Vulnerabilities > Qualcomm > Qcm6490 Firmware > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-01-09 CVE-2022-40519 Out-of-bounds Read vulnerability in Qualcomm products
Information disclosure due to buffer overread in Core
local
low complexity
qualcomm CWE-125
5.5
2022-12-13 CVE-2022-25675 Reachable Assertion vulnerability in Qualcomm products
Denial of service due to reachable assertion in modem while processing filter rule from application client in Snapdragon Compute, Snapdragon Industrial IOT, Snapdragon Mobile
local
low complexity
qualcomm CWE-617
5.5
2022-11-15 CVE-2022-25676 Out-of-bounds Read vulnerability in Qualcomm products
Information disclosure in video due to buffer over-read while parsing avi files in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
local
low complexity
qualcomm CWE-125
5.5
2022-11-15 CVE-2022-25679 Unspecified vulnerability in Qualcomm products
Denial of service in video due to improper access control in broadcast receivers in Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
local
low complexity
qualcomm
5.5
2022-09-16 CVE-2022-25653 Out-of-bounds Read vulnerability in Qualcomm products
Information disclosure in video due to buffer over-read while processing avi file in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables
local
low complexity
qualcomm CWE-125
5.5
2022-09-02 CVE-2021-35097 Improper Verification of Cryptographic Signature vulnerability in Qualcomm products
Possible authentication bypass due to improper order of signature verification and hashing in the signature verification call in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
low complexity
qualcomm CWE-347
6.8
2022-09-02 CVE-2021-35133 Use After Free vulnerability in Qualcomm products
Use after free in the synx driver issue while performing other functions during multiple invocation of synx release calls in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
local
low complexity
qualcomm CWE-416
6.7
2022-09-02 CVE-2021-35135 NULL Pointer Dereference vulnerability in Qualcomm products
A null pointer dereference may potentially occur during RSA key import in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-476
5.5
2022-06-14 CVE-2021-30339 Unspecified vulnerability in Qualcomm products
Reading PRNG output may lead to improper key generation due to lack of buffer validation in Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm
5.5
2022-06-14 CVE-2021-30343 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products
Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile
network
high complexity
qualcomm CWE-367
5.9