Skip to main content

Qualcomm

1142 CVEs vendor

Monthly

CVE-2016-10382 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to the I2C bus is not sufficient. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Qualcomm Google Authentication Bypass Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-10381 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-10380 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2016-10347 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a hypervisor function is not properly validated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-10346 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in the hypervisor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Buffer Overflow Google Integer Overflow Qualcomm +1
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-10344 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in LTE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Google Null Pointer Dereference Qualcomm +1
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2016-10343 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, sSL handshake failure with ClientHello rejection results in memory leak. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9073 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Google Null Pointer Dereference Qualcomm +1
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9072 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Google Null Pointer Dereference Qualcomm +1
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9071 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9070 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9069 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the Secure File System can become corrupted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9068 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a mink syscall is not properly validated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9067 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a potential compiler optimization of memset() is addressed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9066 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an Inter-RAT procedure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2015-9065 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a UE can respond to a UEInformationRequest before Access Stratum security is established. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2015-9064 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send IMEI or IMEISV to the network on a network request before NAS security has been activated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Qualcomm Google Authentication Bypass Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2015-9063 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a procedure involving a remote UIM client. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2015-9062 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an ELF file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9061 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, playReady DRM failed to check a length potentially leading to unauthorized access to secure memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Authentication Bypass Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9060 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not properly validated in a QTEE system call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9055 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a memory management routine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9054 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced during GAL decoding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Google Null Pointer Dereference Qualcomm +1
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9053 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the processing of certain responses from the USIM. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9052 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached while processing a downlink message. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9051 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on a length in a System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9050 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists where an array out of bounds access can occur during a CA call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Buffer Overflow Google Qualcomm Information Disclosure +1
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9049 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of certain responses from the USIM. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9048 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of lost RTP packets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9047 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GNSS when performing a scan after bootup. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Qualcomm Google Authentication Bypass Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9046 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9045 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GERAN where a buffer can be overflown while taking power measurements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9044 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9043 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced upon the expiry of a timer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Google Null Pointer Dereference Qualcomm +1
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9042 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when processing a QMI message. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9041 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when performing WCDMA radio tuning. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9040 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in a GERAN API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Qualcomm Google Authentication Bypass Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9039 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in eMBMS where an assertion can be reached by a sequence of downlink messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9038 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Google Null Pointer Dereference Qualcomm +1
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9037 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read may occur in the processing of a downlink 3G NAS message. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9036 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an incorrect length is used to clear a memory buffer resulting in adjacent memory getting corrupted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9035 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a memory buffer fails to be freed after it is no longer needed potentially resulting in memory exhaustion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-9034 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a string can fail to be null-terminated in SIP leading to a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-8596 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths is missing in malware protection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-8595 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in digital television/digital radio DRM. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-8594 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in RFA-1x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-8593 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-8592 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Buffer Overflow Google Null Pointer Dereference +2
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-0576 HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in HSDPA. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2015-0575 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2015-0574 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the validation of filesystem access was insufficient. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2014-9981 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2014-9980 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a Sample App failed to check a length potentially leading to unauthorized access to secure memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Buffer Overflow Google Qualcomm Authentication Bypass +1
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2014-9979 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a variable is uninitialized in a TrustZone system call potentially leading to the compromise of secure memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2014-9978 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2014-9977 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in PlayReady DRM. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2014-9976 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2014-9975 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.0%
CVE-2014-9974 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths was missing in Keymaster. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2014-9973 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2014-9972 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Google Null Pointer Dereference Qualcomm +1
NVD
CVSS 3.0
9.8
EPSS
0.2%
CVE-2014-9971 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.3%
CVE-2014-9969 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2014-9968 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2014-9411 CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
9.8
EPSS
0.1%
CVE-2017-8248 CRITICAL Act Now

A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apple Iphone Os
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2017-8243 HIGH PATCH This Week

A buffer overflow can occur in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android when processing a firmware image file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Qualcomm Google Mozilla Android
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2017-6421 HIGH PATCH This Week

In the touch controller function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable may be controlled by the user and can lead to a buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Google Mozilla Android
NVD
CVSS 3.0
8.8
EPSS
0.3%
CVE-2016-5864 HIGH PATCH This Week

In an audio driver function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, some parameters are from userspace, and if they are set to a large value, integer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Google Qualcomm Mozilla Privilege Escalation +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-5863 HIGH PATCH This Week

In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Mozilla Privilege Escalation Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-5862 HIGH PATCH This Week

When a control related to codec is issued from userspace in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, the type casting is done to the container structure instead. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm Google Mozilla Privilege Escalation Android
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-5861 HIGH PATCH This Week

In a display driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable controlled by userspace is used to calculate offsets and sizes for copy operations,. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Mozilla Privilege Escalation Android
NVD
CVSS 3.0
8.8
EPSS
0.2%
CVE-2016-5860 HIGH PATCH This Week

In an audio driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Buffer Overflow Google Qualcomm Mozilla Privilege Escalation +1
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-5859 HIGH PATCH This Week

In a sound driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Buffer Overflow Google Qualcomm Mozilla Privilege Escalation +1
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-5858 MEDIUM PATCH This Month

In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a user supplies a value too large, then an out-of-bounds read occurs. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Buffer Overflow Google Qualcomm Information Disclosure Mozilla +1
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2016-5855 MEDIUM PATCH This Month

In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a user-supplied buffer is casted to a structure without checking if the source buffer is large enough. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Mozilla Information Disclosure Android
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2016-5854 MEDIUM PATCH This Month

In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, kernel heap memory can be exposed to userspace. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Mozilla Information Disclosure Android
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2016-5853 HIGH PATCH This Week

In an audio driver in all Qualcomm products with Android releases from CAF using the Linux kernel, when a sanity check encounters a length value not in the correct range, an error message is printed,. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Linux RCE Google Qualcomm Privilege Escalation +1
NVD
CVSS 3.0
7.0
EPSS
0.1%
CVE-2016-5347 MEDIUM PATCH This Month

In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel stack data can be leaked to userspace by an audio driver. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
4.7
EPSS
0.1%
CVE-2017-8273 HIGH PATCH This Week

In all Qualcomm products with Android release from CAF using the Linux kernel, while processing fastboot boot command when verified boot feature is disabled, with length greater than boot image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-8271 HIGH PATCH This Week

Out of bound memory write can happen in the MDSS Rotator driver in all Qualcomm products with Android releases from CAF using the Linux kernel by an unsanitized userspace-controlled parameter. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Linux Buffer Overflow Google Qualcomm Memory Corruption +1
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-8269 MEDIUM PATCH This Month

Userspace-controlled non null terminated parameter for IPA WAN ioctl in all Qualcomm products with Android releases from CAF using the Linux kernel can lead to exposure of kernel memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Linux Information Disclosure Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-8264 HIGH PATCH This Week

A userspace process can cause a Denial of Service in the camera driver in all Qualcomm products with Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Qualcomm Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-8259 HIGH PATCH This Week

In the service locator in all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow can occur as the variable set for determining the size of the buffer is not. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Google Linux Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-8258 MEDIUM PATCH This Month

An array out-of-bounds access in all Qualcomm products with Android releases from CAF using the Linux kernel can potentially occur in a camera driver. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow Google Qualcomm Information Disclosure +1
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2017-0747 HIGH This Week

A elevation of privilege vulnerability in the Qualcomm proprietary component. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0746 HIGH This Week

A elevation of privilege vulnerability in the Qualcomm ipa driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Information Disclosure Android
NVD
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-0632 MEDIUM PATCH This Month

An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2017-0631 MEDIUM PATCH This Month

An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
CVE-2017-0629 MEDIUM PATCH This Month

An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure Linux Kernel
NVD
CVSS 3.0
4.7
EPSS
0.2%
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, access control to the I2C bus is not sufficient. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send unprotected MeasurementReports revealing UE location. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a hypervisor function is not properly validated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in the hypervisor. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Buffer Overflow Google +3
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in LTE. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Google +3
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, sSL handshake failure with ClientHello rejection results in memory leak. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Google +3
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an untrusted pointer dereference can occur in a TrustZone syscall. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Google +3
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in a TrustZone syscall. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the Secure File System can become corrupted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an argument to a mink syscall is not properly validated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a potential compiler optimization of memset() is addressed. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in an Inter-RAT procedure. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a UE can respond to a UEInformationRequest before Access Stratum security is established. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send IMEI or IMEISV to the network on a network request before NAS security has been activated. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a procedure involving a remote UIM client. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow to buffer overflow vulnerability exists when loading an ELF file. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, playReady DRM failed to check a length potentially leading to unauthorized access to secure memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Authentication Bypass +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not properly validated in a QTEE system call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an assertion was potentially reachable in a memory management routine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced during GAL decoding. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Google +3
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the processing of certain responses from the USIM. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached while processing a downlink message. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on a length in a System. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists where an array out of bounds access can occur during a CA call. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Buffer Overflow Google +3
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of certain responses from the USIM. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in the processing of lost RTP packets. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GNSS when performing a scan after bootup. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in GERAN where a buffer can be overflown while taking power measurements. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in LTE where an assertion can be reached due to an improper bound on the size of a frequency. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer can be dereferenced upon the expiry of a timer. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Google +3
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when processing a QMI message. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists when performing WCDMA radio tuning. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in a GERAN API. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a vulnerability exists in eMBMS where an assertion can be reached by a sequence of downlink messages. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Denial Of Service Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a NULL pointer may be dereferenced in the front end. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Google +3
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read may occur in the processing of a downlink 3G NAS message. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an incorrect length is used to clear a memory buffer resulting in adjacent memory getting corrupted. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a memory buffer fails to be freed after it is no longer needed potentially resulting in memory exhaustion. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a string can fail to be null-terminated in SIP leading to a buffer overflow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths is missing in malware protection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in digital television/digital radio DRM. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer over-read vulnerability exists in RFA-1x. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potentially resulting in Guest-OS memory corruption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Buffer Overflow +4
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in HSDPA. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, insecure ciphersuites were included in the default configuration. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the validation of filesystem access was insufficient. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, an overflow check in the USB interface was insufficient during boot. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a Sample App failed to check a length potentially leading to unauthorized access to secure memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Linux Buffer Overflow Google +3
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a variable is uninitialized in a TrustZone system call potentially leading to the compromise of secure memory. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in a QTEE service. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in PlayReady DRM. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in 1x call processing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk Encryption. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of buffer lengths was missing in Keymaster. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, validation of a buffer length was missing in a PlayReady DRM routine. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts can potentially cause a NULL pointer dereference during an out-of-memory condition. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Linux Google +3
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, disabling asserts causes an instruction inside of an assert to not be executed resulting in incorrect control flow. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the GPS client may use an insecure cryptographic algorithm. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow vulnerability exists in the UIMDIAG interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In all Qualcomm products with Android releases from CAF using the Linux kernel, the use of an out-of-range pointer offset is potentially possible in rollback protection. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Linux +2
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

A buffer overflow may occur in the processing of a downlink NAS message in Qualcomm Telephony as used in Apple iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Qualcomm Apple +1
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A buffer overflow can occur in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android when processing a firmware image file. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

In the touch controller function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable may be controlled by the user and can lead to a buffer overflow. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In an audio driver function in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, some parameters are from userspace, and if they are set to a large value, integer. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Google Qualcomm +3
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, several sanity checks are missing which can lead to out-of-bounds accesses. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Mozilla +2
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

When a control related to codec is issued from userspace in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, the type casting is done to the container structure instead. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Qualcomm Google Mozilla +2
NVD
EPSS 0% CVSS 8.8
HIGH PATCH This Week

In a display driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a variable controlled by userspace is used to calculate offsets and sizes for copy operations,. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity.

Qualcomm Google Mozilla +2
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In an audio driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Buffer Overflow Google Qualcomm +3
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In a sound driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a function is called with a very large length, an integer overflow could occur followed by a. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Buffer Overflow Google Qualcomm +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In an ioctl handler in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, if a user supplies a value too large, then an out-of-bounds read occurs. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Buffer Overflow Google Qualcomm +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, a user-supplied buffer is casted to a structure without checking if the source buffer is large enough. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Mozilla +2
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In a driver in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android, kernel heap memory can be exposed to userspace. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Mozilla +2
NVD
EPSS 0% CVSS 7.0
HIGH PATCH This Week

In an audio driver in all Qualcomm products with Android releases from CAF using the Linux kernel, when a sanity check encounters a length value not in the correct range, an error message is printed,. Rated high severity (CVSS 7.0), this vulnerability is no authentication required.

Linux RCE Google +3
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

In all Qualcomm products with Android releases from CAF using the Linux kernel, kernel stack data can be leaked to userspace by an audio driver. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In all Qualcomm products with Android release from CAF using the Linux kernel, while processing fastboot boot command when verified boot feature is disabled, with length greater than boot image. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

Out of bound memory write can happen in the MDSS Rotator driver in all Qualcomm products with Android releases from CAF using the Linux kernel by an unsanitized userspace-controlled parameter. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Write vulnerability could allow attackers to write data beyond allocated buffer boundaries leading to code execution or crashes.

Linux Buffer Overflow Google +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Userspace-controlled non null terminated parameter for IPA WAN ioctl in all Qualcomm products with Android releases from CAF using the Linux kernel can lead to exposure of kernel memory. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Linux +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

A userspace process can cause a Denial of Service in the camera driver in all Qualcomm products with Android releases from CAF using the Linux kernel. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Qualcomm Google +2
NVD
EPSS 0% CVSS 7.8
HIGH PATCH This Week

In the service locator in all Qualcomm products with Android releases from CAF using the Linux kernel, a buffer overflow can occur as the variable set for determining the size of the buffer is not. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Buffer Copy without Size Check vulnerability could allow attackers to overflow a buffer to corrupt adjacent memory.

Buffer Overflow Qualcomm Google +2
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

An array out-of-bounds access in all Qualcomm products with Android releases from CAF using the Linux kernel can potentially occur in a camera driver. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Linux Buffer Overflow Google +3
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A elevation of privilege vulnerability in the Qualcomm proprietary component. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Information Disclosure +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A elevation of privilege vulnerability in the Qualcomm ipa driver. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Qualcomm Google Information Disclosure +1
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

An information disclosure vulnerability in the Qualcomm sound codec driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure +1
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure +1
NVD
EPSS 0% CVSS 4.7
MEDIUM PATCH This Month

An information disclosure vulnerability in the Qualcomm camera driver could enable a local malicious application to access data outside of its permission levels. Rated medium severity (CVSS 4.7), this vulnerability is no authentication required. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Qualcomm Google Information Disclosure +1
NVD
Prev Page 9 of 13 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy