Vulnerabilidades em Qualcomm, Inc.

2.934 resultados
Análise Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2019-2320Possible out of bounds write in a MT SMS/SS scenario due to improper validation of array index in Snapdragon Auto, Snapdragon Compute, SnapdEPSS 0.9%CVE-2019-10533Out of bound access due to improper validation of array index cause the index table entry to get corrupt in Snapdragon Auto, Snapdragon CompEPSS 0.9%CVE-2019-2258Improper validation of array index causes OOB write and then leads to memory corruption in MMCP in Snapdragon Auto, Snapdragon Compute, SnapEPSS 0.9%CVE-2019-10526Out of bound write in WLAN driver due to NULL character not properly placed after SSID name in Snapdragon Auto, Snapdragon Compute, SnapdragEPSS 0.9%CVE-2019-10589Lack of length check of response buffer can lead to buffer over-flow while GP command response buffer handling in Snapdragon Auto, SnapdragoEPSS 0.9%CVE-2019-10493Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon ConsumEPSS 0.9%CVE-2019-10516Multiple read overflows in MM while decoding service accept,service reject,attach reject and MT detach in Snapdragon Auto, Snapdragon ComputEPSS 0.9%CVE-2019-14052u'Accessing an uninitialized data structure could result in partially copying of contents and thus incorrect processing' in Snapdragon Auto,EPSS 0.9%CVE-2019-14132Buffer over-write when this 0-byte buffer is typecasted to some other structure and hence memory corruption in Snapdragon Auto, Snapdragon CEPSS 0.9%CVE-2019-14016Integer overflow occurs while playing the clip which is nonstandard in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, SnapdraEPSS 0.9%CVE-2019-2323Lack of check to ensure crypto engine data passed by user is initialized can result in bus error in Snapdragon Auto, Snapdragon Compute, SnaEPSS 0.9%CVE-2019-10541Dereference on uninitialized buffer can happen when parsing FLV clip with corrupted codec specific data in Snapdragon Auto, Snapdragon CompuEPSS 0.9%CVE-2020-11116u'Possible out of bound write while processing association response received from host due to lack of check of IE length' in Snapdragon AutoEPSS 0.9%CVE-2019-2332Memory corruption while accessing the memory as payload size is not validated before access in Snapdragon Auto, Snapdragon Compute, SnapdragEPSS 0.9%CVE-2019-10590Out of bound access while parsing dts atom, which is non-standard as it does not have valid number of tracks in Snapdragon Auto, Snapdragon EPSS 0.9%CVE-2019-10511Possibility of memory overflow while decoding GSNDCP compressed mode PDU in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, SnEPSS 0.9%CVE-2019-14086Possible integer overflow while checking the length of frame which is a 32 bit integer and is added to another 32 bit integer which can leadEPSS 0.9%CVE-2019-10609Out of bound write can happen due to lack of check of array index value while calculating it. in Snapdragon Auto, Snapdragon Compute, SnapdrEPSS 0.9%CVE-2019-2325Out of boundary access due to token received from ADSP and is used without validation as an index into the array in Snapdragon Auto, SnapdraEPSS 0.9%CVE-2019-2324When ADSP is compromised, the audio port index that`s returned from ADSP might be out of the valid range and leads to out of boundary accessEPSS 0.9%