Vulnerabilidades en Qualcomm, Inc.

2934 resultados

Análisis Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2021-35088HIGHPossible out of bound read due to improper validation of IE length during SSID IE parse when channel is DFS in Snapdragon Auto, Snapdragon CEPSS 0.8%CVE-2018-11955—Lack of check on length of reason-code fetched from payload may lead driver access the memory not allocated to the frame and results in out EPSS 0.8%CVE-2019-14003—Null pointer exception can happen while parsing invalid MKV clip where cue information is parsed before segment information in Snapdragon AuEPSS 0.8%CVE-2019-14008—Possible null pointer dereference issue in location assistance data processing due to missing null check on resources before using it in SnaEPSS 0.8%CVE-2019-10578—Null pointer dereference can occur while parsing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon ConnectiviEPSS 0.8%CVE-2020-11292HIGHPossible buffer overflow in voice service due to lack of input validation of parameters in QMI Voice API in Snapdragon Auto, Snapdragon CompEPSS 0.8%CVE-2019-10489—Possible null-pointer dereference can occur while parsing avi clip during copy in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IEPSS 0.8%CVE-2020-11218—Denial of service in baseband when NW configures LTE betaOffset-RI-Index due to lack of data validation in Snapdragon Auto, Snapdragon CompuEPSS 0.8%CVE-2019-10488—Null pointer dereference can occur while parsing invalid chunks while playing the nonstandard clip in Snapdragon Auto, Snapdragon Compute, SEPSS 0.8%CVE-2020-11182—Possible heap overflow while parsing NAL header due to lack of check of length of data received from user in Snapdragon Auto, Snapdragon ComEPSS 0.8%CVE-2018-11271—Improper authentication can happen on Remote command handling due to inappropriate handling of events in Snapdragon Auto, Snapdragon ComputeEPSS 0.8%CVE-2015-8592—In all Qualcomm products with Android releases from CAF using the Linux kernel, a pointer is not validated prior to being dereferenced potenEPSS 0.8%CVE-2016-10409—In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450,EPSS 0.8%CVE-2016-10432—In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 410/12, SD 425, SD 4EPSS 0.8%CVE-2020-11272—Before enqueuing a frame to the PE queue for further processing, an entry in a hash table can be deleted and using a stale version later canEPSS 0.8%CVE-2016-10439—In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile SD 425, SD 430, SD 450,EPSS 0.8%CVE-2020-11276—Possible buffer over read while processing P2P IE and NOA attribute of beacon and probe response frames due to improper validation of P2P IEEPSS 0.8%CVE-2020-11170—Out of bound memory access while playing music playbacks with crafted vorbis content due to improper checks in header extraction in SnapdragEPSS 0.8%CVE-2020-11275—Possible buffer over-read while parsing quiet IE in Rx beacon frame due to improper check of IE length in received beacon in Snapdragon AutoEPSS 0.8%CVE-2016-10435—In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM92EPSS 0.8%

← anteriorpágina 28 / 147siguiente →