» 2021 » 3월

CVE-2020-11199

Posted on 2021년 3월 17일2021년 3월 17일 by admin

CVE-2020-11199

HLOS to access EL3 stack canary by just mapping imem region due to Improper access control and can lead to information exposure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

Source: CVE-2020-11199

CVE-2020-11218

Posted on 2021년 3월 17일2021년 3월 17일 by admin

CVE-2020-11218

Denial of service in baseband when NW configures LTE betaOffset-RI-Index due to lack of data validation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile

Source: CVE-2020-11218

CVE-2020-11186

Posted on 2021년 3월 17일2021년 3월 17일 by admin

CVE-2020-11186

Modem will enter into busy mode in an infinite loop while parsing histogram dimension due to improper validation of input received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile

Source: CVE-2020-11186

CVE-2020-11222

Posted on 2021년 3월 17일2021년 3월 17일 by admin

CVE-2020-11222

Buffer over read while processing MT SMS with maximum length due to improper length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile

Source: CVE-2020-11222

CVE-2017-20002

Posted on 2021년 3월 17일2021년 3월 17일 by admin

CVE-2017-20002

The Debian shadow package before 4.5-1 for Shadow incorrectly lists pts/0 and pts/1 as physical terminals in /etc/securetty. This allows local users to login as password-less users even if they are connected by non-physical means such as SSH (hence bypassing PAM’s nullok_secure configuration). This notably affects environments such as virtual machines automatically generated with a default blank root password, allowing all local users to escalate privileges.

Source: CVE-2017-20002

CVE-2020-11166

Posted on 2021년 3월 17일2021년 3월 17일 by admin

CVE-2020-11166

Potential out of bound read exception when UE receives unusually large number of padding octets in the beginning of ROHC header in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables

Source: CVE-2020-11166

CVE-2019-3853

Posted on 2021년 3월 17일2021년 3월 17일 by admin

CVE-2019-3853

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Source: CVE-2019-3853

CVE-2019-3897

Posted on 2021년 3월 17일2021년 3월 17일 by admin

CVE-2019-3897

It has been discovered in redhat-certification that any unauthorized user may download any file under /var/www/rhcert, provided they know its name. Red Hat Certification 6 and 7 is vulnerable to this issue.

Source: CVE-2019-3897

CVE-2019-3898

Posted on 2021년 3월 17일2021년 3월 17일 by admin

CVE-2019-3898

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Source: CVE-2019-3898

CVE-2019-3903

Posted on 2021년 3월 17일2021년 3월 17일 by admin

CVE-2019-3903

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Source: CVE-2019-3903