Vulnerabilidades em Qualcomm, Inc.

2.934 resultados
Análise Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2019-14056u'Possible integer overflow in API due to lack of check on large oid range count in cert extension field' in Snapdragon Auto, Snapdragon ComEPSS 0.2%CVE-2020-3687Local privilege escalation in admin services in Windows environment can occur due to an arbitrary read issue.EPSS 0.2%CVE-2019-14117u'Whenever the page list is updated via privileged user, the previous list elements are freed but are not deleted from the list which resultEPSS 0.2%CVE-2026-21367HIGHBuffer Over-read in WLAN FirmwareEPSS 0.2%CVE-2019-14066Integer overflow in calculating estimated output buffer size when getting a list of installed Feature IDs, Serial Numbers or checking FeaturEPSS 0.2%CVE-2019-13998u'Lack of check that the TX FIFO write and read indices that are read from shared RAM are less than the FIFO size results into memory corrupEPSS 0.2%CVE-2019-13995u'Lack of integer overflow check for addition of fragment size and remaining size that are read from shared memory can lead to memory corrupEPSS 0.2%CVE-2019-10596u'Improper access control can lead signed process to guess pid of other processes and access their address space' in Snapdragon Auto, SnapdrEPSS 0.2%CVE-2018-5838Improper Validation of Array Index In the adreno OpenGL driver in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, an out-of-boEPSS 0.2%CVE-2020-3625When making query to DSP capabilities, Stack out of bounds occurs due to wrong buffer length configured for DSP attributes in Snapdragon AutEPSS 0.2%CVE-2019-14018Possible out of bound array access as there is no check on carrier index passed in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer EPSS 0.2%CVE-2019-14021Possible buffer overrun when processing EFS filename and payload sent over diag interface due to lack of check for filename length and payloEPSS 0.2%CVE-2019-14054Improper permissions in XBL_SEC region enable user to update XBL_SEC code and data and divert the RAM dump path to normal cold boot path in EPSS 0.2%CVE-2019-14122Memory failure in SKB if it fails to to add the requested padding to the skb in low memory targets or targets with major memory fragmentatioEPSS 0.2%CVE-2019-14087Failure in buffer management while accessing handle for HDR blit when color modes not supported by display in Snapdragon Consumer IOT, SnapdEPSS 0.2%CVE-2018-11299In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, when WLAN FW has not filled the EPSS 0.2%CVE-2018-11262In Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel while trying to find out tEPSS 0.2%CVE-2018-11897In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, while processing diag event afteEPSS 0.2%CVE-2019-14135Possible integer overflow to buffer overflow in WLAN while parsing nonstandard NAN IE messages. in Snapdragon Auto, Snapdragon Compute, SnapEPSS 0.2%CVE-2019-10606Out-of-bound access will occur in USB driver due to lack of check to validate the frame size passed by user in Snapdragon Auto, Snapdragon CEPSS 0.2%