Skip to main content

Qualcomm

Vendor security scorecard – 1142 CVEs in the selected period

Period: 30d 90d 6m 1y All
Risk 5549
1142
CVEs
241
Critical
692
High
4
KEV
21
PoC
553
Unpatched C/H
44.1%
Patch Rate
0.4%
Avg EPSS

Severity Breakdown

CRITICAL
241
HIGH
692
MEDIUM
204
LOW
2

Monthly CVE Trend

Top Risky CVEs

CVE Summary Severity CVSS EPSS Priority Signals
CVE-2013-2597 Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available. HIGH 8.4 6.7% 99
KEV No patch
CVE-2014-10031 Buffer overflow in the IMAPd service in Qualcomm Eudora WorldMail 9.0.333.0 allows remote attackers to execute arbitrary code via a long string in a UID command. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 39.4%. HIGH 7.5 39.4% 97
PoC No patch
CVE-2020-11117 u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arbitrary content resulting in remote code execution.' in Snapdragon Connectivity,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. CRITICAL 9.8 20.1% 69
PoC No patch
CVE-2016-5348 The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 before 2016-10-01 allows man-in-the-middle attackers to cause a denial of service. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and EPSS exploitation probability 14.6%. MEDIUM 5.9 14.6% 64
PoC
CVE-2014-4322 drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. Public exploit code available. HIGH 7.2 3.5% 59
PoC
CVE-2015-0569 Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. HIGH 7.8 0.4% 59
PoC No patch
CVE-2017-8260 In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may improperly pass validation and cause an out of bounds write later. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available. HIGH 7.8 0.2% 59
PoC
CVE-2016-3934 drivers/media/platform/msm/camera_v2/sensor/io/msm_camera_cci_i2c.c in the Qualcomm camera driver in Android before 2016-10-05 on Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, and Android One devices relies. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available. HIGH 7.8 0.1% 59
PoC No patch
CVE-2020-11201 Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT,. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available. HIGH 7.8 1.8% 59
PoC No patch
CVE-2020-11202 Buffer overflow/underflow occurs when typecasting the buffer passed by CPU internally in the library which is not aligned with the actual size of the structure' in Snapdragon Auto, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available. HIGH 7.8 1.5% 59
PoC No patch
CVE-2020-11206 Possible buffer overflow in Fastrpc while handling received parameters due to lack of validation on input parameters' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available. HIGH 7.8 1.8% 59
PoC No patch
CVE-2020-11207 Buffer overflow in LibFastCV library due to improper size checks with respect to buffer length' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available. HIGH 7.8 1.5% 59
PoC No patch
CVE-2020-25858 The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr() or strchr() call in the Tokenizer(). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available. HIGH 7.5 9.6% 58
PoC No patch
CVE-2016-6727 The Qualcomm GPS subsystem in Android on Android One devices allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. CRITICAL 9.8 7.1% 56
CVE-2013-4740 goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, relies on. Rated medium severity (CVSS 6.9). Public exploit code available. MEDIUM 6.9 0.1% 55
PoC

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy