Vulnerabilidades en Qualcomm, Inc.

2934 resultados
Análisis Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2018-11961In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possibility of accessing out of bEPSS 0.2%CVE-2018-11302In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received EPSS 0.2%CVE-2017-9690In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in a qbt1000 ioctl handler, EPSS 0.2%CVE-2018-5865While processing a debug log event from firmware in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSEPSS 0.2%CVE-2018-3568In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security pEPSS 0.2%CVE-2018-11852In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, improper check In the WMA API foEPSS 0.2%CVE-2018-11843In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack fo check on return value inEPSS 0.2%CVE-2018-11863In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received EPSS 0.2%CVE-2019-14002APKs without proper permission may bind to CallEnhancementService and can lead to unauthorized access to call status in Snapdragon Auto, SnaEPSS 0.2%CVE-2019-2330improper input validation in allocation request for secure allocations can lead to page fault. in Snapdragon Auto, Snapdragon Compute, SnapdEPSS 0.2%CVE-2018-11883In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in policy mgr unit test if mode EPSS 0.2%CVE-2018-11903In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of length validation check EPSS 0.2%CVE-2019-14075Null pointer dereference issue in radio interface layer due to lack of null check in sapmodule destructor in Snapdragon Auto, Snapdragon ConEPSS 0.2%CVE-2018-5864While processing a WMI_APFIND event in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD AndroiEPSS 0.2%CVE-2020-11265Information disclosure issue due to lack of validation of pointer arguments passed to TZ BSP in Snapdragon Wired Infrastructure and NetworkiEPSS 0.2%CVE-2019-2239Sanity checks are missing in layout which can lead to SUI Corruption or can lead to Denial of Service in Snapdragon Auto, Snapdragon ComputeEPSS 0.2%CVE-2018-12005An unprivileged user can issue a binder call and cause a system halt in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, SnapdrEPSS 0.2%CVE-2017-17764In all Qualcomm products with Android releases from CAF using the Linux kernel, the num_failure_info value from firmware is not properly valEPSS 0.2%CVE-2017-14884In all Qualcomm products with Android releases from CAF using the Linux kernel, due to lack of bounds checking on the variable "data_len" frEPSS 0.2%CVE-2019-14025u'When a new session is created, Object is returned that contains TZ addresses and it get passed to HLOS as an handle to refer to a particulEPSS 0.2%