Vulnerabilities > Qualcomm > Mdm9207 Firmware

DATE CVE VULNERABILITY TITLE RISK
2022-12-13 CVE-2022-25695 Improper Validation of Array Index vulnerability in Qualcomm products
Memory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-129
7.8
2022-11-15 CVE-2022-25727 Improper Validation of Specified Quantity in Input vulnerability in Qualcomm products
Memory Corruption in modem due to improper length check while copying into memory in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music
network
low complexity
qualcomm CWE-1284
critical
9.8
2022-11-15 CVE-2022-25742 Infinite Loop vulnerability in Qualcomm products
Denial of service in modem due to infinite loop while parsing IGMPv2 packet from server in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music
network
low complexity
qualcomm CWE-835
7.5
2022-06-14 CVE-2021-30341 Out-of-bounds Write vulnerability in Qualcomm products
Improper buffer size validation of DSM packet received can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
network
low complexity
qualcomm CWE-787
critical
9.8
2022-06-14 CVE-2021-30342 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products
Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables
network
high complexity
qualcomm CWE-367
5.9
2022-06-14 CVE-2021-30344 Unspecified vulnerability in Qualcomm products
Improper authorization of a replayed LTE security mode command can lead to a denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
network
low complexity
qualcomm
7.5
2022-04-01 CVE-2021-30333 Out-of-bounds Write vulnerability in Qualcomm products
Improper validation of buffer size input to the EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-787
7.8
2022-02-11 CVE-2021-30323 Classic Buffer Overflow vulnerability in Qualcomm products
Improper validation of maximum size of data write to EFS file can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-120
7.8
2022-01-13 CVE-2021-30300 Incorrect Type Conversion or Cast vulnerability in Qualcomm products
Possible denial of service due to incorrectly decoding hex data for the SIB2 OTA message and assigning a garbage value to choice when processing the SRS configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables
network
low complexity
qualcomm CWE-704
7.5
2022-01-03 CVE-2021-30268 Classic Buffer Overflow vulnerability in Qualcomm products
Possible heap Memory Corruption Issue due to lack of input validation when sending HWTC IQ Capture command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-120
7.8