VARIoT IoT vulnerabilities database
| VAR-201912-1779 | CVE-2019-10536 | plural Snapdragon Double release vulnerability in products |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Potential double free scenario if driver receives another DIAG_EVENT_LOG_SUPPORTED event from firmware as the pointer is not set to NULL on first call in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9640, MDM9650, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCA6174A, QCA6574AU, QCA8081, QCA9377, QCA9379, QCN7605, QCS405, QCS605, SDA660, SDA845, SDM450, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130. plural Snapdragon The product contains a double release vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 is a central processing unit (CPU) product from Qualcomm.
The WLAN Host in multiple Qualcomm products has a resource management error vulnerability. No detailed vulnerability details are provided at this time
| VAR-201912-1724 | CVE-2019-10595 | plural Snapdragon Vulnerability related to input validation in products |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Possible buffer overwrite in message handler due to lack of validation of tid value calculated from packets received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, APQ8064, APQ8096AU, IPQ4019, IPQ8064, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8939, MSM8996AU, QCA4531, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCA9558, QCA9880, QCA9886, QCA9980, SDA660, SDM630, SDM636, SDM660, SDX20, SDX24. plural Snapdragon The product contains an input validation vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and so on are the products of American Qualcomm. MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. MDM9640 is a central processing unit (CPU) product.
An input validation error vulnerability exists in WLANs in several Qualcomm products, which can be exploited by an attacker to cause buffer coverage
| VAR-201912-0852 | CVE-2019-12393 | Anviz access control In the device Capture-replay Authentication bypass vulnerability |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
Anviz access control devices are vulnerable to replay attacks which could allow attackers to intercept and replay open door requests. Anviz access control The device includes Capture-replay There is a vulnerability related to authentication bypass by.Information may be tampered with
| VAR-201912-1803 | CVE-2019-10605 | plural Snapdragon Classic buffer overflow vulnerability in products |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Buffer overwrite can occur in IEEE80211 header filling function due to lack of range check of array index received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8053, IPQ8074, MDM9607, MDM9650, MSM8909, MSM8939, QCN7605, SDA660, SDM630, SDM636, SDM660, SDX20, SDX24. plural Snapdragon The product contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9607 and so on are the products of American Qualcomm. MDM9607 is a central processing unit (CPU) product. MDM9650 is a central processing unit (CPU) product. SDX24 is a modem.
A buffer overflow vulnerability exists in the WLAN Host in multiple Qualcomm products. The vulnerability stems from a network system or product that incorrectly validates data boundaries when performing operations on memory, resulting in incorrect read and write operations to associated other memory locations An attacker could use this vulnerability to cause a buffer overflow or heap overflow
| VAR-201912-1788 | CVE-2019-10517 | plural Snapdragon Double release vulnerability in products |
CVSS V2: 4.6 CVSS V3: 7.8 Severity: HIGH |
Memory is being freed up twice when two concurrent threads are executing in parallel in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8996AU, QCS405, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM845, SDX20, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130. plural Snapdragon The product contains a double release vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and so on are the products of American Qualcomm. MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. MDM9650 is a central processing unit (CPU) product.
DSP Services in multiple Qualcomm products have resource management error vulnerabilities. The vulnerability stems from improper management of system resources (such as memory, disk space, files, etc.) by network systems or products. No detailed vulnerability details are provided at this time
| VAR-201912-1751 | CVE-2019-10480 | plural Snapdragon Classic buffer overflow vulnerability in products |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Out of bound write can happen in WMI firmware event handler due to lack of validation of data received from WLAN firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096AU, APQ8098, IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCA9980, QCN7605, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDM670, SDM710, SDM845, SDX20, SDX24, SM6150, SM7150, SM8150, SXR1130. plural Snapdragon The product contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 is a central processing unit (CPU) product from Qualcomm.
A buffer overflow vulnerability exists in the WLAN Host in multiple Qualcomm products. The vulnerability stems from a network system or product that incorrectly validates data boundaries when performing operations on memory, resulting in incorrect read and write operations to associated other memory locations An attacker could use this vulnerability to cause a buffer overflow or heap overflow
| VAR-201912-1752 | CVE-2019-10481 | plural Snapdragon Vulnerability related to array index verification in products |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Out of bound access occurs while handling the WMI FW event due to lack of check of buffer argument which comes directly from the WLAN FW in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MDM9607, MSM8996AU, QCA6574AU, QCA8081, QCN7605, SDX55, SM6150, SM7150, SM8150. plural Snapdragon The product contains a vulnerability related to array index validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9607 and so on are the products of American Qualcomm. MDM9607 is a central processing unit (CPU) product. MSM8996AU is a central processing unit (CPU) product. QCA6574AU is a central processing unit (CPU) product. The WLAN Host in multiple Qualcomm products has an input validation error vulnerability. The vulnerability stems from a network system or product that did not properly validate the input data.
Multiple Qualcomm products have input validation error vulnerabilities, and no detailed vulnerability details are currently provided
| VAR-201912-1729 | CVE-2019-10557 | plural Snapdragon Product out-of-bounds vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Out-of-bound read in the wireless driver in the Linux kernel due to lack of check of buffer length. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in APQ8009, APQ8017, APQ8053, APQ8096AU, MDM9206, MDM9207C, MDM9607, MDM9650, MSM8996AU, QCA6174A, QCA6574AU, QCA9377, QCA9379, QCN7605, QCS605, SDA660, SDA845, SDM630, SDM636, SDM660, SDX20, SDX55, SXR1130. plural Snapdragon The product contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and so on are the products of American Qualcomm. MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. SDX20 is a modem. WLAN is one of the wireless LAN components.
The WLAN in multiple Qualcomm products has a buffer overflow vulnerability. This vulnerability is caused by network systems or products that do not correctly verify data boundaries when performing operations on memory, resulting in incorrect read and write operations to other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow
| VAR-201912-1352 | CVE-2019-19516 | Intelbras WRN 150 Cross-Site Request Forgery Vulnerability |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a password. Intelbras WRN 150 The device contains a cross-site request forgery vulnerability.Information may be tampered with. Intelbras WRN 150 is a wireless router from Intelbras in Poland
| VAR-201912-1755 | CVE-2019-10487 | plural Snapdragon Product out-of-bounds vulnerability |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Buffer over read can happen while parsing SMS OTA messages at transport layer if network sends un-intended values in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130. plural Snapdragon The product contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and so on are the products of American Qualcomm. MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. MDM9640 is a central processing unit (CPU) product.
A buffer overflow vulnerability exists in the Multi-mode Call processor in multiple Qualcomm products. This vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, resulting in the execution of an incorrect For read and write operations, an attacker can use this vulnerability to cause a buffer overflow or heap overflow
| VAR-201912-1757 | CVE-2019-10482 | plural Snapdragon Information disclosure vulnerability in products |
CVSS V2: 7.1 CVSS V3: 5.9 Severity: MEDIUM |
Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential side channel for SUI corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9650, MSM8905, MSM8909, MSM8917, MSM8920, MSM8937, MSM8940, MSM8953, MSM8996, MSM8996AU, MSM8998, Nicobar, QCS404, QCS405, QCS605, QM215, SA6155P, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX24, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130. plural Snapdragon The product contains an information disclosure vulnerability.Information may be obtained. Qualcomm MDM9206 and so on are the products of American Qualcomm. MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. MDM9650 is a central processing unit (CPU) product.
An information disclosure vulnerability exists in Content Protection in multiple Qualcomm products. The vulnerability stems from configuration errors in the network system or product during operation. An unauthorized attacker could use the vulnerability to obtain sensitive information about the affected component
| VAR-201912-1804 | CVE-2019-10607 | plural Snapdragon Classic buffer overflow vulnerability in products |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Out of bounds memcpy can occur by providing the embedded NULL character string and length greater than the actual string length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking in APQ8009, APQ8017, APQ8053, APQ8064, APQ8096AU, APQ8098, IPQ4019, IPQ8064, IPQ8074, MDM9206, MDM9207C, MDM9607, MDM9615, MDM9640, MDM9650, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8996, MSM8996AU, QCA4531, QCA8081, QCA9531, QCA9558, QCA9886, QCA9980, QCN7605, QCS605, SDA660, SDX20, SDX24, SDX55, SM8150, SXR1130. plural Snapdragon The product contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and so on are the products of American Qualcomm. MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. MDM9640 is a central processing unit (CPU) product.
Kernel in a number of Qualcomm products has a buffer overflow vulnerability, which is caused by network systems or products that do not properly verify data boundaries when performing operations on memory, resulting in incorrect read and write operations to associated other memory locations An attacker could use this vulnerability to cause a buffer overflow or heap overflow
| VAR-201912-1756 | CVE-2019-10500 | plural Snapdragon Vulnerability in incorrect calculation of buffer size in products |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
While processing MT Secondary PDP request, Buffer overflow will happen due to incorrect calculation of buffer size in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9205, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130. plural Snapdragon The product is vulnerable to an incorrect calculation of buffer size.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and so on are the products of American Qualcomm. MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. MDM9640 is a central processing unit (CPU) product.
There are security vulnerabilities in NAS in several Qualcomm products, which originated from the program's incorrect calculation of the buffer size. No detailed vulnerability details are provided at this time
| VAR-201912-1785 | CVE-2019-10525 | plural Snapdragon Vulnerability related to out-of-bounds writing in products |
CVSS V2: 10.0 CVSS V3: 9.8 Severity: CRITICAL |
Buffer overflow during SIB read when network configures complete sib list along with first and last segment of other SIB in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in APQ8009, APQ8017, APQ8053, APQ8096, APQ8096AU, APQ8098, MDM9150, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8905, MSM8909, MSM8909W, MSM8917, MSM8920, MSM8937, MSM8939, MSM8940, MSM8953, MSM8996AU, MSM8998, Nicobar, QCM2150, QCS605, QM215, SC8180X, SDA660, SDA845, SDM429, SDM439, SDM450, SDM630, SDM632, SDM636, SDM660, SDM670, SDM710, SDM845, SDM850, SDX20, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130. plural Snapdragon The product contains an out-of-bounds vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MDM9206 and so on are the products of American Qualcomm. MDM9206 is a central processing unit (CPU) product. MDM9607 is a central processing unit (CPU) product. MDM9640 is a central processing unit (CPU) product.
A buffer overflow vulnerability exists in WCDMA in several Qualcomm products. The vulnerability originates from a network system or product that incorrectly validates data boundaries when performing operations on memory, resulting in incorrect read and write operations to other associated memory locations. An attacker could use this vulnerability to cause a buffer overflow or heap overflow
| VAR-201912-1780 | CVE-2019-10537 | plural Snapdragon Product integer overflow vulnerability |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Improper validation of event buffer extracted from FW response can lead to integer overflow, which will allow to pass the length check and eventually will lead to buffer overwrite when event data is copied to context buffer in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music in MDM9607, Nicobar, QCA6574AU, QCN7605, QCS405, QCS605, SDM660, SDM845, SDX55, SM6150, SM7150, SM8150, SM8250, SXR1130, SXR2130. plural Snapdragon The product contains an integer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm QCA6574AU and other are a central processing unit (CPU) products from Qualcomm.
The WLAN Host in multiple Qualcomm products has an input validation error vulnerability that can be exploited by an attacker to cause integer overflow
| VAR-201912-1802 | CVE-2019-10601 | plural Snapdragon Vulnerability related to array index verification in products |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Out of bound access can occur while processing firmware event due to lack of validation of WMI message received from firmware in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in APQ8096AU, IPQ4019, IPQ8064, IPQ8074, MSM8996AU, Nicobar, QCA6574AU, QCN7605, QCS405, SDM630, SDM636, SDM660, SDM845, SM6150, SM7150, SM8150. plural Snapdragon The product contains a vulnerability related to array index validation.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Qualcomm MSM8996AU and so on are a kind of central processing unit (CPU) products of Qualcomm of the United States.
The WLAN Host in multiple Qualcomm products has an input validation error vulnerability that could be exploited by an attacker to access out of range when processing firmware events
| VAR-201912-0787 | CVE-2019-5096 | GoAhead web Use of freed memory vulnerability in server applications |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
An exploitable code execution vulnerability exists in the processing of multi-part/form-data requests within the base GoAhead web server application in versions v5.0.1, v.4.1.1 and v3.6.5. A specially crafted HTTP request can lead to a use-after-free condition during the processing of this request that can be used to corrupt heap structures that could lead to full code execution. The request can be unauthenticated in the form of GET or POST requests, and does not require the requested resource to exist on the server. GoAhead web Server applications contain a usage of freed memory vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Embedthis Software GoAhead is an embedded Web server of American Embedthis Software company. Attackers can exploit this vulnerability to damage the heap structure and execute code
| VAR-201912-0853 | CVE-2019-12394 | Anviz access control Authentication vulnerabilities in devices |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
Anviz access control devices allow unverified password change which allows remote attackers to change the administrator password without prior authentication. Anviz access control The device contains an authentication vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Anviz access control devices is a door access control device from China's Anviz company.
There are security holes in Anviz access control device
| VAR-202010-0252 | CVE-2019-17007 | Network Security Services Vulnerability in Certificate Verification |
CVSS V2: 5.0 CVSS V3: 7.5 Severity: HIGH |
In Network Security Services before 3.44, a malformed Netscape Certificate Sequence can cause NSS to crash, resulting in a denial of service. =========================================================================
Ubuntu Security Notice USN-4215-1
December 09, 2019
nss vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 ESM
- Ubuntu 12.04 ESM
Summary:
NSS could be made to crash if it received a specially crafted certificate.
An attacker could possibly use this issue to cause a denial of service.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
libnss3 2:3.42-1ubuntu2.4
Ubuntu 18.04 LTS:
libnss3 2:3.35-2ubuntu2.6
Ubuntu 16.04 LTS:
libnss3 2:3.28.4-0ubuntu0.16.04.9
Ubuntu 14.04 ESM:
libnss3 2:3.28.4-0ubuntu0.14.04.5+esm3
Ubuntu 12.04 ESM:
libnss3 2:3.28.4-0ubuntu0.12.04.6
After a standard system update you need to reboot your computer to make
all the necessary changes. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
====================================================================
Red Hat Security Advisory
Synopsis: Moderate: nss and nss-softokn security update
Advisory ID: RHSA-2021:0876-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2021:0876
Issue date: 2021-03-16
CVE Names: CVE-2019-11756 CVE-2019-17006 CVE-2019-17007
CVE-2020-12403
====================================================================
1. Summary:
An update for nss and nss-softokn is now available for Red Hat Enterprise
Linux 7.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact
of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available for each vulnerability from
the CVE link(s) in the References section.
2. Relevant releases/architectures:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.6) - x86_64
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6) - x86_64
Red Hat Enterprise Linux Server EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux Server Optional EUS (v. 7.6) - ppc64, ppc64le, s390x, x86_64
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7) - aarch64, ppc64le, s390x
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7) - aarch64, ppc64le, s390x
3. Description:
Network Security Services (NSS) is a set of libraries designed to support
the cross-platform development of security-enabled client and server
applications.
Security Fix(es):
* nss: Use-after-free in sftk_FreeSession due to improper refcounting
(CVE-2019-11756)
* nss: Check length of inputs for cryptographic primitives (CVE-2019-17006)
* nss: Handling of Netscape Certificate Sequences in
CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS
(CVE-2019-17007)
* nss: CHACHA20-POLY1305 decryption with undersized tag leads to
out-of-bounds read (CVE-2020-12403)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to:
https://access.redhat.com/articles/11258
After installing this update, applications using NSS (for example, Firefox)
must be restarted for this update to take effect.
5. Bugs fixed (https://bugzilla.redhat.com/):
1703979 - CVE-2019-17007 nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS
1774835 - CVE-2019-11756 nss: Use-after-free in sftk_FreeSession due to improper refcounting
1775916 - CVE-2019-17006 nss: Check length of inputs for cryptographic primitives
1868931 - CVE-2020-12403 nss: CHACHA20-POLY1305 decryption with undersized tag leads to out-of-bounds read
6. Package List:
Red Hat Enterprise Linux ComputeNode EUS (v. 7.6):
Source:
nss-3.36.0-9.el7_6.src.rpm
nss-softokn-3.36.0-7.el7_6.src.rpm
x86_64:
nss-3.36.0-9.el7_6.i686.rpm
nss-3.36.0-9.el7_6.x86_64.rpm
nss-debuginfo-3.36.0-9.el7_6.i686.rpm
nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm
nss-softokn-3.36.0-7.el7_6.i686.rpm
nss-softokn-3.36.0-7.el7_6.x86_64.rpm
nss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm
nss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm
nss-softokn-freebl-3.36.0-7.el7_6.i686.rpm
nss-softokn-freebl-3.36.0-7.el7_6.x86_64.rpm
nss-sysinit-3.36.0-9.el7_6.x86_64.rpm
nss-tools-3.36.0-9.el7_6.x86_64.rpm
Red Hat Enterprise Linux ComputeNode Optional EUS (v. 7.6):
x86_64:
nss-debuginfo-3.36.0-9.el7_6.i686.rpm
nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm
nss-devel-3.36.0-9.el7_6.i686.rpm
nss-devel-3.36.0-9.el7_6.x86_64.rpm
nss-pkcs11-devel-3.36.0-9.el7_6.i686.rpm
nss-pkcs11-devel-3.36.0-9.el7_6.x86_64.rpm
nss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm
nss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm
nss-softokn-devel-3.36.0-7.el7_6.i686.rpm
nss-softokn-devel-3.36.0-7.el7_6.x86_64.rpm
nss-softokn-freebl-devel-3.36.0-7.el7_6.i686.rpm
nss-softokn-freebl-devel-3.36.0-7.el7_6.x86_64.rpm
Red Hat Enterprise Linux Server EUS (v. 7.6):
Source:
nss-3.36.0-9.el7_6.src.rpm
nss-softokn-3.36.0-7.el7_6.src.rpm
ppc64:
nss-3.36.0-9.el7_6.ppc.rpm
nss-3.36.0-9.el7_6.ppc64.rpm
nss-debuginfo-3.36.0-9.el7_6.ppc.rpm
nss-debuginfo-3.36.0-9.el7_6.ppc64.rpm
nss-devel-3.36.0-9.el7_6.ppc.rpm
nss-devel-3.36.0-9.el7_6.ppc64.rpm
nss-softokn-3.36.0-7.el7_6.ppc.rpm
nss-softokn-3.36.0-7.el7_6.ppc64.rpm
nss-softokn-debuginfo-3.36.0-7.el7_6.ppc.rpm
nss-softokn-debuginfo-3.36.0-7.el7_6.ppc64.rpm
nss-softokn-devel-3.36.0-7.el7_6.ppc.rpm
nss-softokn-devel-3.36.0-7.el7_6.ppc64.rpm
nss-softokn-freebl-3.36.0-7.el7_6.ppc.rpm
nss-softokn-freebl-3.36.0-7.el7_6.ppc64.rpm
nss-softokn-freebl-devel-3.36.0-7.el7_6.ppc.rpm
nss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64.rpm
nss-sysinit-3.36.0-9.el7_6.ppc64.rpm
nss-tools-3.36.0-9.el7_6.ppc64.rpm
ppc64le:
nss-3.36.0-9.el7_6.ppc64le.rpm
nss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm
nss-devel-3.36.0-9.el7_6.ppc64le.rpm
nss-softokn-3.36.0-7.el7_6.ppc64le.rpm
nss-softokn-debuginfo-3.36.0-7.el7_6.ppc64le.rpm
nss-softokn-devel-3.36.0-7.el7_6.ppc64le.rpm
nss-softokn-freebl-3.36.0-7.el7_6.ppc64le.rpm
nss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64le.rpm
nss-sysinit-3.36.0-9.el7_6.ppc64le.rpm
nss-tools-3.36.0-9.el7_6.ppc64le.rpm
s390x:
nss-3.36.0-9.el7_6.s390.rpm
nss-3.36.0-9.el7_6.s390x.rpm
nss-debuginfo-3.36.0-9.el7_6.s390.rpm
nss-debuginfo-3.36.0-9.el7_6.s390x.rpm
nss-devel-3.36.0-9.el7_6.s390.rpm
nss-devel-3.36.0-9.el7_6.s390x.rpm
nss-softokn-3.36.0-7.el7_6.s390.rpm
nss-softokn-3.36.0-7.el7_6.s390x.rpm
nss-softokn-debuginfo-3.36.0-7.el7_6.s390.rpm
nss-softokn-debuginfo-3.36.0-7.el7_6.s390x.rpm
nss-softokn-devel-3.36.0-7.el7_6.s390.rpm
nss-softokn-devel-3.36.0-7.el7_6.s390x.rpm
nss-softokn-freebl-3.36.0-7.el7_6.s390.rpm
nss-softokn-freebl-3.36.0-7.el7_6.s390x.rpm
nss-softokn-freebl-devel-3.36.0-7.el7_6.s390.rpm
nss-softokn-freebl-devel-3.36.0-7.el7_6.s390x.rpm
nss-sysinit-3.36.0-9.el7_6.s390x.rpm
nss-tools-3.36.0-9.el7_6.s390x.rpm
x86_64:
nss-3.36.0-9.el7_6.i686.rpm
nss-3.36.0-9.el7_6.x86_64.rpm
nss-debuginfo-3.36.0-9.el7_6.i686.rpm
nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm
nss-devel-3.36.0-9.el7_6.i686.rpm
nss-devel-3.36.0-9.el7_6.x86_64.rpm
nss-softokn-3.36.0-7.el7_6.i686.rpm
nss-softokn-3.36.0-7.el7_6.x86_64.rpm
nss-softokn-debuginfo-3.36.0-7.el7_6.i686.rpm
nss-softokn-debuginfo-3.36.0-7.el7_6.x86_64.rpm
nss-softokn-devel-3.36.0-7.el7_6.i686.rpm
nss-softokn-devel-3.36.0-7.el7_6.x86_64.rpm
nss-softokn-freebl-3.36.0-7.el7_6.i686.rpm
nss-softokn-freebl-3.36.0-7.el7_6.x86_64.rpm
nss-softokn-freebl-devel-3.36.0-7.el7_6.i686.rpm
nss-softokn-freebl-devel-3.36.0-7.el7_6.x86_64.rpm
nss-sysinit-3.36.0-9.el7_6.x86_64.rpm
nss-tools-3.36.0-9.el7_6.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server (v. 7):
Source:
nss-3.36.0-9.el7_6.src.rpm
nss-softokn-3.36.0-7.el7_6.src.rpm
aarch64:
nss-3.36.0-9.el7_6.aarch64.rpm
nss-debuginfo-3.36.0-9.el7_6.aarch64.rpm
nss-devel-3.36.0-9.el7_6.aarch64.rpm
nss-softokn-3.36.0-7.el7_6.aarch64.rpm
nss-softokn-debuginfo-3.36.0-7.el7_6.aarch64.rpm
nss-softokn-devel-3.36.0-7.el7_6.aarch64.rpm
nss-softokn-freebl-3.36.0-7.el7_6.aarch64.rpm
nss-softokn-freebl-devel-3.36.0-7.el7_6.aarch64.rpm
nss-sysinit-3.36.0-9.el7_6.aarch64.rpm
nss-tools-3.36.0-9.el7_6.aarch64.rpm
ppc64le:
nss-3.36.0-9.el7_6.ppc64le.rpm
nss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm
nss-devel-3.36.0-9.el7_6.ppc64le.rpm
nss-softokn-3.36.0-7.el7_6.ppc64le.rpm
nss-softokn-debuginfo-3.36.0-7.el7_6.ppc64le.rpm
nss-softokn-devel-3.36.0-7.el7_6.ppc64le.rpm
nss-softokn-freebl-3.36.0-7.el7_6.ppc64le.rpm
nss-softokn-freebl-devel-3.36.0-7.el7_6.ppc64le.rpm
nss-sysinit-3.36.0-9.el7_6.ppc64le.rpm
nss-tools-3.36.0-9.el7_6.ppc64le.rpm
s390x:
nss-3.36.0-9.el7_6.s390.rpm
nss-3.36.0-9.el7_6.s390x.rpm
nss-debuginfo-3.36.0-9.el7_6.s390.rpm
nss-debuginfo-3.36.0-9.el7_6.s390x.rpm
nss-devel-3.36.0-9.el7_6.s390.rpm
nss-devel-3.36.0-9.el7_6.s390x.rpm
nss-softokn-3.36.0-7.el7_6.s390.rpm
nss-softokn-3.36.0-7.el7_6.s390x.rpm
nss-softokn-debuginfo-3.36.0-7.el7_6.s390.rpm
nss-softokn-debuginfo-3.36.0-7.el7_6.s390x.rpm
nss-softokn-devel-3.36.0-7.el7_6.s390.rpm
nss-softokn-devel-3.36.0-7.el7_6.s390x.rpm
nss-softokn-freebl-3.36.0-7.el7_6.s390.rpm
nss-softokn-freebl-3.36.0-7.el7_6.s390x.rpm
nss-softokn-freebl-devel-3.36.0-7.el7_6.s390.rpm
nss-softokn-freebl-devel-3.36.0-7.el7_6.s390x.rpm
nss-sysinit-3.36.0-9.el7_6.s390x.rpm
nss-tools-3.36.0-9.el7_6.s390x.rpm
Red Hat Enterprise Linux Server Optional EUS (v. 7.6):
ppc64:
nss-debuginfo-3.36.0-9.el7_6.ppc.rpm
nss-debuginfo-3.36.0-9.el7_6.ppc64.rpm
nss-pkcs11-devel-3.36.0-9.el7_6.ppc.rpm
nss-pkcs11-devel-3.36.0-9.el7_6.ppc64.rpm
ppc64le:
nss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm
nss-pkcs11-devel-3.36.0-9.el7_6.ppc64le.rpm
s390x:
nss-debuginfo-3.36.0-9.el7_6.s390.rpm
nss-debuginfo-3.36.0-9.el7_6.s390x.rpm
nss-pkcs11-devel-3.36.0-9.el7_6.s390.rpm
nss-pkcs11-devel-3.36.0-9.el7_6.s390x.rpm
x86_64:
nss-debuginfo-3.36.0-9.el7_6.i686.rpm
nss-debuginfo-3.36.0-9.el7_6.x86_64.rpm
nss-pkcs11-devel-3.36.0-9.el7_6.i686.rpm
nss-pkcs11-devel-3.36.0-9.el7_6.x86_64.rpm
Red Hat Enterprise Linux for ARM and IBM Power LE (POWER9) Server Optional (v. 7):
aarch64:
nss-debuginfo-3.36.0-9.el7_6.aarch64.rpm
nss-pkcs11-devel-3.36.0-9.el7_6.aarch64.rpm
ppc64le:
nss-debuginfo-3.36.0-9.el7_6.ppc64le.rpm
nss-pkcs11-devel-3.36.0-9.el7_6.ppc64le.rpm
s390x:
nss-debuginfo-3.36.0-9.el7_6.s390.rpm
nss-debuginfo-3.36.0-9.el7_6.s390x.rpm
nss-pkcs11-devel-3.36.0-9.el7_6.s390.rpm
nss-pkcs11-devel-3.36.0-9.el7_6.s390x.rpm
These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/
7. References:
https://access.redhat.com/security/cve/CVE-2019-11756
https://access.redhat.com/security/cve/CVE-2019-17006
https://access.redhat.com/security/cve/CVE-2019-17007
https://access.redhat.com/security/cve/CVE-2020-12403
https://access.redhat.com/security/updates/classification/#moderate
8. Contact:
The Red Hat security contact is <secalert@redhat.com>. More contact
details at https://access.redhat.com/security/team/contact/
Copyright 2021 Red Hat, Inc.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUBYFDHndzjgjWX9erEAQhc7BAAkp67Ydt2JQVRfRhv2NUd0sjnWReLTvdP
jCz5vIgKz8JIgmz/bc5I1MR8ZCSObdbsUEiv0exapuYneLNru//0dMGL2dv7Fkn5
Em5+ZuvLuDUq9id8TOOd5igNjBeJGKy4dJV46AXtgUHARHbiU5jcmOcCetkBY09J
o0bK4wDc6YjvUBANaAQH/sWznAT+BNmtOeF00seAbIgic0m76HidFSQzcq8I+vtm
mttqgZvz3+xYitS/63Z4AQofI3VFGX46CHZxekI7N1hIpML7QjiZw4gk8QgdpRWn
wLtr661MIse/iS0l+4ZvQoWx5diuVwXudfGmisEXhsWtx79m8JSFNavmxSK9dvJ5
5F6K275OTX2W1GSUgU4IrKxWaLoBPQlC4yT36c4827qosGBjgufGyExgmqnTyQyR
iobqDMUHq5RgjNsHNCzrm7CKAgwTUgyuN5QLoXwOsqxPfMt1uL8TI1Q5ULyuPJ+b
8IxbIPGgCZM/haNchD9Xoo1rDieT1JOtQNTfknss91AIQZH30n7i6F6/l8K7GJ16
1sFPnNI7aISjvhu/+jfgNpkoFi6Qyda5a8jSceWpY1yf83/jsxVpKMqgcoTf416z
IFzoYxQqa0AM1efVfgtL1vnoAXw8yPt0PjXfcMUYWltIGbgO15L/hJZ6bCUu8FT6
BbaFUBBSJpw=m1vv
-----END PGP SIGNATURE-----
--
RHSA-announce mailing list
RHSA-announce@redhat.com
https://listman.redhat.com/mailman/listinfo/rhsa-announce
.
For the stable distribution (buster), these problems have been fixed in
version 2:3.42.1-1+deb10u2.
We recommend that you upgrade your nss packages.
For the detailed security status of nss please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nss
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAl3qzaYACgkQEMKTtsN8
TjZ7yg//SABSzXoip0pAHIT9lNxDFNL44E27iqRWeurCyfxnQNvNaeShakiTj1Yj
sSb2pqo0+gGLsUgtQdKKc8yeOERvuihWRoVDroW7onYG93vpsZ1H8Z7HSEJOGMQl
Bt/HcjayCfXrA313/B5SBTiKE/Ks4CvYQvk+BrFwjFEUoYhXzxXwfUIxym1L8+gq
jG3Qsh38iOFhrXfXBe2PGaUGU6AVcS/BGTam31s1g54mta4a+obIbvvQu3MGHJLH
UTTcVPy7PhK5dofufbJXo1QGqfgdLxsvZAqhcyU1cXBZa7k18Ykts9jKukwoDZV0
hR2jISnOddovQWdPWLqz/ENOTIkY8Ue5/cPIaQ+I9tAL2JOBHBmddP+WeqBxpO8o
DpP+4EILROZQ5g+WjLT1Twsje3NJQYx6z7YmXo/0N0ELM+81Sono1wKTgegVBa0F
8eET2FDW45sKFOGV1QTTI5F1mSmgSHiTdtVl/riuzdWrdig8316dByz994dZD+Co
TgMiALJWwiVDY6XHHrPwzmvqNoqlcUvNgh4v7tRkTL/YjlHxD+x8R08sRaVo5gqz
Z4CyLaP1ByO0X/i4dkuVtD5kIX9GlqLRYkUSnOBhwaoPr7ZgZBCnJfyQixsME1L5
yOg6+j//ncYos+KWeb1upZdUHHB340UmTxbEtECa7jfanMcrtpw=
=QZmZ
-----END PGP SIGNATURE-----
| VAR-201912-1451 | CVE-2019-2304 | plural Snapdragon Classic buffer overflow vulnerability in products |
CVSS V2: 7.2 CVSS V3: 7.8 Severity: HIGH |
Integer overflow to buffer overflow due to lack of validation of event arguments received from firmware. in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking in IPQ4019, IPQ8064, IPQ8074, MDM9607, MSM8917, MSM8920, MSM8937, MSM8940, QCN7605, QCS405, QCS605, SDA845, SDM660, SDM845, SDX24, SDX55, SM6150, SM7150, SM8150, SXR1130. plural Snapdragon The product contains a classic buffer overflow vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state