VYPR

Vendor CVEs

Qualcomm

All CVEs

2,042 total · sorted by risk
  • CVE-2017-0451MedFeb 8, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2016-8414MedFeb 8, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the Qualcomm Secure Execution Environment Communicator could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged…

  • CVE-2016-8410MedJan 12, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in the Qualcomm sound driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android.…

  • CVE-2016-6756MedJan 12, 2017
    risk 0.31cvss 4.7epss 0.01

    An information disclosure vulnerability in Qualcomm components including the camera driver and video driver could enable a local malicious application to access data outside of its permission levels. This issue is rated as Moderate because it first requires compromising a…

  • CVE-2016-10236LowApr 4, 2018
    risk 0.21cvss 3.3epss 0.00

    An information disclosure vulnerability in the Qualcomm USB driver. Product: Android. Versions: Android kernel. Android ID: A-33280689. References: QC-CR#1102418.

  • CVE-2023-33106KEVDec 5, 2023
    risk 0.12cvss epss 0.01

    Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND.

  • CVE-2022-22071KEVJun 14, 2022
    risk 0.12cvss epss 0.00

    Possible use after free when process shell memory is freed using IOCTL munmap call and process initialization is in progress in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &…

  • CVE-2020-11261KEVJun 9, 2021
    risk 0.12cvss epss 0.02

    Memory corruption due to improper check to return error when user application requests memory allocation of a huge size in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice &…

  • CVE-2021-1906KEVMay 7, 2021
    risk 0.12cvss epss 0.01

    Improper handling of address deregistration on failure can lead to new GPU address allocation failure. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…

  • CVE-2021-1905KEVMay 7, 2021
    risk 0.12cvss epss 0.01

    Possible use after free due to improper handling of memory mapping of multiple processes simultaneously. in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon…

  • CVE-2005-4267Dec 21, 2005
    risk 0.08cvss epss 0.67

    Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote attackers to execute arbitrary code via a long IMAP command that ends with a "}" character, as demonstrated using long (1) LIST, (2) LSUB, (3) SEARCH TEXT, (4) STATUS INBOX, (5) AUTHENTICATE, (6) FETCH, (7)…

  • CVE-2022-31885Jun 28, 2022
    risk 0.06cvss epss 0.31

    Marval MSM v14.19.0.12476 is vulnerable to OS Command Injection due to the insecure handling of VBScripts.

  • CVE-2019-10529Nov 6, 2019
    risk 0.04cvss epss 0.02

    Possible use after free issue due to race condition while attempting to mark the entry pages as dirty using function set_page_dirty() in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice &…

  • CVE-2003-0143Mar 18, 2003
    risk 0.04cvss epss 0.09

    The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name.

  • CVE-1999-1016Aug 27, 1999
    risk 0.04cvss epss 0.08

    Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) FrontPage Express, (3) Outlook Express 5, and (4) Eudora, and possibly others, allows remote malicious web site or HTML emails to cause a denial of service (100% CPU consumption) via large HTML form fields such as…

  • CVE-2022-31886Jun 28, 2022
    risk 0.03cvss epss 0.02

    Marval MSM v14.19.0.12476 is vulnerable to Cross Site Request Forgery (CSRF). An attacker can disable the 2FA by sending the user a malicious form.

  • CVE-2014-10031Jan 13, 2015
    risk 0.03cvss epss 0.04

    Buffer overflow in the IMAPd service in Qualcomm Eudora WorldMail 9.0.333.0 allows remote attackers to execute arbitrary code via a long string in a UID command.

  • CVE-2014-4322Dec 24, 2014
    risk 0.03cvss epss 0.02

    drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to…

  • CVE-2007-3166Jun 11, 2007
    risk 0.03cvss epss 0.02

    Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted, remote IMAP servers to execute arbitrary code via a long FLAGS response to a SELECT INBOX command.

  • CVE-2007-2770May 21, 2007
    risk 0.03cvss epss 0.03

    Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote SMTP servers to execute arbitrary code via a long SMTP reply. NOTE: the user must click through a warning about a possible buffer overflow exploit to trigger this issue.

  • CVE-2006-0637Feb 10, 2006
    risk 0.03cvss epss 0.02

    Buffer overflow in cram.dll in QUALCOMM Eudora WorldMail 3.0 allows remote attackers to execute arbitrary code via an IMAP APPEND command with a long message literal argument, as demonstrated by Worldmail.pl. NOTE: this is a different vector and a different manipulation than…

  • CVE-2005-3189Nov 18, 2005
    risk 0.03cvss epss 0.06

    Directory traversal vulnerability in Qualcomm WorldMail IMAP Server allows remote attackers to read arbitrary email messages via ".." sequences in the SELECT command.

  • CVE-2005-3098Sep 28, 2005
    risk 0.03cvss epss 0.01

    poppassd in Qualcomm qpopper 4.0.8 allows local users to modify arbitrary files and gain privileges via the -t (trace file) command line argument.

  • CVE-2004-1521Dec 31, 2004
    risk 0.03cvss epss 0.02

    Eudora 6.2.0.14 does not issue a warning when a user forwards an e-mail message that contains base64 or quoted-printable encoded attachments, which makes it easier for remote attackers to read arbitrary files via spoofed "Converted" headers.

  • CVE-2004-2005May 6, 2004
    risk 0.03cvss epss 0.03

    Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows remote attackers to execute arbitrary code via an e-mail with (1) a link to a long URL to the C drive or (2) a long attachment name.

  • CVE-2004-1944Apr 14, 2004
    risk 0.03cvss epss 0.02

    Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a denial of service (crash) via a deeply nested multipart MIME message.

  • CVE-2003-1452Dec 31, 2003
    risk 0.03cvss epss 0.01

    Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4.05 allows local users to execute arbitrary code by modifying the PATH environment variable to reference a malicious smbpasswd program.

  • CVE-2003-0376Jun 16, 2003
    risk 0.03cvss epss 0.02

    Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a denial of service (crash and failed restart) and possibly execute arbitrary code via an Attachment Converted argument with a large number of . (dot) characters.

  • CVE-2003-0336May 22, 2003
    risk 0.03cvss epss 0.02

    Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files via an email message with a carriage return (CR) character in a spoofed "Attachment Converted:" string, which is not properly handled by Eudora.

  • CVE-2002-2351Dec 31, 2002
    risk 0.03cvss epss 0.03

    Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." (dot).

  • CVE-2002-0833Aug 12, 2002
    risk 0.03cvss epss 0.03

    Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a multi-part message with a long boundary string.

  • CVE-2002-0454Aug 12, 2002
    risk 0.03cvss epss 0.05

    Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a very large string, which causes an infinite loop.

  • CVE-2001-1487Dec 31, 2001
    risk 0.03cvss epss 0.01

    popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users to overwrite arbitrary files and execute commands as the pop user via a symlink attack on the -trace file option.

  • CVE-2001-0365Jun 27, 2001
    risk 0.03cvss epss 0.03

    Eudora before 5.1 allows a remote attacker to execute arbitrary code, when the 'Use Microsoft Viewer' and 'allow executables in HTML content' options are enabled, via an HTML email message containing Javascript, with ActiveX controls and malicious code within IMG tags.

  • CVE-2001-1326May 29, 2001
    risk 0.03cvss epss 0.03

    Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form that is activated from an image that the attacker spoofs as a link, which…

  • CVE-2000-0442May 24, 2000
    risk 0.03cvss epss 0.03

    Qpopper 2.53 and earlier allows local users to gain privileges via a formatting string in the From: header, which is processed by the euidl command.

  • CVE-2000-0096Jan 26, 2000
    risk 0.03cvss epss 0.01

    Buffer overflow in qpopper 3.0 beta versions allows local users to gain privileges via a long LIST command.

  • CVE-1999-0822Nov 30, 1999
    risk 0.03cvss epss 0.05

    Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via AUTH command.

  • CVE-2021-1965Jul 13, 2021
    risk 0.02cvss epss 0.03

    Possible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Mobile, Snapdragon Wired Infrastructure and Networking

  • CVE-2020-3657Nov 2, 2020
    risk 0.01cvss epss 0.28

    u'Remote code execution can happen by sending a carefully crafted POST query when Device configuration is accessed from a tethered client through webserver due to lack of array bound check.' in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial…

  • CVE-2006-6336Dec 31, 2006
    risk 0.01cvss epss 0.07

    Heap-based buffer overflow in the Mail Management Server (MAILMA.exe) in Eudora WorldMail 3.1.x allows remote attackers to execute arbitrary code via a crafted request containing successive delimiters.

  • CVE-2025-24857Dec 10, 2025
    risk 0.00cvss epss 0.00

    Improper access control for volatile memory containing boot code in Universal Boot Loader (U-Boot) before 2017.11 and Qualcomm chips IPQ4019, IPQ5018, IPQ5322, IPQ6018, IPQ8064, IPQ8074, and IPQ9574 could allow an attacker to execute arbitrary code.

  • CVE-2025-43993Sep 25, 2025
    risk 0.00cvss epss 0.00

    Dell Wireless 5932e and Qualcomm Snapdragon X62 Firmware and GNSS/GPS Driver, versions prior to 3.2.0.22 contain an Unquoted Search Path or Element vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Code Execution.

  • CVE-2022-49692Feb 26, 2025
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: net: phy: at803x: fix NULL pointer dereference on AR9331 PHY Latest kernel will explode on the PHY interrupt config, since it depends now on allocated priv. So, run probe to allocate priv to fix it. …

  • CVE-2024-53149Dec 24, 2024
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: glink: fix off-by-one in connector_status UCSI connector's indices start from 1 up to 3, PMIC_GLINK_MAX_PORTS. Correct the condition in the pmic_glink_ucsi_connector_status() callback, fixing…

  • CVE-2023-52765May 21, 2024
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: mfd: qcom-spmi-pmic: Fix revid implementation The Qualcomm SPMI PMIC revid implementation is broken in multiple ways. First, it assumes that just because the sibling base device has been registered that means…

  • CVE-2024-35994May 20, 2024
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: uefisecapp: Fix memory related IO errors and crashes It turns out that while the QSEECOM APP_SEND command has specific fields for request and response buffers, uefisecapp expects them both to…

  • CVE-2024-35850May 17, 2024
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: qca: fix NULL-deref on non-serdev setup Qualcomm ROME controllers can be registered from the Bluetooth line discipline and in this case the HCI UART serdev pointer is NULL. Add the missing sanity…

  • CVE-2023-43547Mar 4, 2024
    risk 0.00cvss epss 0.00

    Memory corruption while invoking IOCTLs calls in Automotive Multimedia.

  • CVE-2023-33105Mar 4, 2024
    risk 0.00cvss epss 0.01

    Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence number.

Page 17 of 41