Medium

DATE	CVE	VULNERABILITY TITLE	RISK
2021-07-13	CVE-2021-1897	Out-of-bounds Read vulnerability in Qualcomm products Possible Buffer Over-read due to lack of validation of boundary checks when loading splash image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables low complexity qualcomm CWE-125	4.6
2021-07-13	CVE-2021-1898	Out-of-bounds Read vulnerability in Qualcomm products Possible buffer over-read due to incorrect overflow check when loading splash image in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables low complexity qualcomm CWE-125	4.6
2021-07-13	CVE-2021-1899	Out-of-bounds Read vulnerability in Qualcomm products Possible buffer over read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables low complexity qualcomm CWE-125	4.6
2021-07-13	CVE-2021-1901	Out-of-bounds Read vulnerability in Qualcomm products Possible buffer over-read due to lack of length check while flashing meta images in Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables low complexity qualcomm CWE-125	4.6
2021-07-13	CVE-2021-1931	Classic Buffer Overflow vulnerability in Qualcomm products Possible buffer overflow due to improper validation of buffer length while processing fast boot commands in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music local low complexity qualcomm CWE-120	6.7
2021-05-07	CVE-2020-11293	Out-of-bounds Read vulnerability in Qualcomm products Out of bound read can happen in Widevine TA while copying data to buffer from user data due to lack of check of buffer length received in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking local low complexity qualcomm CWE-125	6.0
2021-05-07	CVE-2021-1906	Improper Handling of Exceptional Conditions vulnerability in Qualcomm products Improper handling of address deregistration on failure can lead to new GPU address allocation failure. local low complexity qualcomm CWE-755	5.5
2021-04-07	CVE-2020-11252	Out-of-bounds Read vulnerability in Qualcomm products Trustzone initialization code will disable xPU`s when memory dumps are enabled and lead to information disclosure in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking local low complexity qualcomm CWE-125	5.5
2021-03-17	CVE-2020-11308	Improper Validation of Array Index vulnerability in Qualcomm products Buffer overflow occurs when trying to convert ASCII string to Unicode string if the actual size is more than required in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music low complexity qualcomm CWE-129	6.8
2021-03-17	CVE-2020-11230	Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Qualcomm products Potential arbitrary memory corruption when the qseecom driver updates ion physical addresses in the buffer as it exposes a physical address to user land in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Industrial IOT, Snapdragon Mobile local high complexity qualcomm CWE-367	6.4