Vulnerabilidades en Qualcomm, Inc.

2934 resultados

Análisis Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2015-9064—In all Qualcomm products with Android releases from CAF using the Linux kernel, the UE can send IMEI or IMEISV to the network on a network rEPSS 0.9%CVE-2016-10448—In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDEPSS 0.9%CVE-2020-3662—Buffer overflow can occur while parsing eac3 header while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, SnapEPSS 0.9%CVE-2019-2287—Improper validation for inputs received from firmware can lead to an out of bound write issue in video driver. in Snapdragon Auto, SnapdragoEPSS 0.9%CVE-2016-10385—In all Qualcomm products with Android releases from CAF using the Linux kernel, a use-after-free vulnerability exists in IMS RCS.EPSS 0.9%CVE-2020-11307CRITICALBuffer overflow in modem due to improper array index check before copying into it in Snapdragon Auto, Snapdragon Compute, Snapdragon ConnectEPSS 0.9%CVE-2020-11291CRITICALPossible buffer overflow while updating ikev2 parameters for delete payloads received during informational exchange due to lack of check of EPSS 0.9%CVE-2019-2279—Shared memory gets updated with invalid data and may lead to access beyond the allocated memory. in Snapdragon Auto, Snapdragon ConnectivityEPSS 0.9%CVE-2019-2259—Resource allocation error while playing the video whose dimensions are more than supported dimension in Snapdragon Auto, Snapdragon Compute,EPSS 0.9%CVE-2018-13925—Error in parsing PMT table frees the memory allocated for the map section but does not reset the context map section reference causing heap EPSS 0.9%CVE-2018-11936—Index of array is processed in a wrong way inside a while loop and result in invalid index (-1 or something else) leads to out of bound memoEPSS 0.9%CVE-2019-2327—Possible buffer overflow can occur when playing clip with incorrect element size in Snapdragon Auto, Snapdragon Compute, Snapdragon ConsumerEPSS 0.9%CVE-2018-5878—While sending the response to a RIL_REQUEST_GET_SMSC_ADDRESS message, a buffer overflow can occur in Snapdragon Automobile, Snapdragon MobilEPSS 0.9%CVE-2015-9169—In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 20EPSS 0.9%CVE-2015-9132—In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Small Cell SoC FSM9055, SD 210/SD 212/SD 205,EPSS 0.9%CVE-2015-9131—In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 8EPSS 0.9%CVE-2015-9163—In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM92EPSS 0.9%CVE-2017-18126—In Android before security patch level 2018-04-05 on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, QCA6EPSS 0.9%CVE-2020-3660—Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute,EPSS 0.9%CVE-2020-3658—Possible null-pointer dereference can occur while parsing mp4 clip with corrupted sample table atoms in Snapdragon Auto, Snapdragon Compute,EPSS 0.9%

← anteriorpágina 17 / 147siguiente →