Vulnerabilities > Qualcomm > Qca6420 Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2022-01-03 CVE-2021-30303 Classic Buffer Overflow vulnerability in Qualcomm products
Possible buffer overflow due to lack of buffer length check when segmented WMI command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-120
7.8
2021-11-12 CVE-2021-1912 Integer Overflow or Wraparound vulnerability in Qualcomm products
Possible integer overflow can occur due to improper length check while calculating count and grace period in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
local
low complexity
qualcomm CWE-190
7.8
2021-11-12 CVE-2021-1921 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products
Possible memory corruption due to Improper handling of hypervisor unmap operations for concurrent memory operations in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
local
high complexity
qualcomm CWE-367
7.0
2021-11-12 CVE-2021-1973 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Qualcomm products
A FTM Diag command can allow an arbitrary write into modem OS space in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-119
7.8
2021-11-12 CVE-2021-1979 Out-of-bounds Write vulnerability in Qualcomm products
Possible buffer overflow due to improper validation of FTM command payload in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile
local
low complexity
qualcomm CWE-787
7.8
2021-11-12 CVE-2021-30254 Improper Input Validation vulnerability in Qualcomm products
Possible buffer overflow due to improper input validation in factory calibration and test DIAG command in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-20
7.8
2021-11-12 CVE-2021-30255 Improper Validation of Array Index vulnerability in Qualcomm products
Possible buffer overflow due to improper input validation in PDM DIAG command in FTM in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-129
7.8
2021-11-12 CVE-2021-30259 Out-of-bounds Read vulnerability in Qualcomm products
Possible out of bound access due to improper validation of function table entries in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-125
7.8
2021-11-12 CVE-2021-30263 Use After Free vulnerability in Qualcomm products
Possible race condition can occur due to lack of synchronization mechanism when On-Device Logging node open twice concurrently in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music
local
low complexity
qualcomm CWE-416
7.8
2021-10-20 CVE-2021-1913 Integer Overflow or Wraparound vulnerability in Qualcomm products
Possible integer overflow due to improper length check while updating grace period and count record in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-190
8.4