Vulnerabilities in Qualcomm, Inc.

2,934 results
Vexday analysis

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2016-10346In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in the hypervisor.EPSS 0.9%CVE-2019-14057Buffer Over read of codec private data while parsing an mkv file due to lack of check of buffer size before read in Snapdragon Auto, SnapdraEPSS 0.9%CVE-2019-14020Multiple Read overflows issue due to improper length check while decoding dedicated_eps_bearer_req/ act_def_context_req/ cs_serv_notificatioEPSS 0.9%CVE-2019-14082Potential buffer over-read due to lack of bound check of memory offset passed in WLAN firmware in Snapdragon Compute, Snapdragon Consumer ElEPSS 0.9%CVE-2019-10610Possible buffer over read when trying to process SDP message Video media line with frame-size attribute in video Media line in Snapdragon AuEPSS 0.9%CVE-2019-10550Buffer Over-read when UE is trying to process the message received form the network without zero termination in Snapdragon Auto, Snapdragon EPSS 0.9%CVE-2019-10577Improper input validation while processing SIP URI received from the network will lead to buffer over-read and then to denial of service in EPSS 0.9%CVE-2019-14063Out of bound access due to Invalid inputs to dapm mux settings which results into kernel failure in Snapdragon Auto, Snapdragon Compute, SnaEPSS 0.9%CVE-2019-10551String error while processing non standard SIP messages received can lead to buffer overread and then denial of service in Snapdragon Auto, EPSS 0.9%CVE-2019-10552Multiple Buffer Over-read issue can happen due to improper length checks while decoding Service Reject/RAU Reject/PTMSI Realloc cmd in SnapdEPSS 0.9%CVE-2019-10579Buffer over-read can occur while playing the video clip which is not standard in Snapdragon Auto, Snapdragon Compute, Snapdragon ConnectivitEPSS 0.9%CVE-2019-14011Multiple Read overflows issue due to improper length check while decoding 3G attach accept/ SMS/ pdn connection reject/ esm data transport/ EPSS 0.9%CVE-2019-14033Multiple Read overflows issue due to improper length check while decoding tau reject/tau accept/detach request/attach reject/attach accept iEPSS 0.9%CVE-2019-14019Multiple Read overflows issue due to improper length check while decoding RAU accept/PDN disconnect Rej/Modify EPS ctxt req/bearer resource EPSS 0.9%CVE-2020-11213Out of bound reads might occur in while processing Service descriptor due to improper validation of length of fields in Snapdragon Auto, SnaEPSS 0.9%CVE-2020-11212Out of bounds reads while parsing NAN beacons attributes and OUIs due to improper length of field check in Snapdragon Auto, Snapdragon CompuEPSS 0.9%CVE-2018-5829In wlan_hdd_cfg80211_set_privacy_ibss() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD AndroiEPSS 0.9%CVE-2020-3670u'Potential out of bounds read while processing downlink NAS transport message due to improper length check of Information Element(IEI) NAS EPSS 0.9%CVE-2016-10464In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDEPSS 0.9%CVE-2016-10427In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDEPSS 0.9%