Vulnerabilities > Qualcomm > Msm8976Sg Firmware > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-03-10 CVE-2022-40515 Double Free vulnerability in Qualcomm products
Memory corruption in Video due to double free while playing 3gp clip with invalid metadata atoms.
network
low complexity
qualcomm CWE-415
critical
 9.8
9.8
2022-10-19 CVE-2022-25720 Improper Validation of Array Index vulnerability in Qualcomm products
Memory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
network
low complexity
qualcomm CWE-129
critical
 9.8
9.8
2022-10-19 CVE-2022-25719 Out-of-bounds Read vulnerability in Qualcomm products
Information disclosure in WLAN due to improper length check while processing authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
network
low complexity
qualcomm CWE-125
critical
 9.1
9.1
2022-10-19 CVE-2022-25718 Unchecked Return Value vulnerability in Qualcomm products
Cryptographic issue in WLAN due to improper check on return value while authentication handshake in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
network
low complexity
qualcomm CWE-252
critical
 9.8
9.8
2022-10-19 CVE-2022-25687 Classic Buffer Overflow vulnerability in Qualcomm products
memory corruption in video due to buffer overflow while parsing asf clips in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
network
low complexity
qualcomm CWE-120
critical
 9.8
9.8
2021-11-12 CVE-2021-30284 Information Exposure vulnerability in Qualcomm products
Possible information exposure and denial of service due to NAS not dropping messages when integrity check fails in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
network
low complexity
qualcomm CWE-200
critical
 9.1
9.1
2021-09-08 CVE-2021-1920 Integer Underflow (Wrap or Wraparound) vulnerability in Qualcomm products
Integer underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
network
low complexity
qualcomm CWE-191
critical
 9.8
9.8
2021-09-08 CVE-2021-1919 Integer Underflow (Wrap or Wraparound) vulnerability in Qualcomm products
Integer underflow can occur when the RTCP length is lesser than than the actual blocks present in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
network
low complexity
qualcomm CWE-191
critical
 9.8
9.8
2021-09-08 CVE-2021-1916 Out-of-bounds Write vulnerability in Qualcomm products
Possible buffer underflow due to lack of check for negative indices values when processing user provided input in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Voice & Music, Snapdragon Wearables
network
low complexity
qualcomm CWE-787
critical
 9.8
9.8
2021-06-09 CVE-2020-11291 Improper Validation of Array Index vulnerability in Qualcomm products
Possible buffer overflow while updating ikev2 parameters for delete payloads received during informational exchange due to lack of check of input validation for certain parameters received from the ePDG server in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile
network
low complexity
qualcomm CWE-129
critical
 9.8
9.8