Vulnerabilities in Qualcomm, Inc.

2,934 results
Vexday analysis

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2019-14113Buffer overflow can occur in In WLAN firmware while unwraping data using CCMP cipher suite during parsing of EAPOL handshake frame in SnapdrEPSS 0.9%CVE-2019-14098Possible buffer overflow in data offload handler due to lack of check of keydata length when copying data in Snapdragon Auto, Snapdragon ComEPSS 0.9%CVE-2019-10531Incorrect reading of system image resulting in buffer overflow when size of system image is increased in Snapdragon Auto, Snapdragon Mobile,EPSS 0.9%CVE-2019-14004Buffer overflow occurs while processing invalid MKV clip, which has invalid EBML size in Snapdragon Auto, Snapdragon Compute, Snapdragon ConEPSS 0.9%CVE-2019-10559Accessing data buffer beyond the available data while parsing ogg clip can lead to null-pointer dereference and then memory corruption in SnEPSS 0.9%CVE-2019-10614Out of boundary access is possible as there is no validation of data accessed against the received size of the packet in case of malicious fEPSS 0.9%CVE-2020-11168u'Null-pointer dereference can occur while accessing data buffer beyond its size that leads to access the buffer beyond its range' in SnapdrEPSS 0.9%CVE-2020-11193u'Buffer over read can happen while parsing mkv clip due to improper typecasting of data returned from atomsize' in Snapdragon Auto, SnapdraEPSS 0.9%CVE-2020-3639u'When a non standard SIP sigcomp message is received from the network, then there may be chances of using more UDVM cycle or memory overfloEPSS 0.9%CVE-2023-33107HIGHInteger Overflow or Wraparound in Graphics LinuxEPSS 0.9%KEVCVE-2020-3663Buffer over-write may occur during fetching track decoder specific information if cb size exceeds buffer size in Snapdragon Auto, SnapdragonEPSS 0.9%CVE-2020-3654u'Buffer overflow occurs while processing SIP message packet due to lack of check of index validation before copying into it' in Snapdragon EPSS 0.9%CVE-2020-3692u'Possible buffer overflow while updating output buffer for IMEI and Gateway Address due to lack of check of input validation for parametersEPSS 0.9%CVE-2020-11196u'Integer overflow to buffer overflow occurs while playback of ASF clip having unexpected number of codec entries' in Snapdragon Auto, SnapdEPSS 0.9%CVE-2015-9193In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM92EPSS 0.9%CVE-2016-10447In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9650, SDEPSS 0.9%CVE-2018-11905In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possible buffer overflow in WLAN EPSS 0.9%CVE-2017-18072In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA4EPSS 0.9%CVE-2014-9986In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MSM89EPSS 0.9%CVE-2016-10483In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 615/16/SD 415, SD 808, and SD 810, EPSS 0.9%