Vulnerabilidades en Qualcomm, Inc.

2934 resultados
Análisis Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2017-11015In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, currently, the value of SIR_EPSS 0.5%CVE-2016-10339In all Android releases from CAF using the Linux kernel, HLOS can overwite secure memory or read contents of the keystore.EPSS 0.5%CVE-2018-3563In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security pEPSS 0.5%CVE-2017-9685In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition in a WLAN driver can lead to a Use After FrEPSS 0.5%CVE-2016-10336In all Android releases from CAF using the Linux kernel, some regions of memory were not protected during boot.EPSS 0.5%CVE-2016-10337In all Android releases from CAF using the Linux kernel, some validation of secure applications was not being performed.EPSS 0.5%CVE-2016-10332In all Android releases from CAF using the Linux kernel, stack protection was not enabled for secure applications.EPSS 0.5%CVE-2017-8255In all Qualcomm products with Android releases from CAF using the Linux kernel, an integer overflow vulnerability exists in boot.EPSS 0.5%CVE-2018-11891In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check on the length of aEPSS 0.5%CVE-2021-35083HIGHPossible out of bound read due to improper validation of certificate chain in SSL or Internet key exchange in Snapdragon Auto, Snapdragon CoEPSS 0.5%CVE-2018-3599In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security pEPSS 0.5%CVE-2018-3596In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security pEPSS 0.5%CVE-2022-40514CRITICALBuffer copy without checking size of input in WLAN FirmwareEPSS 0.5%CVE-2018-11263In all Android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the Linux kernel, radio_id is received from the FWEPSS 0.5%CVE-2017-14907In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, cryptographic strength is reEPSS 0.5%CVE-2015-9021In all Android releases from CAF using the Linux kernel, access control to SMEM memory was not enabled.EPSS 0.5%CVE-2017-8243A buffer overflow can occur in all Qualcomm products with Android for MSM, Firefox OS for MSM, or QRD Android when processing a firmware imaEPSS 0.5%CVE-2018-5872While parsing over-the-air information elements in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSMEPSS 0.5%CVE-2015-9024In all Android releases from CAF using the Linux kernel, some interfaces were improperly exposed to QTEE applications.EPSS 0.5%CVE-2023-33045CRITICALBuffer Copy Without Checking Size of Input in WLAN FirmwareEPSS 0.5%