qca9367 firmware · threatengine.sh

Home/Product/qualcomm qca9367 firmware

Product

qualcomm qca9367 firmware

263 known vulnerabilities across versions

Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.

Sort Min CVSS Published since

Memory Corruption when copying data from a freed source while executing performance counter deselect operation.

Memory corruption when dynamically changing the size of a previously allocated buffer while its contents are being modified.

Memory corruption while using alignments for memory allocation.

Memory Corruption while invoking IOCTL calls when concurrent access to shared buffer occurs.

Memory Corruption when accessing trusted execution environment without proper privilege check.

Weak configuration may lead to cryptographic issue when a VoWiFi call is triggered from UE.

Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs.

Memory Corruption when concurrent access to shared buffer occurs due to improper synchronization between assignment and deallocati

Memory Corruption when accessing a buffer after it has been freed while processing IOCTL calls.

Memory Corruption when concurrent access to shared buffer occurs during IOCTL calls.

Memory corruption while handling different IOCTL calls from the user-space simultaneously.

Memory corruption while handling buffer mapping operations in the cryptographic driver.

Information disclosure while processing a firmware event.

Transient DOS while parsing video packets received from the video firmware.

Memory corruption while loading an invalid firmware in boot loader.

Memory corruption while processing MFC channel configuration during music playback.

Information disclosure while registering commands from clients with diag through diagHal.

Memory corruption during PlayReady APP usecase while processing TA commands.

Transient DOS while processing video packets received from video firmware.

information disclosure while invoking calibration data from user space to update firmware size.

Information disclosure while capturing logs as eSE debug messages are logged.

Memory corruption whhile handling the subsystem failure memory during the parsing of video packets received from the video firmwar

Memory corruption while processing data packets in diag received from Unix clients.

Memory corruption while processing manipulated payload in video firmware.

Memory corruption while processing video packets received from video firmware.

Memory corruption may occur while processing voice call registration with user.

Memory corruption while processing a data structure, when an iterator is accessed after it has been removed, potential failures oc

Memory corruption while processing an IOCTL call to set mixer controls.

Memory corruption while sound model registration for voice activation with audio kernel driver.

Memory corruption during concurrent access to server info object due to incorrect reference count update.

Memory corruption during concurrent access to server info object due to unprotected critical field.

Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session.

Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request.

Memory corruption occurs while connecting a STA to an AP and initiating an ADD TS request from the AP to establish a TSpec session

Memory corruption while processing IOCTL calls to add route entry in the HW.

Memory corruption while accessing MSM channel map and mixer functions.

Memory corruption while invoking IOCTL map buffer request from userspace.

Transient DOS may occur while processing the country IE.

Memory corruption may occur while validating ports and channels in Audio driver.

Memory corruption during voice activation, when sound model parameters are loaded from HLOS, and the received sound model list is

Memory corruption during voice activation, when sound model parameters are loaded from HLOS to ADSP.

Memory corruption while processing command in Glink linux.

While processing the authentication message in UE, improper authentication may lead to information disclosure.

Information disclosure while parsing the OCI IE with invalid length.

Information disclosure while processing IO control commands.

Information disclosure during audio playback.

Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound

Memory corruption while processing GPU page table switch.

Memory corruption while processing voice packet with arbitrary data received from ADSP.

Memory corruption while invoking IOCTL calls from the use-space for HGSL memory node.

Memory corruption while parsing IPC frequency table parameters for LPLH that has size greater than expected size.

Transient DOS while parsing noninheritance IE of Extension element when length of IE is 2 of beacon frame.

Memory corruption is possible when an attempt is made from userspace or console to write some haptics effects pattern to the hapti

Memory corruption when a process invokes IOCTL calls from user-space to create a HAB virtual channel and another process invokes I

Transient DOS while processing TIM IE from beacon frame as there is no check for IE length.

Transient DOS while parsing MBSSID during new IE generation in beacon/probe frame when IE length check is either missing or improp

Memory corruption when BTFM client sends new messages over Slimbus to ADSP.

Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network.

Memory corruption as fence object may still be accessed in timeline destruct after isync fence is released.

Memory corruption while allocating memory in HGSL driver.

Memory corruption while processing IOCTL call to set metainfo.

Transient DOS while parsing ESP IE from beacon/probe response frame.

Transient DOS when driver accesses the ML IE memory and offset value is incremented beyond ML IE length.

Transient DOS while parsing the multiple MBSSID IEs from the beacon, when the tag length is non-zero value but with end of beacon.

Transient DOS while parsing the MBSSID IE from the beacons, when the MBSSID IE length is zero.

Transient DOS while parsing fragments of MBSSID IE from beacon frame.

Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI.

Transient DOS during music playback of ALAC content.

Memory corruption when allocating and accessing an entry in an SMEM partition.

Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immedia

Memory corruption when the payload received from firmware is not as per the expected protocol size.

Information disclosure when the ADSP payload size received in HLOS in response to Audio Stream Manager matrix session is less than

Memory corruption when the bandpass filter order received from AHAL is not within the expected range.

Memory corruption when there is failed unmap operation in GPU.

Information disclosure when VI calibration state set by ADSP is greater than MAX_FBSP_STATE in the response payload to AFE calibra

Memory corruption in Audio while processing RT proxy port register driver.

Memory corruption in Audio while processing the calibration data returned from ACDB loader.

Memory corruption in Audio while processing IIR config data from AFE calibration block.

Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points.

Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains IPPROTO_NONE as the n

Memory corruption in Audio when memory map command is executed consecutively in ADSP.

Memory corruption in Audio during playback with speaker protection.

Memory corruption in HLOS while running playready use-case.

Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame.

Memory corruption while using the UIM diag command to get the operators name.

Memory corruption in Boot while running a ListVars test in UEFI Menu during boot.

Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE.

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments.

Memory corruption in MPP performance while accessing DSM watermark using external memory address.

Memory corruption in Audio while processing the VOC packet data from ADSP.

Memory Corruption in Multi-mode Call Processor while processing bit mask API.

Information Disclosure in data Modem while parsing an FMTP line in an SDP message.

Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.

Memory Corruption in Data Modem while making a MO call or MT VOLTE call.

Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA IE.

Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA IE

Memory corruption in WLAN HAL while handling command streams through WMI interfaces.

Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.

Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.

Memory Corruption in WLAN HOST while fetching TX status information.

Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1 command.

Transient DOS due to improper authorization in Modem

Memory corruption due to double free in Core while mapping HLOS address to the list.

Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message.

information disclosure due to cryptographic issue in Core during RPMB read request.

Memory Corruption in Graphics while accessing a buffer allocated through the graphics pool.

Memory corruption in Graphics while importing a file.

Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target.

Information disclosure due to buffer over-read in Bluetooth Host while A2DP streaming.

Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command le

Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card.

Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.

Memory corruption in modem due to buffer overflow while processing a PPP packet

Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response

Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM

Memory corruption in WLAN HAL while arbitrary value is passed in WMI UTF command payload.

Information Disclosure in Graphics during GPU context switch.

Transient DOS in WLAN Firmware due to buffer over-read while processing probe response or beacon.

Information disclosure due to buffer over-read in WLAN while parsing NMF frame.

Memory corruption due to configuration weakness in modem wile sending command to write protected files.

Transient DOS due to null pointer dereference in Bluetooth HOST while receiving an attribute protocol PDU with zero length data.

Transient DOS in Bluetooth HOST due to null pointer dereference when a mismatched argument is passed.

Transient DOS due to buffer over-read in WLAN while processing 802.11 management frames.

Transient DOS due to buffer over-read in WLAN while parsing WLAN CSA action frames.

Memory corruption in Audio due to integer overflow to buffer overflow while music playback of clips like amr,evrc,qcelp with modif

Information disclosure due to buffer over-read in Bluetooth HOST while pairing and connecting A2DP. in Snapdragon Auto, Snapdragon

Transient DOS due to loop with unreachable exit condition in WLAN while processing an incoming FTM frames. in Snapdragon Auto, Sna

Information disclosure due to buffer over-read in WLAN firmware while parsing security context info attributes. in Snapdragon Auto

Memory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive commands in Snapdragon Auto,

Memory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Sn

Transient DOS due to loop with unreachable exit condition in WLAN firmware while parsing IPV6 extension header. in Snapdragon Auto

Transient DOS due to buffer over-read in WLAN firmware while processing PPE threshold. in Snapdragon Auto, Snapdragon Compute, Sna

Memory corruption in graphics due to use-after-free while importing graphics buffer in Snapdragon Auto, Snapdragon Compute, Snapdr

Memory corruption in graphics due to buffer overflow while validating the user address in Snapdragon Auto, Snapdragon Compute, Sna

Denial of service due to null pointer dereference when GATT is disconnected in Snapdragon Auto, Snapdragon Consumer IOT, Snapdrago

Transient Denial-of-Service in WLAN due to buffer over-read while parsing MDNS frames. in Snapdragon Auto, Snapdragon Compute, Sna

Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Comp

Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdrag

Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon Co

memory corruption in video due to buffer overflow while parsing asf clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Conne

Memory corruption due to use after free issue in kernel while processing ION handles in Snapdragon Auto, Snapdragon Compute, Snapd

Memory corruption in video due to buffer overflow while parsing ps video clips in Snapdragon Auto, Snapdragon Compute, Snapdragon

Denial of service in WLAN HOST due to buffer over read while unpacking frames in Snapdragon Auto, Snapdragon Compute, Snapdragon C

Denial of service in video due to buffer over read while parsing MP4 clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Conne

Memory corruption in bluetooth due to integer overflow while processing HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer I

Memory Corruption during wma file playback due to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity

Memory corruption in video driver due to double free while parsing ASF clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Con

Memory corruption due to buffer overflow while parsing MKV clips with invalid bitmap size in Snapdragon Auto, Snapdragon Compute,

Memory corruption due to incorrect pointer arithmetic when attempting to change the endianness in video parser function in Snapdra

An out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Com

Memory corruption in bluetooth host due to integer overflow while processing BT HFP-UNIT profile in Snapdragon Auto, Snapdragon Co

memory corruption in video due to buffer overflow while parsing mkv clip with no codechecker in Snapdragon Auto, Snapdragon Comput

Memory corruption in video due to double free while parsing 3gp clip with invalid meta data atoms in Snapdragon Auto, Snapdragon C

Memory corruption in video due to buffer overflow while reading the dts file in Snapdragon Auto, Snapdragon Compute, Snapdragon Co

Memory corruption when extracting qcp audio file due to lack of check on data length in Snapdragon Auto, Snapdragon Compute, Snapd

Denial of service due to memory corruption while extracting ape header from clips in Snapdragon Auto, Snapdragon Compute, Snapdrag

Memory corruption due to possible buffer overflow while parsing DSF header with corrupted channel count in Snapdragon Auto, Snapdr

Buffer overflow can occur due to improper validation of NDP application information length in Snapdragon Auto, Snapdragon Compute,

Out of bound read in WLAN HOST due to improper length check can lead to DOS in Snapdragon Auto, Snapdragon Compute, Snapdragon Con

Possible buffer over read due to lack of size validation while unpacking frame in Snapdragon Auto, Snapdragon Compute, Snapdragon

Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compu

Possible buffer over read due to improper calculation of string length while parsing Id3 tag in Snapdragon Auto, Snapdragon Comput

Possible out of bound read due to improper validation of certificate chain in SSL or Internet key exchange in Snapdragon Auto, Sna

Improper integrity check can lead to race condition between tasks PDCP and RRC? right after a valid RRC security mode command pack

Possible buffer overflow due to improper validation of array index while processing external DIAG command in Snapdragon Auto, Snap

Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Comp

Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received

Improper buffer size validation of DSM packet received can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapd

Possible out of bounds access due to improper input validation during graphics profiling in Snapdragon Auto, Snapdragon Compute, S

Improper validation of buffer size input to the EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Sna

Possible out of bound access of DCI resources due to lack of validation process and resource allocation in Snapdragon Auto, Snapdr

Improper validation of maximum size of data write to EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute

Improper validation of input when provisioning the HDCP key can lead to memory corruption in Snapdragon Auto, Snapdragon Compute,

Possible null pointer dereference due to improper validation of APE clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connec

Possible integer overflow due to improper validation of command length parameters while processing WMI command in Snapdragon Auto,

Possible denial of service due to incorrectly decoding hex data for the SIB2 OTA message and assigning a garbage value to choice w

An out of bound memory access can occur due to improper validation of number of frames being passed during music playback in Snapd

Possible use after free when process shell memory is freed using IOCTL call and process initialization is in progress in Snapdrago

Possible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon

Possible buffer overflow due to lack of range check while processing a DIAG command for COEX management in Snapdragon Auto, Snapdr

Possible assertion due to improper handling of IPV6 packet with invalid length in destination options header in Snapdragon Auto, S

Possible null pointer dereference in thread cache operation handler due to lack of validation of user provided input in Snapdragon

Possible null pointer dereference in trap handler due to lack of thread ID validation before dereferencing it in Snapdragon Auto,

Possible null pointer dereference in thread profile trap handler due to lack of thread ID validation before dereferencing it in Sn

Possible heap Memory Corruption Issue due to lack of input validation when sending HWTC IQ Capture command in Snapdragon Auto, Sna

Improper access control in TrustZone due to improper error handling while handling the signing key in Snapdragon Auto, Snapdragon

Possible information exposure and denial of service due to NAS not dropping messages when integrity check fails in Snapdragon Auto

Possible use after free due to improper memory validation when initializing new interface via Interface add command in Snapdragon

Possible use after free due improper validation of reference from call back to internal store table in Snapdragon Auto, Snapdragon

Possible buffer overflow due to improper input validation in PDM DIAG command in FTM in Snapdragon Auto, Snapdragon Compute, Snapd

Possible buffer overflow due to improper input validation in factory calibration and test DIAG command in Snapdragon Auto, Snapdra

Possible heap overflow due to improper length check of domain while parsing the DNS response in Snapdragon Auto, Snapdragon Comput

A FTM Diag command can allow an arbitrary write into modem OS space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivit

Information disclosure through timing and power side-channels during mod exponentiation for RSA-CRT in Snapdragon Auto, Snapdragon

Possible buffer overflow due to Improper validation of received CF-ACK and CF-Poll data frames in Snapdragon Auto, Snapdragon Conn

Possible buffer over read due to improper validation of frame length while processing AEAD decryption during ASSOC response in Sna

Possible stack buffer overflow due to lack of check on the maximum number of post NAN discovery attributes while processing a NAN

Possible memory corruption due to lack of bound check of input index in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivi

Possible integer overflow due to improper check of batch count value while sanitizer is enabled in Snapdragon Auto, Snapdragon Com

Accepting AMSDU frames with mismatched destination and source address can lead to information disclosure in Snapdragon Auto, Snapd

Possible integer and heap overflow due to lack of input command size validation while handling beacon template update command from

Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist

A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Com

Possible buffer overflow due to lack of offset length check while updating the buffer value in Snapdragon Auto, Snapdragon Compute

Possible null pointer dereference due to lack of validation check for passed pointer during key import in Snapdragon Auto, Snapdra

Buffer overflow occurs in trusted applications due to lack of length check of parameters in Snapdragon Auto, Snapdragon Compute, S

Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snap

Buffer over read could occur due to incorrect check of buffer size while flashing emmc devices in Snapdragon Connectivity, Snapdra

Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon C

Integer underflow can occur when the RTCP length is lesser than the actual blocks present in Snapdragon Auto, Snapdragon Comp

Possible buffer underflow due to lack of check for negative indices values when processing user provided input in Snapdragon Auto,

Loop with unreachable exit condition may occur due to improper handling of unsupported input in Snapdragon Auto, Snapdragon Comput

Child process can leak information from parent process due to numeric pids are getting compared and these pid can be reused in Sna

Improper authentication of un-encrypted plaintext Wi-Fi frames in an encrypted network can lead to information disclosure in Snapd

Denial of service in SAP case due to improper handling of connections when association is rejected in Snapdragon Auto, Snapdragon

Possible buffer over-read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial

Possible buffer over-read due to incorrect overflow check when loading splash image in Snapdragon Consumer IOT, Snapdragon Industr

Possible Buffer Over-read due to lack of validation of boundary checks when loading splash image in Snapdragon Consumer IOT, Snapd

Possible use after free in Display due to race condition while creating an external display in Snapdragon Auto, Snapdragon Compute

Possible out of bound read in DRM due to improper buffer length check. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connecti

While waiting for a response to a callback or listener request, non-secure clients can change permissions to shared memory buffers

Possible buffer overflow in voice service due to lack of input validation of parameters in QMI Voice API in Snapdragon Auto, Snapd

Stack out-of-bounds write occurs while setting up a cipher device if the provided IV length exceeds the max limit value in Snapdra

A race between command submission and destroying the context can cause an invalid context being added to the list leads to use aft

Use after free issue when importing a DMA buffer by using the CPU address of the buffer due to attachment is not cleaned up proper

Buffer overflow might occur while parsing unified command due to lack of check of input data received in Snapdragon Auto, Snapdrag

Time-of-check time-of-use race condition While processing partition entries due to newly created buffer was read again from mmc wi

Out-of-bounds memory access can occur while calculating alignment requirements for a negative width from external components in Sn

Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame po

Double free in video due to lack of input buffer length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Sna

Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdra

Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapd

Out of bound write can occur in TZ command handler due to lack of validation of command ID in Snapdragon Auto, Snapdragon Compute,

Buffer over-read while unpacking the RTCP packet we may read extra byte if wrong length is provided in RTCP packets in Snapdragon

Memory corruption while processing crafted SDES packets due to improper length check in sdes packets recieved in Snapdragon Auto,

Denial of service while processing RTCP packets containing multiple SDES reports due to memory for last SDES packet is freed and r

Out-of-bounds read vulnerability while accessing DTMF payload due to lack of check of buffer length before copying in Snapdragon A

When sending a socket event message to a user application, invalid information will be passed if socket is freed by other thread r

Out of bound read occurs while processing crafted SDP due to lack of check of null string in Snapdragon Auto, Snapdragon Compute,

Use after free in GPU driver while mapping the user memory to GPU memory due to improper check of referenced memory in Snapdragon

Integer overflow in boot due to improper length check on arguments received in Snapdragon Consumer IOT, Snapdragon Industrial IOT,

Buffer overflow can occur in video while playing the non-standard clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connecti

Out of bound write while parsing RTT/TTY packet parsing due to lack of check of buffer size before copying into buffer in Snapdrag

Out of bound memory read in Data modem while unpacking data due to lack of offset length check in Snapdragon Auto, Snapdragon Comp

Usage of syscall by non-secure entity can allow extraction of secure QTEE diagnostic information in clear text form due to insuffi

HLOS to access EL3 stack canary by just mapping imem region due to Improper access control and can lead to information exposure in

Out of bound write while parsing SDP string due to missing check on null termination in Snapdragon Auto, Snapdragon Compute, Snapd

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Sna

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Sna

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Sna

Buffer over-read can happen while parsing received SDP values due to lack of NULL termination check on SDP in Snapdragon Auto, Sna

Potential out of bound read exception when UE receives unusually large number of padding octets in the beginning of ROHC header in

Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snap

Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation

Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapd

Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be deleted and using a stale version

Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Aut

Possible memory corruption and information leakage in sub-system due to lack of check for validity and boundary compliance for par

Out of bound write and read in TA while processing command from NS side due to improper length check on command and response buffe

User can overwrite Security Code NV item without knowing current SPC due to improper validation of SPC code setting and device loc

Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction i

Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdra

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin