Vulnerabilidades en Qualcomm, Inc.

2934 resultados
Análisis Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2020-11257Memory corruption due to lack of validation of pointer arguments passed to TrustZone BSP in Snapdragon Wired Infrastructure and NetworkingEPSS 0.2%CVE-2019-2257Wrong permissions in configuration file can lead to unauthorized permission in Snapdragon Auto, Snapdragon Connectivity, Snapdragon ConsumerEPSS 0.2%CVE-2020-11258Memory corruption due to lack of validation of pointer arguments passed to Trustzone BSP in Snapdragon Wired Infrastructure and NetworkingEPSS 0.2%CVE-2018-13895Due to the missing permissions on several content providers of the RCS app in its android manifest file will lead to an unprivileged access EPSS 0.2%CVE-2020-11259Memory corruption due to lack of validation of pointer arguments passed to Trustzone BSP in Snapdragon Wired Infrastructure and NetworkingEPSS 0.2%CVE-2026-25293CRITICALIncorrect authorization in PLC FWEPSS 0.2%CVE-2018-13927Debug policy with invalid signature can be loaded when the debug policy functionality is disabled by using the parallel image loading in SnaEPSS 0.2%CVE-2023-21666HIGHImproper Release of Memory Before Removing Last Reference (`Memory Leak`) in GraphicsEPSS 0.2%CVE-2023-21665HIGHIncorrect Type Conversion or Cast in GraphicsEPSS 0.2%CVE-2020-11290Use after free condition in msm ioctl events due to race between the ioctl register and deregister events in Snapdragon Auto, Snapdragon ComEPSS 0.2%CVE-2019-2240While sending the rendered surface content to the screen, Error handling is not properly checked results in an unpredictable behaviour in SnEPSS 0.2%CVE-2019-2237Failure in taking appropriate action to handle the error case If keypad gpio deactivation fails leads to silent failure scenario and subsequEPSS 0.2%CVE-2019-2241While rendering the layout background, Error status check is not caught properly and also incorrect status handling is being done leading toEPSS 0.2%CVE-2023-33014HIGHImproper Input Validation in ServicesEPSS 0.2%CVE-2021-35069HIGHImproper validation of data length received from DMA buffer can lead to memory corruption. in Snapdragon Auto, Snapdragon Compute, SnapdragoEPSS 0.2%CVE-2018-11302In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, lack of check of input received EPSS 0.2%CVE-2018-5836In wma_nan_rsp_event_handler() in Android releases from CAF using the linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) beforeEPSS 0.2%CVE-2018-11960In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, A use after free condition can ocEPSS 0.2%CVE-2018-11961In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Possibility of accessing out of bEPSS 0.2%CVE-2018-11963In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, Buffer overread may occur due to EPSS 0.2%