CVSS: 9.1EPSS: 0%CPEs: 106EXPL: 0CVE-2020-3670
https://notcve.org/view.php?id=CVE-2020-3670
02 Nov 2020 — u'Potential out of bounds read while processing downlink NAS transport message due to improper length check of Information Element(IEI) NAS message container' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in Agatti, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909W, MSM8917, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCM612... • https://www.qualcomm.com/company/product-security/bulletins/october-2020-bulletin • CWE-125: Out-of-bounds Read •
CVSS: 9.4EPSS: 0%CPEs: 100EXPL: 0CVE-2020-3634
https://notcve.org/view.php?id=CVE-2020-3634
09 Sep 2020 — u'Multiple Read overflows issue due to improper length check while decoding Generic NAS transport/EMM info' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QCS610, QM215, Rennell, SA415M, Saipan, SC7180, SDA660, S... • https://www.qualcomm.com/company/product-security/bulletins/september-2020-bulletin • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 5.5EPSS: 0%CPEs: 84EXPL: 0CVE-2020-3644
https://notcve.org/view.php?id=CVE-2020-3644
08 Sep 2020 — u'Information disclosure issue occurs as in current logic Secure Touch session is released without terminating display session' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS404, QCS405, QCS605, QCS610, R... • https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.5EPSS: 0%CPEs: 116EXPL: 0CVE-2020-3643
https://notcve.org/view.php?id=CVE-2020-3643
08 Sep 2020 — u'Information disclosure issue can occur due to partial secure display-touch session tear-down' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096AU, APQ8098, IPQ6018, Kamorta, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, ... • https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.8EPSS: 0%CPEs: 122EXPL: 0CVE-2020-3624
https://notcve.org/view.php?id=CVE-2020-3624
08 Sep 2020 — u'A potential buffer overflow exists due to integer overflow when parsing handler options due to wrong data type usage in operation' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9206, MDM9207C, MDM960... • https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 0%CPEs: 195EXPL: 0CVE-2020-3622
https://notcve.org/view.php?id=CVE-2020-3622
08 Sep 2020 — u'Channel name string which has been read from shared memory is potentially subjected to string manipulations but not validated for NULL termination can results into memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, ... • https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 126EXPL: 0CVE-2020-3620
https://notcve.org/view.php?id=CVE-2020-3620
08 Sep 2020 — u'Lack of check of integer overflow while doing a round up operation for data read from shared memory for G-link SMEM transport can lead to corruption and potential information leak' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Bi... • https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin • CWE-190: Integer Overflow or Wraparound •
CVSS: 5.5EPSS: 0%CPEs: 126EXPL: 0CVE-2020-3621
https://notcve.org/view.php?id=CVE-2020-3621
08 Sep 2020 — u'Lack of check to ensure that the TX read index & RX write index that are read from shared memory are less than the FIFO size results into memory corruption and potential information leakage' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, A... • https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 7.0EPSS: 0%CPEs: 50EXPL: 0CVE-2019-14119
https://notcve.org/view.php?id=CVE-2019-14119
08 Sep 2020 — u'While processing SMCInvoke asynchronous message header, message count is modified leading to a TOCTOU race condition and lead to memory corruption' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ6018, Kamorta, MDM9205, MDM9607, Nicobar, QCS404, QCS405, QCS605, QCS610, Rennell, SA415M, SA515M, SA6155P, SC7180, SC8180X, SDM670, SDM710, SDX24,... • https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin • CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 114EXPL: 0CVE-2019-14115
https://notcve.org/view.php?id=CVE-2019-14115
08 Sep 2020 — u'Information disclosure issue occurs as in current logic as secure touch is released without clearing the display session which can result in user reading the secure input while touch is in non-secure domain as secure display is active' in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8... • https://www.qualcomm.com/company/product-security/bulletins/august-2020-bulletin • CWE-459: Incomplete Cleanup •