Vulnerabilidades em Qualcomm, Inc.

2.934 resultados
Análise Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2018-12013Improper authentication in locked memory region can lead to unprivilged access to the memory in Snapdragon Auto, Snapdragon Compute, SnapdraEPSS 0.2%CVE-2017-18321Security keys used by the terminal and NW for a session could be leaked in snapdragon mobile in versions MDM9650, MDM9655, SD 835, SDA660.EPSS 0.2%CVE-2018-11925Data length received from firmware is not validated against the max allowed size which can result in buffer overflow. in Snapdragon Auto, SnEPSS 0.2%CVE-2017-18319Information leak in UIM API debug messages in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDM9625, MDM9635MEPSS 0.2%CVE-2017-18323Cryptographic key material leaked in TDSCDMA RRC debug messages in snapdragon automobile, snapdragon mobile and snapdragon wear in versions EPSS 0.2%CVE-2017-18322Cryptographic key material leaked in WCDMA debug messages in snapdragon mobile and snapdragon wear in versions MDM9206, MDM9607, MDM9615, MDEPSS 0.2%CVE-2017-18172In a device, with screen size 1440x2560, the check of contiguous buffer will overflow on certain buffer size resulting in an Integer OverfloEPSS 0.2%CVE-2020-11181Out of bound access issue while handling cvp process control command due to improper validation of buffer pointer received from HLOS in SnapEPSS 0.2%CVE-2020-11130u'Possible buffer overflow in WIFI hal process due to copying data without checking the buffer length' in Snapdragon Auto, Snapdragon ComputEPSS 0.2%CVE-2018-11970TZ App dynamic allocations not protected from XBL loader in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics ConnectivitEPSS 0.2%CVE-2018-11999Improper input validation in trustzone can lead to denial of service in snapdragon automobile, snapdragon mobile and snapdragon wear in versEPSS 0.2%CVE-2018-5914Improper input validation in TZ led to array out of bound in TZ function while accessing the peripheral details using the incoming data in SEPSS 0.2%CVE-2018-11966Undefined behavior in UE while processing unknown IEI in OTA message in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, SnapdrEPSS 0.2%CVE-2018-11968Improper check before assigning value can lead to integer overflow in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, SnapdragEPSS 0.2%CVE-2018-11858When processing IE set command, buffer overwrite may occur due to lack of input validation of the IE length in Snapdragon Mobile in version EPSS 0.2%CVE-2018-11830Improper input validation in QCPE create function may lead to integer overflow in Snapdragon Auto, Snapdragon Consumer Electronics ConnectivEPSS 0.2%CVE-2020-11149Out of bound access due to usage of an out-of-range pointer offset in the camera driver. in Snapdragon Auto, Snapdragon Compute, Snapdragon EPSS 0.2%CVE-2018-12012While updating blacklisting region shared buffered memory region is not validated against newly updated black list, causing boot-up to be coEPSS 0.2%CVE-2019-2316When computing the digest a local variable is used after going out of scope in Snapdragon Auto, Snapdragon Consumer IOT, Snapdragon Mobile, EPSS 0.2%CVE-2018-5839Improperly configured memory protection allows read/write access to modem image from HLOS kernel in Snapdragon Auto, Snapdragon Compute, SnaEPSS 0.2%