Vulnerabilities in Qualcomm, Inc.

2,934 results

Vexday analysis

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2020-11139—Out of bound memory access while processing frames due to lack of check of invalid frames received in Snapdragon Auto, Snapdragon Compute, SEPSS 0.8%CVE-2020-11200—Buffer over-read while parsing RPS due to lack of check of input validation on values received from user side. in Snapdragon Auto, SnapdragoEPSS 0.8%CVE-2020-11119—Buffer over-read can happen when the buffer length received from response handlers is more than the size of the payload in Snapdragon Auto, EPSS 0.8%CVE-2015-9030—In all Android releases from CAF using the Linux kernel, the Hypervisor API could be misused to bypass authentication.EPSS 0.8%CVE-2021-1919CRITICALInteger underflow can occur when the RTCP length is lesser than than the actual blocks present in Snapdragon Auto, Snapdragon Compute, SnapdEPSS 0.8%CVE-2021-1946CRITICALNull Pointer Dereference may occur due to improper validation while processing crafted SDP body in Snapdragon Auto, Snapdragon Compute, SnapEPSS 0.8%CVE-2021-1933CRITICALUE assertion is possible due to improper validation of invite message with SDP body in Snapdragon Auto, Snapdragon Compute, Snapdragon ConneEPSS 0.8%CVE-2021-1920CRITICALInteger underflow can occur due to improper handling of incoming RTCP packets in Snapdragon Auto, Snapdragon Compute, Snapdragon ConnectivitEPSS 0.8%CVE-2021-1976CRITICALA use after free can occur due to improper validation of P2P device address in PD Request frame in Snapdragon Auto, Snapdragon Compute, SnapEPSS 0.8%CVE-2021-1916CRITICALPossible buffer underflow due to lack of check for negative indices values when processing user provided input in Snapdragon Auto, SnapdragoEPSS 0.8%CVE-2016-10417—In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ40EPSS 0.8%CVE-2021-30321CRITICALPossible buffer overflow due to lack of parameter length check during MBSSID scan IE parse in Snapdragon Compute, Snapdragon Connectivity, SEPSS 0.8%CVE-2020-11169—u'Buffer over-read while processing received L2CAP packet due to lack of integer overflow check' in Snapdragon Auto, Snapdragon Compute, SnaEPSS 0.8%CVE-2016-10433—In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM96EPSS 0.8%CVE-2020-3615—Valid deauth/disassoc frames is dropped in case if RMF is enabled and some rouge peer keep on sending rogue deauth/disassoc frames due to imEPSS 0.8%CVE-2023-33105HIGHConfiguration Issue in WLAN Host and FirmwareEPSS 0.8%CVE-2020-3681—Authenticated and encrypted payload MMEs can be forged and remotely sent to any HPAV2 system using a jailbreak key recoverable from code.EPSS 0.7%CVE-2015-9166—In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ40EPSS 0.7%CVE-2021-35104CRITICALPossible buffer overflow due to improper parsing of headers while playing the FLAC audio clip in Snapdragon Auto, Snapdragon Compute, SnapdrEPSS 0.7%CVE-2016-10443—In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM92EPSS 0.7%

← previouspage 30 / 147next →