CVSS: 9.8EPSS: 0%CPEs: 92EXPL: 0CVE-2020-3698
https://notcve.org/view.php?id=CVE-2020-3698
30 Jul 2020 — Out of bound write while QoS DSCP mapping due to improper input validation for data received from association response frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, Nicobar, QCA... • https://www.qualcomm.com/company/product-security/bulletins/july-2020-bulletin • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 114EXPL: 0CVE-2019-14101
https://notcve.org/view.php?id=CVE-2019-14101
30 Jul 2020 — Out of bounds read can happen in diag event set mask command handler when user provided length in the command request is less than expected length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8096, APQ8096AU, APQ8098, Kamorta, MDM9150, MDM9205, MDM9... • https://www.qualcomm.com/company/product-security/bulletins/july-2020-bulletin • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 62EXPL: 0CVE-2019-14037
https://notcve.org/view.php?id=CVE-2019-14037
30 Jul 2020 — Close and bind operations done on a socket can lead to a Use-After-Free condition. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8905, MSM8909W, MSM8996, MSM8996AU, QCN7605, QCN7606, QCS605, SC8180X, SDA660, SDA845, SDM439,... • https://www.qualcomm.com/company/product-security/bulletins/july-2020-bulletin • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 88EXPL: 0CVE-2020-3663
https://notcve.org/view.php?id=CVE-2020-3663
22 Jun 2020 — Buffer over-write may occur during fetching track decoder specific information if cb size exceeds buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Renne... • https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 88EXPL: 0CVE-2020-3661
https://notcve.org/view.php?id=CVE-2020-3661
22 Jun 2020 — Buffer overflow will happen while parsing mp4 clip with corrupted sample atoms values which exceeds MAX_UINT32 range due to lack of validation checks in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998,... • https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.1EPSS: 0%CPEs: 88EXPL: 0CVE-2020-3658
https://notcve.org/view.php?id=CVE-2020-3658
22 Jun 2020 — Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, Kamorta, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipa... • https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin • CWE-125: Out-of-bounds Read CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 74EXPL: 0CVE-2020-3660
https://notcve.org/view.php?id=CVE-2020-3660
22 Jun 2020 — Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MSM8905, MSM8909W, MSM8917, MSM8953, MSM8996, MSM8996AU, MSM8998, QCA6574AU, QCS405, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, ... • https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin • CWE-129: Improper Validation of Array Index CWE-476: NULL Pointer Dereference •
CVSS: 9.8EPSS: 0%CPEs: 110EXPL: 0CVE-2020-3614
https://notcve.org/view.php?id=CVE-2020-3614
22 Jun 2020 — Possible buffer overflow while copying the frame to local buffer due to lack of check of length before copying in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8076, APQ8096, APQ8096AU, APQ8098, IPQ6018, IPQ8074, MDM9206, MDM9207C, MDM... • https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 72EXPL: 0CVE-2020-3626
https://notcve.org/view.php?id=CVE-2020-3626
22 Jun 2020 — Any application can bind to it and exercise the APIs due to no protection for AIDL uimlpaservice in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables in APQ8053, APQ8096AU, APQ8098, MSM8905, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6574AU, QCS605, QM215, Rennell, Saipan, SDA660, SDM429, SDM429W, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SM6150, SM7150, SM... • https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin • CWE-276: Incorrect Default Permissions •
CVSS: 7.8EPSS: 0%CPEs: 128EXPL: 0CVE-2019-14094
https://notcve.org/view.php?id=CVE-2019-14094
22 Jun 2020 — Integer overflow in diag command handler when user inputs a large value for number of tasks field in the request packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8096AU, APQ8098, IPQ6018, IPQ8074, Kamorta, MDM9150, MDM9205, MDM9206, MDM9... • https://www.qualcomm.com/company/product-security/bulletins/june-2020-bulletin • CWE-190: Integer Overflow or Wraparound •