CVSS: 9.1EPSS: 0%CPEs: 818EXPL: 0CVE-2020-11166
https://notcve.org/view.php?id=CVE-2020-11166
Potential out of bound read exception when UE receives unusually large number of padding octets in the beginning of ROHC header in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Una posible excepción de lectura fuera de límite cuando UE recibe un número inusualmente grande de octetos de relleno al comienzo del encabezado ROHC en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables • https://www.qualcomm.com/company/product-security/bulletins/march-2021-bulletin • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1064EXPL: 0CVE-2020-11296
https://notcve.org/view.php?id=CVE-2020-11296
Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking Un desbordamiento aritmético puede ocurrir mientras se procesa NOA IE debido a un manejo inapropiado de errores en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking • https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin • CWE-617: Reachable Assertion •
CVSS: 10.0EPSS: 0%CPEs: 696EXPL: 0CVE-2020-11272
https://notcve.org/view.php?id=CVE-2020-11272
Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be deleted and using a stale version later can lead to use after free condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables Antes de poner en cola una trama en la cola PE para su posterior procesamiento, una entrada en una tabla hash puede ser eliminada y usando una versión antigua más tarde puede conllevar a un uso de la memoria previamente liberada en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables • https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 788EXPL: 0CVE-2020-11195
https://notcve.org/view.php?id=CVE-2020-11195
Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffers in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music Una escritura y lectura fuera de límite en TA mientras se procesa un comando desde el lado NS debido a una comprobación de longitud inapropiada en los búferes de comando y respuesta en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music • https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 502EXPL: 0CVE-2020-11163
https://notcve.org/view.php?id=CVE-2020-11163
Possible buffer overflow while updating ikev2 parameters due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile Un posible desbordamiento del búfer mientras se actualiza los parámetros ikev2 debido a una falta de comprobación de la validación de entrada para determinados parámetros recibidos del servidor ePDG en los productos Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile • https://www.qualcomm.com/company/product-security/bulletins/february-2021-bulletin • CWE-129: Improper Validation of Array Index •