Vulnerabilities > Qualcomm > Qca6174A Firmware

DATE CVE VULNERABILITY TITLE RISK
2021-06-09 CVE-2020-11292 Classic Buffer Overflow vulnerability in Qualcomm products
Possible buffer overflow in voice service due to lack of input validation of parameters in QMI Voice API in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-120
7.8
7.8
2021-06-09 CVE-2020-11304 Out-of-bounds Read vulnerability in Qualcomm products
Possible out of bound read in DRM due to improper buffer length check.
local
low complexity
qualcomm CWE-125
7.1
7.1
2021-06-09 CVE-2021-1900 Use After Free vulnerability in Qualcomm products
Possible use after free in Display due to race condition while creating an external display in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
local
high complexity
qualcomm CWE-416
7.0
7.0
2021-06-09 CVE-2020-11126 Out-of-bounds Read vulnerability in Qualcomm products
Possible out of bound read while WLAN frame parsing due to lack of check for body and header length in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
network
low complexity
qualcomm CWE-125
critical
 9.1
9.1
2021-06-09 CVE-2020-11159 Out-of-bounds Read vulnerability in Qualcomm products
Buffer over-read can happen while processing WPA,RSN IE of beacon and response frames if IE length is less than length of frame pointer being accessed in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
network
low complexity
qualcomm CWE-125
critical
 9.1
9.1
2021-06-09 CVE-2020-11160 Integer Overflow or Wraparound vulnerability in Qualcomm products
Resource leakage issue during dci client registration due to reference count is not decremented if dci client registration fails in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-190
6.7
6.7
2021-06-09 CVE-2020-11161 Out-of-bounds Read vulnerability in Qualcomm products
Out-of-bounds memory access can occur while calculating alignment requirements for a negative width from external components in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
local
low complexity
qualcomm CWE-125
7.1
7.1
2021-06-09 CVE-2020-11178 Improper Input Validation vulnerability in Qualcomm products
Trusted APPS to overwrite the CPZ memory of another use-case as TZ only checks the physical address not overlapping with its memory and its RoT memory in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-20
7.8
7.8
2021-06-09 CVE-2020-11182 Out-of-bounds Write vulnerability in Qualcomm products
Possible heap overflow while parsing NAL header due to lack of check of length of data received from user in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
network
low complexity
qualcomm CWE-787
critical
 9.8
9.8
2021-06-09 CVE-2020-11233 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products
Time-of-check time-of-use race condition While processing partition entries due to newly created buffer was read again from mmc without validation in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
local
high complexity
qualcomm CWE-367
7.0
7.0