Vulnerabilidades em Qualcomm, Inc.

2.934 resultados

Análise Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2021-30310HIGHPossible buffer overflow due to Improper validation of received CF-ACK and CF-Poll data frames in Snapdragon Auto, Snapdragon Connectivity, EPSS 0.6%CVE-2021-1910HIGHDouble free in video due to lack of input buffer length check in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon CoEPSS 0.6%CVE-2014-9936—In TrustZone a time-of-check time-of-use race condition could potentially exist in an authentication routine in all Android releases from CAEPSS 0.6%CVE-2018-11285—In Snapdragon (Automobile, Mobile, Wear) in version MDM9206, MDM9607, MDM9650, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SDEPSS 0.6%CVE-2021-30300HIGHPossible denial of service due to incorrectly decoding hex data for the SIB2 OTA message and assigning a garbage value to choice when procesEPSS 0.6%CVE-2021-1914HIGHLoop with unreachable exit condition may occur due to improper handling of unsupported input in Snapdragon Auto, Snapdragon Compute, SnapdraEPSS 0.6%CVE-2021-30273HIGHPossible assertion due to improper handling of IPV6 packet with invalid length in destination options header in Snapdragon Auto, Snapdragon EPSS 0.6%CVE-2021-30293HIGHPossible assertion due to lack of input validation in PUSCH configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, SEPSS 0.6%CVE-2021-30353HIGHImproper validation of function pointer type with actual function signature can lead to assertion in Snapdragon Auto, Snapdragon Compute, SnEPSS 0.6%CVE-2021-1982HIGHPossible denial of service scenario due to improper input validation of received NAS OTA message in Snapdragon Auto, Snapdragon Compute, SnaEPSS 0.6%CVE-2021-30307HIGHPossible denial of service due to improper validation of DNS response when DNS client requests with PTR, NAPTR or SRV query type in SnapdragEPSS 0.6%CVE-2021-30301HIGHPossible denial of service due to out of memory while processing RRC and NAS OTA message in Snapdragon Auto, Snapdragon Industrial IOT, SnapEPSS 0.6%CVE-2021-30330HIGHPossible null pointer dereference due to improper validation of APE clip in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, SnEPSS 0.6%CVE-2021-1974HIGHPossible buffer over read due to lack of alignment between map or unmap length of IPA SMMU and WLAN SMMU in Snapdragon Auto, Snapdragon CompEPSS 0.6%CVE-2021-30287HIGHPossible assertion due to improper validation of symbols configured for PDCCH monitoring in Snapdragon Auto, Snapdragon Compute, Snapdragon EPSS 0.6%CVE-2021-35087HIGHPossible null pointer access due to improper validation of system information message to be processed in Snapdragon Industrial IOT, SnapdragEPSS 0.6%CVE-2021-35073HIGHPossible assertion due to improper validation of rank restriction field in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, SnaEPSS 0.6%CVE-2021-30340HIGHReachable assertion due to improper validation of coreset in PDCCH configuration in SA mode in Snapdragon Auto, Snapdragon Compute, SnapdragEPSS 0.6%CVE-2021-35086HIGHPossible buffer over read due to improper validation of SIB type when processing a NR system Information message in Snapdragon Auto, SnapdraEPSS 0.6%CVE-2021-35100HIGHPossible buffer over read due to improper calculation of string length while parsing Id3 tag in Snapdragon Auto, Snapdragon Compute, SnapdraEPSS 0.6%

← anteriorpágina 39 / 147próxima →