Vulnerabilities in Qualcomm, Inc.

2,934 results

Vexday analysis

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2020-11143—Out of bound memory access during music playback with modified content due to copying data without checking destination buffer size in SnapdEPSS 1.1%CVE-2020-3691—Possible out of bound memory access in audio due to integer underflow while processing modified contents in Snapdragon Auto, Snapdragon CompEPSS 1.1%CVE-2020-11136—Buffer Over-read in audio driver while using malloc management function due to not returning NULL for zero sized memory requirement in SnapdEPSS 1.1%CVE-2020-3668—u'Buffer overflow while parsing PMF enabled MCBC frames due to frame length being lesser than what is expected while parsing' in Snapdragon EPSS 1.1%CVE-2020-3673—u'Buffer overflow can happen as part of SIP message packet processing while storing values in array due to lack of check to validate the indEPSS 1.0%CVE-2015-9183—In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 617, SD 650/52, SD 800, SD 808, andEPSS 1.0%CVE-2014-9997—In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9625, MDM9635M, MEPSS 1.0%CVE-2015-9129—In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM92EPSS 1.0%CVE-2015-9115—In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 410/12, SD EPSS 1.0%CVE-2015-9120—In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ40EPSS 1.0%CVE-2015-9113—In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 425, SD 430EPSS 1.0%CVE-2017-18128—In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile SD 845, SD 850, improper access control while configuring MPEPSS 1.0%CVE-2014-9998—In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ40EPSS 1.0%CVE-2016-10456—In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDEPSS 1.0%CVE-2016-5349—The high level operating systems (HLOS) was not providing sufficient memory address information to ensure that secure applications inside QuEPSS 1.0%CVE-2016-10430—In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450,EPSS 1.0%CVE-2015-9138—In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear, and SmalEPSS 1.0%CVE-2019-2245—Possible integer underflow can happen when calculating length of elementary stream map from invalid packet length which is later used to reaEPSS 1.0%CVE-2018-13911—Out of bounds memory read and access may lead to unexpected behavior in GNSS XTRA Parser in Snapdragon Auto, Snapdragon Compute, Snapdragon EPSS 1.0%CVE-2019-2244—Possible integer underflow can happen when calculating length of elementary stream info from invalid section length which is later used to rEPSS 1.0%

← previouspage 14 / 147next →