Vulnerabilities > Qualcomm > Qcs4290 Firmware > High

DATE CVE VULNERABILITY TITLE RISK
2021-10-20 CVE-2021-30256 Out-of-bounds Write vulnerability in Qualcomm products
Possible stack overflow due to improper validation of camera name length before copying the name in VR Service in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT
local
low complexity
qualcomm CWE-787
7.8
2021-10-20 CVE-2021-30257 Out-of-bounds Write vulnerability in Qualcomm products
Possible out of bound read or write in VR service due to lack of validation of DSP selection values in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT
local
low complexity
qualcomm CWE-787
7.8
2021-10-20 CVE-2021-30258 Out-of-bounds Write vulnerability in Qualcomm products
Possible buffer overflow due to improper size calculation of payload received in VR service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
local
low complexity
qualcomm CWE-787
7.8
2021-10-20 CVE-2021-30288 Out-of-bounds Write vulnerability in Qualcomm products
Possible stack overflow due to improper length check of TLV while copying the TLV to a local stack variable in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-787
7.8
2021-10-20 CVE-2021-30291 Out-of-bounds Write vulnerability in Qualcomm products
Possible memory corruption due to lack of validation of client data used for memory allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
local
low complexity
qualcomm CWE-787
7.8
2021-10-20 CVE-2021-30292 Out-of-bounds Write vulnerability in Qualcomm products
Possible memory corruption due to lack of validation of client data used for memory allocation in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
local
low complexity
qualcomm CWE-787
7.8
2021-10-20 CVE-2021-30297 Classic Buffer Overflow vulnerability in Qualcomm products
Possible out of bound read due to improper validation of packet length while handling data transfer in VR service in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Wearables
local
low complexity
qualcomm CWE-120
7.1
2021-09-17 CVE-2021-1947 Use After Free vulnerability in Qualcomm products
Use-after-free vulnerability in kernel graphics driver because of storing an invalid pointer in Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-416
7.8
2021-09-17 CVE-2021-30260 Integer Overflow or Wraparound vulnerability in Qualcomm products
Possible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist configuration command is received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking
local
low complexity
qualcomm CWE-190
7.8
2021-09-17 CVE-2021-30261 Improper Input Validation vulnerability in Qualcomm products
Possible integer and heap overflow due to lack of input command size validation while handling beacon template update command from HLOS in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables
local
low complexity
qualcomm CWE-20
7.8