Monthly
Stack buffer over-read in wolfSSL's MatchDomainName function allows authenticated remote attackers to cause denial of service through a crafted wildcard hostname during TLS certificate validation when the LEFT_MOST_WILDCARD_ONLY flag is enabled. The vulnerability reads one byte past the allocated buffer when a wildcard character exhausts the entire hostname string, triggering a potential crash with very low real-world exploitation probability (EPSS and CVSS indicate limited practical risk).
Buffer over-read (CWE-126) in Qualcomm Snapdragon devices causes denial-of-service when processing malformed Neighborhood Awareness Networking (NAN) service data frames with excessive length values. Attack requires network proximity, high attacker privileges, user interaction, and high complexity (CVSS 7.6), yielding CVSS scope change with potential high confidentiality/integrity impact beyond availability disruption. Qualcomm April 2026 bulletin addresses this transient DOS condition. No public exploit identified at time of analysis, though the specific protocol implementation flaw in NAN device discovery presents measurable risk in adjacent network scenarios where attackers have elevated Wi-Fi protocol access.
Local privilege escalation in Qualcomm Snapdragon camera sensor drivers allows authenticated users to execute arbitrary code with elevated privileges through memory corruption. The vulnerability stems from unbounded buffer access during IOCTL processing, enabling attackers to corrupt memory and achieve complete system compromise (confidentiality, integrity, and availability impact). EPSS data not available; no public exploit identified at time of analysis. Affects Qualcomm Snapdragon-powered devices across mobile and IoT ecosystems.
Local privilege escalation in Qualcomm Snapdragon camera sensor drivers allows authenticated attackers with low privileges to execute arbitrary code with elevated permissions through unchecked output buffer access during IOCTL operations. This out-of-bounds read vulnerability (CWE-126) achieves complete system compromise (confidentiality, integrity, and availability impact all rated High in CVSS). No public exploit identified at time of analysis, though the local attack vector and low complexity suggest proof-of-concept development is feasible for researchers with device access.
Memory corruption in Qualcomm Snapdragon chipsets allows authenticated local attackers with low privileges to execute arbitrary code, elevate privileges, or cause system crashes through improper IOCTL buffer validation. The vulnerability achieves complete compromise of confidentiality, integrity, and availability (CVSS 7.8 HIGH). No public exploit code identified at time of analysis, though exploitation requires only low attack complexity once local access is obtained. Qualcomm addressed this in their April 2026 security bulletin.
Memory corruption in Qualcomm Snapdragon auxiliary sensor I/O control processing allows authenticated local attackers to achieve arbitrary code execution with high integrity and confidentiality impact. The vulnerability stems from insufficient buffer size validation (CWE-126: Buffer Over-read) when handling sensor control commands. With CVSS 7.8 and local attack vector requiring low privileges, this represents a moderate real-world risk for privilege escalation attacks on Android and IoT devices using affected Snapdragon chipsets. No public exploit code or CISA KEV listing identified at time of analysis, though the April 2026 bulletin date suggests recent disclosure.
Local privilege escalation in Qualcomm Snapdragon products allows authenticated attackers to gain kernel-level code execution through memory corruption during IOCTL processing. The vulnerability stems from unchecked buffer size validation when writing to output buffers, enabling high-impact compromise of confidentiality, integrity, and availability on affected mobile and embedded devices. With a CVSS score of 7.8 and low attack complexity (AC:L), this represents a significant privilege escalation vector for malicious applications or local users, though no public exploit or active exploitation has been identified at time of analysis.
Memory corruption in Qualcomm Snapdragon components allows local authenticated attackers to execute arbitrary code with high privileges. A buffer overflow vulnerability (CWE-126) occurs during output buffer retrieval due to insufficient size validation, enabling complete system compromise with high confidentiality, integrity, and availability impact. EPSS risk data not available; no confirmed active exploitation (not in CISA KEV) and no public exploit code identified at time of analysis. The local attack vector (AV:L) and low complexity (AC:L) make this exploitable by malicious apps or local users on affected Snapdragon-powered devices.
Out-of-bounds read in Qualcomm Snapdragon WiFi firmware triggers denial-of-service when processing malformed FILS Discovery frames during network scans. Remote attackers on the same wireless network can crash affected devices by broadcasting specially crafted 802.11ai Fast Initial Link Setup frames with invalid action field sizes. CVSS 7.6 (High) reflects the high attack complexity and required high privileges, though the confidentiality/integrity impacts appear overstated for a transient DOS condition. EPSS data not available; no public exploit identified at time of analysis.
Buffer overread in Qualcomm Snapdragon cryptographic implementation allows authenticated local attackers to expose sensitive memory contents and potentially manipulate cryptographic operations. The vulnerability (CWE-126) stems from copying data to a destination buffer without size validation, creating high confidentiality and integrity risk. EPSS scoring and KEV status not available at time of analysis; no public exploit identified. Affects Qualcomm Snapdragon chipsets with fix documented in April 2026 security bulletin.
Stack buffer over-read in wolfSSL's MatchDomainName function allows authenticated remote attackers to cause denial of service through a crafted wildcard hostname during TLS certificate validation when the LEFT_MOST_WILDCARD_ONLY flag is enabled. The vulnerability reads one byte past the allocated buffer when a wildcard character exhausts the entire hostname string, triggering a potential crash with very low real-world exploitation probability (EPSS and CVSS indicate limited practical risk).
Buffer over-read (CWE-126) in Qualcomm Snapdragon devices causes denial-of-service when processing malformed Neighborhood Awareness Networking (NAN) service data frames with excessive length values. Attack requires network proximity, high attacker privileges, user interaction, and high complexity (CVSS 7.6), yielding CVSS scope change with potential high confidentiality/integrity impact beyond availability disruption. Qualcomm April 2026 bulletin addresses this transient DOS condition. No public exploit identified at time of analysis, though the specific protocol implementation flaw in NAN device discovery presents measurable risk in adjacent network scenarios where attackers have elevated Wi-Fi protocol access.
Local privilege escalation in Qualcomm Snapdragon camera sensor drivers allows authenticated users to execute arbitrary code with elevated privileges through memory corruption. The vulnerability stems from unbounded buffer access during IOCTL processing, enabling attackers to corrupt memory and achieve complete system compromise (confidentiality, integrity, and availability impact). EPSS data not available; no public exploit identified at time of analysis. Affects Qualcomm Snapdragon-powered devices across mobile and IoT ecosystems.
Local privilege escalation in Qualcomm Snapdragon camera sensor drivers allows authenticated attackers with low privileges to execute arbitrary code with elevated permissions through unchecked output buffer access during IOCTL operations. This out-of-bounds read vulnerability (CWE-126) achieves complete system compromise (confidentiality, integrity, and availability impact all rated High in CVSS). No public exploit identified at time of analysis, though the local attack vector and low complexity suggest proof-of-concept development is feasible for researchers with device access.
Memory corruption in Qualcomm Snapdragon chipsets allows authenticated local attackers with low privileges to execute arbitrary code, elevate privileges, or cause system crashes through improper IOCTL buffer validation. The vulnerability achieves complete compromise of confidentiality, integrity, and availability (CVSS 7.8 HIGH). No public exploit code identified at time of analysis, though exploitation requires only low attack complexity once local access is obtained. Qualcomm addressed this in their April 2026 security bulletin.
Memory corruption in Qualcomm Snapdragon auxiliary sensor I/O control processing allows authenticated local attackers to achieve arbitrary code execution with high integrity and confidentiality impact. The vulnerability stems from insufficient buffer size validation (CWE-126: Buffer Over-read) when handling sensor control commands. With CVSS 7.8 and local attack vector requiring low privileges, this represents a moderate real-world risk for privilege escalation attacks on Android and IoT devices using affected Snapdragon chipsets. No public exploit code or CISA KEV listing identified at time of analysis, though the April 2026 bulletin date suggests recent disclosure.
Local privilege escalation in Qualcomm Snapdragon products allows authenticated attackers to gain kernel-level code execution through memory corruption during IOCTL processing. The vulnerability stems from unchecked buffer size validation when writing to output buffers, enabling high-impact compromise of confidentiality, integrity, and availability on affected mobile and embedded devices. With a CVSS score of 7.8 and low attack complexity (AC:L), this represents a significant privilege escalation vector for malicious applications or local users, though no public exploit or active exploitation has been identified at time of analysis.
Memory corruption in Qualcomm Snapdragon components allows local authenticated attackers to execute arbitrary code with high privileges. A buffer overflow vulnerability (CWE-126) occurs during output buffer retrieval due to insufficient size validation, enabling complete system compromise with high confidentiality, integrity, and availability impact. EPSS risk data not available; no confirmed active exploitation (not in CISA KEV) and no public exploit code identified at time of analysis. The local attack vector (AV:L) and low complexity (AC:L) make this exploitable by malicious apps or local users on affected Snapdragon-powered devices.
Out-of-bounds read in Qualcomm Snapdragon WiFi firmware triggers denial-of-service when processing malformed FILS Discovery frames during network scans. Remote attackers on the same wireless network can crash affected devices by broadcasting specially crafted 802.11ai Fast Initial Link Setup frames with invalid action field sizes. CVSS 7.6 (High) reflects the high attack complexity and required high privileges, though the confidentiality/integrity impacts appear overstated for a transient DOS condition. EPSS data not available; no public exploit identified at time of analysis.
Buffer overread in Qualcomm Snapdragon cryptographic implementation allows authenticated local attackers to expose sensitive memory contents and potentially manipulate cryptographic operations. The vulnerability (CWE-126) stems from copying data to a destination buffer without size validation, creating high confidentiality and integrity risk. EPSS scoring and KEV status not available at time of analysis; no public exploit identified. Affects Qualcomm Snapdragon chipsets with fix documented in April 2026 security bulletin.