Scaner-VSvulnerability catalog · v4.2

Home Catalog Sources CWE CAPEC ATT&CK Mitigations Products Vendors Docs

← Back to List

Qualcomm›Operating systemnvd

Qcn9012 Firmware

Vulnerabilities

373

Known exploited

5

Max CVSS

9.8

Top EPSS

0.11108

Severity breakdown

Critical

28

High

293

Medium

52

Low

0

Also matched as (raw): qcn9012_firmware

Top vulnerabilities

CVE-2024-49839Memory corruption during management frame processing due to mismatch in T2LM info element.

CVE-2024-45569Memory corruption while parsing the ML IE due to invalid frame content.

CVE-2024-21473Memory corruption while redirecting log file to any file location with any file name.

CVE-2023-43553Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE.

CVE-2023-43552Memory corruption while processing MBSSID beacon containing several subelement IE.

CVE-2023-33083Memory corruption in WLAN Host while processing RRM beacon on the AP.

CVE-2023-33082Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO IE.

CVE-2023-33045Memory corruption in WLAN Firmware while parsing a NAN management frame carrying a S3 attribute.

CVE-2023-33028Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.

CVE-2022-40537Memory corruption in Bluetooth HOST while processing the AVRC_PDU_GET_PLAYER_APP_VALUE_TEXT AVRCP response.

CVE-2022-40514Memory corruption due to buffer copy without checking the size of input in WLAN Firmware while processing CCKM IE in reassoc response frame.

CVE-2022-40510Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.

CVE-2022-33279Memory corruption due to stack based buffer overflow in WLAN having invalid WNM frame length.

CVE-2022-25748Memory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

CVE-2021-35104Possible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

CVE-2021-35068Lack of null check while freeing the device information buffer in the Bluetooth HFP protocol can lead to a NULL pointer dereference in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables

CVE-2021-1976A use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

CVE-2021-1972Possible buffer overflow due to improper validation of device types during P2P search in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

CVE-2021-1965Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

CVE-2020-11134Possible stack out of bound write might happen due to time bitmap length and bit duration fields of the attributes like NAN ranging setup attribute inside a NAN management frame are not Properly validated in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

CVE-2025-21450Cryptographic issue occurs due to use of insecure connection method while downloading.

CVE-2024-38408Cryptographic issue when a controller receives an LMP start encryption command under unexpected conditions.

CVE-2021-35088Possible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Wearables, Snapdragon Wired Infrastructure and Networking

CVE-2021-1980Possible buffer over read due to lack of length check while parsing beacon IE response in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

CVE-2020-11276Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation of P2P IE and NOA attribute lengths in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wired Infrastructure and Networking

View vendor →Open in catalog with product filter →