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "APQ8098, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "u'Possible buffer overflow in Fastrpc while handling received parameters due to lack of validation on input parameters' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Pointer Dereference in ComputerVision"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11206",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "APQ8098, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Possible buffer overflow in Fastrpc while handling received parameters due to lack of validation on input parameters' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8098, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, QSM8350, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SM8350, SM8350P, SXR2130, SXR2130P"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Untrusted Pointer Dereference in ComputerVision"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/",
"url": "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/"
},
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin"
},
{
"refsource": "MISC",
"name": "https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/",
"url": "https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/"
}
]
}
}

128
2020/11xxx/CVE-2020-11207.json
View File

@ -1,62 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "APQ8052, APQ8056, APQ8076, APQ8096, APQ8096SG, APQ8098, MDM9655, MSM8952, MSM8956, MSM8976, MSM8976SG, MSM8996, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "u'Buffer overflow in LibFastCV library due to improper size checks with respect to buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8052, APQ8056, APQ8076, APQ8096, APQ8096SG, APQ8098, MDM9655, MSM8952, MSM8956, MSM8976, MSM8976SG, MSM8996, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy Without Checking Size of Input in Computer Vision"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11207",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "APQ8052, APQ8056, APQ8076, APQ8096, APQ8096SG, APQ8098, MDM9655, MSM8952, MSM8956, MSM8976, MSM8976SG, MSM8996, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in LibFastCV library due to improper size checks with respect to buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile in APQ8052, APQ8056, APQ8076, APQ8096, APQ8096SG, APQ8098, MDM9655, MSM8952, MSM8956, MSM8976, MSM8976SG, MSM8996, MSM8996SG, MSM8998, QCM4290, QCM6125, QCS410, QCS4290, QCS610, QCS6125, QSM8250, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC7180, SDA640, SDA660, SDA845, SDA855, SDM640, SDM660, SDM830, SDM845, SDM850, SDX50M, SDX55, SDX55M, SM4250, SM4250P, SM6115, SM6115P, SM6125, SM6150, SM6150P, SM6250, SM6250P, SM6350, SM7125, SM7150, SM7150P, SM7225, SM7250, SM7250P, SM8150, SM8150P, SM8250, SXR2130, SXR2130P"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Copy Without Checking Size of Input in Computer Vision"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/",
"url": "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/"
},
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin"
},
{
"refsource": "MISC",
"name": "https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/",
"url": "https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/"
}
]
}
}

128
2020/11xxx/CVE-2020-11208.json
View File

@ -1,62 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "",
"version": {
"version_data": [
{
"version_value": "SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "u'Out of Bound issue in DSP services while processing received arguments due to improper validation of length received as an argument' in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow in DSP Process"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11208",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "",
"version": {
"version_data": [
{
"version_value": "SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out of Bound issue in DSP services while processing received arguments due to improper validation of length received as an argument' in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Overflow in DSP Process"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/",
"url": "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/"
},
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin"
},
{
"refsource": "MISC",
"name": "https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/",
"url": "https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/"
}
]
}
}

128
2020/11xxx/CVE-2020-11209.json
View File

@ -1,62 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "",
"version": {
"version_data": [
{
"version_value": "SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "u'Improper authorization in DSP process could allow unauthorized users to downgrade the library versions in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization in DSP Process"
}
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11209",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "",
"version": {
"version_data": [
{
"version_value": "SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin"
}
]
}
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper authorization in DSP process could allow unauthorized users to downgrade the library versions in SD820, SD821, SD820, QCS603, QCS605, SDA855, SA6155P, SA6145P, SA6155, SA6155P, SD855, SD 675, SD660, SD429, SD439"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Authorization in DSP Process"
}
]
}
]
},
"references": {
"reference_data": [
{
"refsource": "MISC",
"name": "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/",
"url": "https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/"
},
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/november-2020-bulletin"
},
{
"refsource": "MISC",
"name": "https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/",
"url": "https://research.checkpoint.com/2021/pwn2own-qualcomm-dsp/"
}
]
}
}

79
2020/11xxx/CVE-2020-11254.json
View File

@ -1,18 +1,69 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11254",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11254",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "PM6150A, PM6150L, PM6350, PM660, PM660L, PM7250B, PM8008, PM8009, PM8350, PM8350B, PM8350BH, PM8350C, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM8195AU, PMR735A, PMR735B, QAT3516, QAT3518, QAT3519, QAT3555, QAT5515, QAT5516, QAT5522, QAT5568, QBT1500, QCA6574AU, QCA6696, QDM3301, QDM4643, QDM4650, QDM5620, QDM5621, QDM5670, QDM5671, QET5100, QET5100M, QET6100, QET6105, QET6110, QFS2530, QFS2580, QFS2608, QFS2630, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA5461, QPA5580, QPA5581, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5621, QPM5641, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6585, QPM6621, QPM6670, QPM8820, QPM8870, QTC800H, QTC800S, QTC801S, QTM525, SA6145P, SA6150P, SA6155P, SA8150P, SA8155P, SA8195P, SD480, SD670, SD710, SD888, SD888 5G, SDR660, SDR660G, SDR735, SDR735G, SDR865, SDXR1, SMB1351, SMB1355, SMB1396, SMB1398, SMR526, SMR545, SMR546, WCD9326, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3980, WCN3988, WCN3990, WCN3991, WCN6850, WCN6851, WCN6855, WCN6856, WSA8830, WSA8835"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory corruption during buffer allocation due to dereferencing session ctx pointer without checking if pointer is valid in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile"
}
]
},
"impact": {
"cvss": {
"baseScore": "6.2",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Null Pointer Dereference Issue in DSP"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
}
]
}
}

79
2020/11xxx/CVE-2020-11268.json
View File

@ -1,18 +1,69 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11268",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11268",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "APQ8009, APQ8016, APQ8074, APQ8084, APQ8094, AR6003, MDM8215, MDM8215M, MDM8615M, MDM9215, MDM9235M, MDM9310, MDM9609, MDM9615, MDM9615M, MDM9635M, MDM9640, MDM9645, MSM8108, MSM8208, MSM8209, MSM8216, MSM8274, MSM8608, MSM8674, MSM8916, MSM8929, MSM8939, MSM8974, MSM8974P, MSM8994, PM8018, PM8841, PM8909, PM8916, PM8941, PM8994, PMD9635, PMD9645, PMI8994, QCA1990, QCA6174, QCA6174A, QCA6584, QFE1035, QFE1040, QFE1045, QFE1100, QFE1101, QFE1520, QFE1550, QFE2101, QFE2310, QFE2320, QFE2330, QFE2340, QFE2520, QFE2550, QFE2720, QFE3100, QFE3320, QFE3335, QFE3340, QFE3345, SD210, SMB1360, WCD9306, WCD9330, WCN3610, WCN3620, WCN3660, WCN3660A, WCN3660B, WCN3680, WCN3680B, WFR1620, WGR7640, WTR1605, WTR1605L, WTR1625, WTR1625L, WTR2605, WTR2955, WTR3925, WTR4605, WTR4905"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Potential UE reset while decoding a crafted Sib1 or SIB1 that schedules unsupported SIBs and can lead to denial of service in Snapdragon Auto, Snapdragon Mobile"
}
]
},
"impact": {
"cvss": {
"baseScore": "7.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation in LTE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
}
]
}
}

79
2020/11xxx/CVE-2020-11273.json
View File

@ -1,18 +1,69 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11273",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11273",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "CSRB31024, PM3003A, PM6150A, PM6150L, PM6350, PM7150A, PM7150L, PM7250, PM7250B, PM8005, PM8008, PM8009, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350C, PM855, PM855B, PM855L, PM8998, PMI8998, PMK8002, PMK8003, PMK8350, PMR525, PMR735A, PMR735B, PMX24, PMX55, PMX60, QAT3516, QAT3518, QAT3519, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT2000, QCA6390, QCA6391, QCA6421, QCA6426, QCA6431, QCA6436, QCA6564AU, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, QDM2301, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM4643, QDM4650, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4101, QET5100, QET5100M, QET6100, QET6110, QFS2530, QFS2580, QFS2608, QFS2630, QLN1021AQ, QLN1031, QLN1036AQ, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5620, QPM5621, QPM5641, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QTC800H, QTC801S, QTM525, SA415M, SD480, SD690 5G, SD750G, SD765, SD765G, SD768G, SD845, SD855, SD865 5G, SD870, SD888 5G, SDR735, SDR735G, SDR8150, SDR8250, SDR845, SDR865, SDX55, SDX55M, SDXR2 5G, SM7250P, SMB1355, SMB1380, SMB1381, SMB1390, SMB1395, SMB1396, SMB1398, SMR525, SMR526, WCD9340, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3988, WCN3990, WCN3991, WCN3998, WCN6850, WCN6851, WCN6855, WCN6856, WSA8810, WSA8815, WSA8830, WSA8835"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Histogram type KPI was teardown with the assumption of the existence of histogram binning info and will lead to null pointer access when histogram binning info is missing due to lack of null check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile"
}
]
},
"impact": {
"cvss": {
"baseScore": "7.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reachable Assertion in Modem"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
}
]
}
}

79
2020/11xxx/CVE-2020-11274.json
View File

@ -1,18 +1,69 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11274",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11274",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "AQT1000, CSRB31024, FSM10055, FSM10056, PM3003A, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8998, PMC1000H, PMI632, PMI8998, PMK8002, PMK8003, PMK8350, PMM855AU, PMR525, PMR735A, PMR735B, PMX24, PMX50, PMX55, PMX60, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1500, QBT2000, QCA6174A, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564AU, QCA6574A, QCA6574AU, QCA6584AU, QCA6595AU, QCA6696, QCA8337, QCA9377, QCM6125, QCS410, QCS610, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM4643, QDM4650, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET5100, QET5100M, QET6100, QET6110, QFS2530, QFS2580, QFS2608, QFS2630, QLN1021AQ, QLN1031, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4360, QPA4361, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5620, QPM5621, QPM5641, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC801S, QTM525, QTM527, SA415M, SA515M, SA8155, SA8155P, SC8180X+SDX55, SD 675, SD 8C, SD 8CX, SD480, SD665, SD675, SD678, SD690 5G, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD845, SD855, SD865 5G, SD870, SD888 5G, SDR051, SDR052, SDR660, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR845, SDR865, SDX24, SDX50M, SDX55, SDX55M, SDXR2 5G, SM6250, SM6250P, SM7250P, SMB1351, SMB1355, SMB1380, SMB1381, SMB1390, SMB1395, SMB1396, SMB1398, SMB2351, SMR525, SMR526, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6850, WCN6851, WCN6855, WCN6856, WHS9410, WSA8810, WSA8815, WSA8830, WSA8835"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Denial of service in MODEM due to assert to the invalid configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile"
}
]
},
"impact": {
"cvss": {
"baseScore": "7.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Reachable Assertion in Modem"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
}
]
}
}

79
2020/11xxx/CVE-2020-11279.json
View File

@ -1,18 +1,69 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11279",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11279",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",
"version": {
"version_data": [
{
"version_value": "APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8084, APQ8096AU, AQT1000, AR6003, AR8151, CSR6030, CSRB31024, MDM8207, MDM8215, MDM8215M, MDM8615M, MDM9150, MDM9205, MDM9206, MDM9207, MDM9215, MDM9230, MDM9250, MDM9310, MDM9330, MDM9607, MDM9615, MDM9615M, MDM9625, MDM9628, MDM9630, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8108, MSM8208, MSM8209, MSM8608, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8976SG, MSM8996AU, PM215, PM3003A, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8018, PM8019, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8940, PM8952, PM8953, PM8956, PM8996, PM8998, PMC1000H, PMD9607, PMD9635, PMD9645, PMD9655, PMD9655AU, PME605, PMI632, PMI8937, PMI8940, PMI8952, PMI8994, PMI8996, PMI8998, PMK8001, PMK8002, PMM855AU, PMM8996AU, PMR525, PMR735A, PMW3100, PMX20, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QBT1000, QBT1500, QBT2000, QCA4004, QCA4020, QCA6174, QCA6174A, QCA6234, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6694, QCA6694AU, QCA6696, QCA8337, QCA9367, QCA9377, QCA9379, QCC1110, QCM4290, QCM6125, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET4200AQ, QET5100, QET5100M, QET6110, QFE1035, QFE1040, QFE1045, QFE1100, QFE2080FC, QFE2081FC, QFE2082FC, QFE2101, QFE2340, QFE2520, QFE2550, QFE3100, QFE3320, QFE3335, QFE3340, QFE3345, QFE3440FC, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE4309, QFE4320, QFE4373FC, QFE4455FC, QFE4465FC, QFS2530, QFS2580, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1035BD, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5373, QPA5460, QPA5580, QPA6560, QPA8673, QPA8675, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4650, QPM5620, QPM5621, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM6582, QPM6585, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC800T, QTC801S, QTM525, QTM527, Qualcomm215, RGR7640AU, RSW8577, SA415M, SA515M, SA8155, SA8155P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD632, SD660, SD665, SD670, SD675, SD678, SD710, SD712, SD720G, SD730, SD765, SD765G, SD768G, SD820, SD821, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888 5G, SDM630, SDR051, SDR052, SDR105, SDR660, SDR660G, SDR675, SDR735, SDR8150, SDR8250, SDR845, SDR865, SDW2500, SDW3100, SDX20, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM6250, SM6250P, SM7250P, SMB1350, SMB1351, SMB1355, SMB1357, SMB1358, SMB1360, SMB1380, SMB1381, SMB1390, SMB231, SMB2351, SMB358, SMB358S, SMR525, SMR526, SMR545, SMR546, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6850, WCN6851, WCN6855, WCN6856, WFR1620, WGR7640, WHS9410, WSA8810, WSA8815, WTR1605, WTR1605L, WTR1625, WTR2955, WTR2965, WTR3905, WTR3925, WTR3950, WTR4605, WTR4905, WTR5975, WTR6955"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Memory corruption while processing crafted SDES packets due to improper length check in sdes packets recieved in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables"
}
]
},
"impact": {
"cvss": {
"baseScore": "7.5",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Integer Overflow or Wraparound issues in Modem"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
}
]
}
}

79
2020/11xxx/CVE-2020-11284.json
View File

@ -1,18 +1,69 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11284",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11284",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking",
"version": {
"version_data": [
{
"version_value": "AQT1000, AR8035, PM3003A, PM4125, PM4250, PM6125, PM6150, PM6150A, PM6150L, PM6350, PM640A, PM640L, PM640P, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM855, PM855B, PM855L, PM855P, PM8998, PMD9655, PMI632, PMI8998, PMK8002, PMK8003, PMM8195AU, PMM855AU, PMR525, PMX24, PMX55, QAT3522, QAT3550, QBT1500, QBT2000, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6574AU, QCA6595, QCA9984, QCM2290, QCM4290, QCS2290, QCS405, QCS4290, QET4101, QET5100, QET6100, QET6105, QFS2530, QFS2580, QPA4360, QPA5460, QPA6560, QSW8574, QTC410S, QTC800H, QTC800S, QTC801S, QTM525, SA6155P, SA8195P, SD 8C, SD 8CX, SD460, SD480, SD662, SD675, SD855, SD865 5G, SD870, SD888 5G, SDM830, SDR425, SDR660, SDR660G, SDR735, SDR735G, SDR8150, SDR8250, SDR865, SDX24, SDX55, SDX55M, SDXR2 5G, SM4125, SMB1351, SMB1354, SMB1355, SMB1390, SMB1396, SMR525, SMR526, SMR545, SMR546, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WGR7640, WHS9410, WSA8810, WSA8815, WTR2965, WTR3925, WTR5975"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Locked memory can be unlocked and modified by non secure boot loader through improper system call sequence making the memory region untrusted source of input for secure boot loader in Snapdragon Auto, Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking"
}
]
},
"impact": {
"cvss": {
"baseScore": "8.4",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Operation Within Bounds of Memory Buffer in QTEE"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
}
]
}
}

79
2020/11xxx/CVE-2020-11285.json
View File

@ -1,18 +1,69 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11285",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11285",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables",
"version": {
"version_data": [
{
"version_value": "APQ8009, APQ8009W, APQ8017, APQ8037, APQ8053, APQ8084, APQ8096AU, AQT1000, AR8151, CSR6030, CSRB31024, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9625, MDM9628, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8108, MSM8208, MSM8209, MSM8608, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8976, MSM8976SG, MSM8996AU, PM215, PM3003A, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8019, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8940, PM8952, PM8953, PM8956, PM8996, PM8998, PMC1000H, PMD9607, PMD9635, PMD9645, PMD9655, PMD9655AU, PME605, PMI632, PMI8937, PMI8940, PMI8952, PMI8994, PMI8996, PMI8998, PMK8001, PMK8002, PMK8003, PMM855AU, PMM8996AU, PMR525, PMR735A, PMR735B, PMW3100, PMX20, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QBT1000, QBT1500, QBT2000, QCA4004, QCA4020, QCA6174A, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584, QCA6584AU, QCA6595, QCA6595AU, QCA6694, QCA6694AU, QCA6696, QCA8337, QCA9367, QCA9377, QCA9379, QCC1110, QCM4290, QCM6125, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET4200AQ, QET5100, QET5100M, QET6100, QET6110, QFE1035, QFE1040, QFE1045, QFE1100, QFE2080FC, QFE2081FC, QFE2082FC, QFE2101, QFE2340, QFE2520, QFE2550, QFE3100, QFE3320, QFE3335, QFE3340, QFE3345, QFE3440FC, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE4309, QFE4320, QFE4373FC, QFE4455FC, QFE4465FC, QFS2530, QFS2580, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1035BD, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5373, QPA5460, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4650, QPM5620, QPM5621, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM6582, QPM6585, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC800T, QTC801S, QTM525, QTM527, Qualcomm215, RGR7640AU, RSW8577, SA415M, SA515M, SA8155, SA8155P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD480, SD632, SD660, SD665, SD670, SD675, SD678, SD690 5G, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD820, SD821, SD835, SD845, SD850, SD855, SD865 5G, SD870, SDM630, SDR051, SDR052, SDR105, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR845, SDR865, SDW2500, SDW3100, SDX20, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM6250, SM6250P, SM7250P, SMB1351, SMB1355, SMB1357, SMB1358, SMB1360, SMB1380, SMB1381, SMB1390, SMB1395, SMB1396, SMB231, SMB2351, SMB358, SMB358S, SMR525, SMR526, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6850, WCN6851, WCN6855, WCN6856, WFR1620, WGR7640, WHS9410, WSA8810, WSA8815, WSA8830, WSA8835, WTR1625, WTR2955, WTR2965, WTR3905, WTR3925, WTR3950, WTR4605, WTR4905, WTR5975, WTR6955"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer over-read while unpacking the RTCP packet we may read extra byte if wrong length is provided in RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables"
}
]
},
"impact": {
"cvss": {
"baseScore": "8.2",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Over-read in Data Modem"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
}
]
}
}

79
2020/11xxx/CVE-2020-11288.json
View File

@ -1,18 +1,69 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11288",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11288",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music",
"version": {
"version_data": [
{
"version_value": "AQT1000, AR8031, AR8035, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, MDM9205, PM3003A, PM4125, PM4250, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350C, PM855, PM855B, PM855L, PM855P, PM8998, PMC1000H, PMD9655, PME605, PMI632, PMI8998, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM8195AU, PMM855AU, PMR525, PMR735A, PMR735B, PMX24, PMX50, PMX55, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1500, QBT2000, QCA4004, QCA6174A, QCA6175A, QCA6310, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8337, QCA9377, QCM2290, QCM4290, QCM6125, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM4643, QDM4650, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET4200AQ, QET5100, QET5100M, QET6100, QET6105, QET6110, QFS2530, QFS2580, QFS2608, QFS2630, QLN1021AQ, QLN1031, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4360, QPA4361, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8688, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5541, QPM5577, QPM5579, QPM5620, QPM5621, QPM5641, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6325, QPM6375, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSM8250, QSM8350, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC801S, QTM525, QTM527, SA2150P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC8180X+SDX55, SD 675, SD 8C, SD 8CX, SD460, SD480, SD662, SD665, SD670, SD675, SD678, SD690 5G, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD7c, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDR051, SDR052, SDR105, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR865, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SMB1351, SMB1354, SMB1355, SMB1380, SMB1381, SMB1390, SMB1395, SMB1396, SMB1398, SMB231, SMB2351, SMR525, SMR526, SMR545, SMR546, WCD9306, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WGR7640, WSA8810, WSA8815, WSA8830, WSA8835, WTR2965, WTR3925, WTR5975"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out of bound write can occur in playready while processing command due to lack of input validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music"
}
]
},
"impact": {
"cvss": {
"baseScore": "7.8",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Operation Within Bounds of Memory Buffer in Content Protection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
}
]
}
}

79
2020/11xxx/CVE-2020-11289.json
View File

@ -1,18 +1,69 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11289",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11289",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
"version": {
"version_data": [
{
"version_value": "APQ8009, APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096AU, AQT1000, AR8031, AR8035, AR8151, CSR8811, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, IPQ5010, IPQ5018, IPQ6000, IPQ6005, IPQ6010, IPQ6018, IPQ6028, IPQ8070, IPQ8070A, IPQ8071, IPQ8071A, IPQ8072, IPQ8072A, IPQ8074, IPQ8074A, IPQ8076, IPQ8076A, IPQ8078, IPQ8078A, IPQ8173, IPQ8174, MDM8207, MDM9150, MDM9205, MDM9206, MDM9207, MDM9250, MDM9607, MDM9628, MDM9640, MDM9650, MDM9655, MSM8108, MSM8208, MSM8209, MSM8608, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, PM215, PM3003A, PM4125, PM4250, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8019, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350C, PM855, PM855A, PM855B, PM855L, PM855P, PM8909, PM8916, PM8937, PM8940, PM8953, PM8996, PM8998, PMC1000H, PMD9607, PMD9655, PMD9655AU, PME605, PMI632, PMI8937, PMI8940, PMI8952, PMI8994, PMI8996, PMI8998, PMK8001, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM8195AU, PMM855AU, PMM8996AU, PMP8074, PMR525, PMR735A, PMR735B, PMW3100, PMX24, PMX50, PMX55, QAT3514, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1000, QBT1500, QBT2000, QCA4004, QCA4020, QCA4024, QCA6174A, QCA6175A, QCA6234, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6428, QCA6430, QCA6431, QCA6436, QCA6438, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6694, QCA6694AU, QCA6696, QCA8072, QCA8075, QCA8081, QCA8337, QCA9367, QCA9377, QCA9379, QCA9888, QCA9889, QCA9984, QCC112, QCM2290, QCM4290, QCM6125, QCN5021, QCN5022, QCN5024, QCN5052, QCN5054, QCN5064, QCN5121, QCN5122, QCN5124, QCN5152, QCN5154, QCN5164, QCN5550, QCN6023, QCN6024, QCN9000, QCN9012, QCN9022, QCN9024, QCN9070, QCN9072, QCN9074, QCN9100, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QCS6125, QDM2301, QDM2302, QDM2305, QDM2307, QDM2308, QDM2310, QDM3301, QDM4643, QDM4650, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4100, QET4101, QET4200AQ, QET5100, QET5100M, QET6100, QET6105, QET6110, QFE2080FC, QFE2081FC, QFE2082FC, QFE2101, QFE2520, QFE2550, QFE3100, QFE3320, QFE3340, QFE3440FC, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE4309, QFE4320, QFE4373FC, QFE4455FC, QFE4465FC, QFS2530, QFS2580, QFS2608, QFS2630, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1035BD, QLN1036AQ, QLN4640, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4340, QPA4360, QPA4361, QPA5373, QPA5460, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8675, QPA8686, QPA8688, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM2630, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5541, QPM5577, QPM5579, QPM5620, QPM5621, QPM5641, QPM5657, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6325, QPM6375, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8830, QPM8870, QPM8895, QSM7250, QSM8250, QSM8350, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC800T, QTC801S, QTM525, QTM527, Qualcomm215, RGR7640AU, RSW8577, SA2150P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD205, SD210, SD429, SD439, SD450, SD460, SD480, SD632, SD660, SD662, SD665, SD670, SD675, SD678, SD690 5G, SD710, SD712, SD720G, SD730, SD750G, SD765, SD765G, SD768G, SD7c, SD820, SD821, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDM630, SDR051, SDR052, SDR105, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR845, SDR865, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SM7250P, SMB1350, SMB1351, SMB1354, SMB1355, SMB1358, SMB1360, SMB1380, SMB1381, SMB1390, SMB1395, SMB1396, SMB1398, SMB231, SMB2351, SMB358, SMR525, SMR526, SMR545, SMR546, WCD9306, WCD9326, WCD9330, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WGR7640, WSA8810, WSA8815, WSA8830, WSA8835, WTR2955, WTR2965, WTR3905, WTR3925, WTR3950, WTR4605, WTR4905, WTR5975, WTR6955"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking"
}
]
},
"impact": {
"cvss": {
"baseScore": "7.8",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Restriction of Operation Within Bounds of Memory Buffer in Content Protection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
}
]
}
}

79
2020/11xxx/CVE-2020-11293.json
View File

@ -1,18 +1,69 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11293",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11293",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking",
"version": {
"version_data": [
{
"version_value": "APQ8017, APQ8037, APQ8053, APQ8064AU, APQ8096AU, AQT1000, AR8031, AR8035, AR8151, CSRA6620, CSRA6640, CSRB31024, FSM10055, FSM10056, MDM9205, MDM9640, MDM9650, MDM9655, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, PM215, PM3003A, PM4125, PM4250, PM439, PM456, PM6125, PM6150, PM6150A, PM6150L, PM6250, PM6350, PM640A, PM640L, PM640P, PM660, PM660A, PM660L, PM670, PM670A, PM670L, PM7250B, PM8004, PM8005, PM8008, PM8009, PM8019, PM8150, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM855, PM855A, PM855B, PM855L, PM855P, PM8916, PM8937, PM8940, PM8953, PM8996, PM8998, PMC1000H, PMD9655, PME605, PMI632, PMI8937, PMI8940, PMI8952, PMI8994, PMI8996, PMI8998, PMK8001, PMK8002, PMK8003, PMM6155AU, PMM8155AU, PMM8195AU, PMM855AU, PMM8996AU, PMR525, PMR735A, PMW3100, PMX24, PMX50, PMX55, QAT3514, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QBT1000, QBT1500, QBT2000, QCA4004, QCA4020, QCA6174A, QCA6175A, QCA6234, QCA6310, QCA6320, QCA6335, QCA6390, QCA6391, QCA6420, QCA6421, QCA6426, QCA6430, QCA6431, QCA6436, QCA6564, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6694, QCA6694AU, QCA6696, QCA8337, QCA9377, QCA9379, QCA9984, QCC112, QCM2290, QCM4290, QCS2290, QCS405, QCS410, QCS4290, QCS603, QCS605, QCS610, QDM2301, QDM2302, QDM2307, QDM2308, QDM2310, QET4100, QET4101, QET4200AQ, QET5100, QET5100M, QET6100, QET6105, QFE2080FC, QFE2081FC, QFE2082FC, QFE2101, QFE2520, QFE2550, QFE3100, QFE3340, QFE3440FC, QFE4301, QFE4302, QFE4303, QFE4305, QFE4308, QFE4309, QFE4320, QFE4373FC, QFE4455FC, QFE4465FC, QFS2530, QFS2580, QLN1020, QLN1021AQ, QLN1030, QLN1031, QLN1035BD, QLN1036AQ, QLN4640, QLN5030, QPA4340, QPA4360, QPA4361, QPA5373, QPA5460, QPA6560, QPA8673, QPA8675, QPA8686, QPA8688, QPA8801, QPA8802, QPA8803, QPA8821, QPM2630, QPM8820, QPM8870, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC800T, QTC801S, QTM525, Qualcomm215, RGR7640AU, RSW8577, SA2150P, SA415M, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SC8180X+SDX55, SD 455, SD 636, SD 675, SD 8C, SD 8CX, SD429, SD439, SD450, SD460, SD480, SD632, SD660, SD662, SD665, SD670, SD675, SD678, SD710, SD712, SD720G, SD730, SD7c, SD820, SD821, SD835, SD845, SD850, SD855, SD865 5G, SD870, SD888 5G, SDA429W, SDM429W, SDM630, SDM830, SDR051, SDR052, SDR105, SDR425, SDR660, SDR660G, SDR675, SDR735, SDR735G, SDR8150, SDR8250, SDR845, SDR865, SDX24, SDX50M, SDX55, SDX55M, SDXR1, SDXR2 5G, SM4125, SM6250, SM6250P, SMB1350, SMB1351, SMB1354, SMB1355, SMB1358, SMB1360, SMB1380, SMB1381, SMB1390, SMB1396, SMB231, SMB2351, SMR525, SMR526, SMR545, SMR546, WCD9306, WCD9326, WCD9335, WCD9340, WCD9341, WCD9360, WCD9370, WCD9371, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660, WCN3660B, WCN3680B, WCN3910, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN3999, WCN6850, WGR7640, WHS9410, WSA8810, WSA8815, WTR2955, WTR2965, WTR3905, WTR3925, WTR3950, WTR4905, WTR5975, WTR6955"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out of bound read can happen in Widevine TA while copying data to buffer from user data due to lack of check of buffer length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking"
}
]
},
"impact": {
"cvss": {
"baseScore": "5.1",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Buffer Over-read in Content Protection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
}
]
}
}

79
2020/11xxx/CVE-2020-11294.json
View File

@ -1,18 +1,69 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11294",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11294",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables",
"version": {
"version_data": [
{
"version_value": "AR8035, PM215, PM3003A, PM6125, PM6150, PM6150A, PM6150L, PM6350, PM640A, PM640L, PM640P, PM670, PM670L, PM7150A, PM7150L, PM7250, PM7250B, PM8005, PM8008, PM8009, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350C, PM855, PM855B, PM855L, PM8909, PM8998, PMI632, PMI8998, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM8195AU, PMM855AU, PMR525, PMR735A, PMR735B, PMW3100, PMX55, QAT3516, QAT3518, QAT3519, QAT3522, QAT3550, QAT3555, QAT5515, QAT5516, QAT5522, QAT5533, QAT5568, QBT1500, QBT2000, QCA6175A, QCA6390, QCA6391, QCA6421, QCA6426, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6584AU, QCA6595, QCA6595AU, QCA6696, QCA8337, QCM4290, QCM6125, QCS4290, QCS605, QCS6125, QDM2301, QDM2302, QDM2305, QDM3301, QDM4643, QDM4650, QDM5620, QDM5621, QDM5650, QDM5652, QDM5670, QDM5671, QDM5677, QDM5679, QET4101, QET4200AQ, QET5100, QET5100M, QET6100, QET6105, QET6110, QFS2530, QFS2580, QFS2608, QFS2630, QLN1021AQ, QLN1031, QLN1036AQ, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA4360, QPA4361, QPA5460, QPA5461, QPA5580, QPA5581, QPA6560, QPA8673, QPA8686, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5621, QPM5641, QPM5658, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6582, QPM6585, QPM6621, QPM6670, QPM8820, QPM8870, QPM8895, QSM7250, QSW6310, QSW8573, QSW8574, QTC410S, QTC800H, QTC800S, QTC801S, QTM525, QTM527, Qualcomm215, SA2150P, SA515M, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SD205, SD210, SD429, SD460, SD480, SD662, SD665, SD675, SD765, SD765G, SD768G, SD855, SD865 5G, SD870, SD888, SD888 5G, SDA429W, SDM429W, SDM830, SDR425, SDR660, SDR660G, SDR735, SDR735G, SDR8250, SDR865, SDX55, SDX55M, SDXR2 5G, SM7250P, SMB1354, SMB1355, SMB1381, SMB1390, SMB1395, SMB1396, SMB1398, SMR525, SMR526, SMR545, SMR546, WCD9326, WCD9340, WCD9341, WCD9360, WCD9370, WCD9375, WCD9380, WCD9385, WCN3610, WCN3615, WCN3620, WCN3660B, WCN3680, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN3998, WCN6750, WCN6850, WCN6851, WGR7640, WSA8810, WSA8815, WSA8830, WSA8835, WTR2965, WTR3925, WTR4905, WTR5975"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Out of bound write in logger due to prefix size is not validated while prepended to logging string in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables"
}
]
},
"impact": {
"cvss": {
"baseScore": "5.9",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Validation of Array Index in radio interface layer"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
}
]
}
}

79
2020/11xxx/CVE-2020-11295.json
View File

@ -1,18 +1,69 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-11295",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
"CVE_data_meta": {
"ASSIGNER": "product-security@qualcomm.com",
"ID": "CVE-2020-11295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"product": {
"product_data": [
{
"product_name": "Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile",
"version": {
"version_data": [
{
"version_value": "FSM10055, FSM10056, PM3003A, PM6125, PM6150, PM6150A, PM6150L, PM6350, PM660, PM660L, PM7250B, PM8008, PM8009, PM8150A, PM8150B, PM8150C, PM8150L, PM8250, PM8350, PM8350B, PM8350BH, PM8350C, PMI632, PMK8002, PMK8003, PMK8350, PMM6155AU, PMM8155AU, PMM8195AU, PMM855AU, PMR525, PMR735A, PMR735B, PMX55, QAT3516, QAT3518, QAT3519, QAT3555, QAT5515, QAT5516, QAT5522, QAT5568, QBT1500, QBT2000, QCA6390, QCA6391, QCA6421, QCA6426, QCA6431, QCA6436, QCA6564A, QCA6564AU, QCA6574, QCA6574A, QCA6574AU, QCA6595, QCA6595AU, QCA6696, QCM4290, QCS410, QCS4290, QCS610, QDM3301, QDM4643, QDM4650, QDM5620, QDM5621, QDM5670, QDM5671, QET5100, QET5100M, QET6100, QET6105, QET6110, QFS2530, QFS2580, QFS2608, QFS2630, QLN4642, QLN4650, QLN5020, QLN5030, QLN5040, QPA2625, QPA5461, QPA5580, QPA5581, QPA8801, QPA8802, QPA8803, QPA8821, QPA8842, QPM4621, QPM4630, QPM4640, QPM4641, QPM4650, QPM5621, QPM5641, QPM5670, QPM5677, QPM5679, QPM5870, QPM5875, QPM6585, QPM6621, QPM6670, QPM8820, QPM8870, QTC800H, QTC800S, QTC801S, QTM525, SA6145P, SA6150P, SA6155, SA6155P, SA8150P, SA8155, SA8155P, SA8195P, SD460, SD480, SD662, SD670, SD710, SD865 5G, SD870, SD888, SD888 5G, SDR425, SDR660, SDR660G, SDR735, SDR735G, SDR8250, SDR865, SDX55M, SDXR1, SDXR2 5G, SMB1351, SMB1354, SMB1355, SMB1390, SMB1396, SMB1398, SMR525, SMR526, SMR545, SMR546, WCD9326, WCD9341, WCD9370, WCD9375, WCD9380, WCD9385, WCN3950, WCN3980, WCN3988, WCN3990, WCN3991, WCN6750, WCN6850, WCN6851, WCN6855, WCN6856, WGR7640, WSA8810, WSA8815, WSA8830, WSA8835, WTR2965, WTR3925"
}
]
}
}
]
},
"vendor_name": "Qualcomm, Inc."
}
]
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Use after free in camera If the threadmanager is being cleaned up while the worker thread is processing objects in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile"
}
]
},
"impact": {
"cvss": {
"baseScore": "6.8",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Use After Free in Camera"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin",
"refsource": "CONFIRM",
"url": "https://www.qualcomm.com/company/product-security/bulletins/may-2021-bulletin"
}
]
}
}

5
2020/11xxx/CVE-2020-11857.json
View File

@ -53,6 +53,11 @@
"refsource": "MISC",
"name": "https://www.zerodayinitiative.com/advisories/ZDI-20-1215/",
"url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1215/"
},
{
"refsource": "MISC",
"name": "http://packetstormsecurity.com/files/162407/Micro-Focus-Operations-Bridge-Reporter-shrboadmin-Default-Password.html",
"url": "http://packetstormsecurity.com/files/162407/Micro-Focus-Operations-Bridge-Reporter-shrboadmin-Default-Password.html"
}
]
},

Some files were not shown because too many files have changed in this diff Show More