Vulnerabilities in Qualcomm, Inc.

2,934 results

Vexday analysis

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2021-35081CRITICALPossible buffer overflow due to improper validation of SSID length received from beacon or probe response during an IBSS session in SnapdragEPSS 0.7%CVE-2015-9134—In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 615/16/SD 415, and SD 810, while prEPSS 0.7%CVE-2019-2305—Out of bound access when reason code is extracted from frame data without validating the frame length in Snapdragon Auto, Snapdragon ConsumeEPSS 0.7%CVE-2019-2309—While storing calibrated data from firmware in cache, An integer overflow may occur since data length received may exceed real data length. EPSS 0.7%CVE-2020-11172—u'fscanf reads a string from a file and stores its contents on a statically allocated stack memory which leads to stack overflow' in SnapdraEPSS 0.7%CVE-2019-2269—Possible buffer overflow while processing the high level lim process action frame due to improper buffer length validation in Snapdragon AutEPSS 0.7%CVE-2022-40520HIGHStack based buffer overflow in CoreEPSS 0.7%CVE-2018-5882—While parsing a Flac file with a corrupted comment block, a buffer over-read can occur in Snapdragon Automobile, Snapdragon Mobile and SnapdEPSS 0.7%CVE-2019-2254—Position determination accuracy may be degraded due to wrongly decoded information in Snapdragon Auto, Snapdragon Compute, Snapdragon ConsumEPSS 0.7%CVE-2018-13898—Out-of-Bounds write due to incorrect array index check in PMIC in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer Electronics ConneEPSS 0.7%CVE-2019-2253—Buffer over-read can occur while parsing an ogg file with a corrupted comment block. in Snapdragon Auto, Snapdragon Connectivity, SnapdragonEPSS 0.7%CVE-2021-30341CRITICALImproper buffer size validation of DSM packet received can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon ConnEPSS 0.7%CVE-2017-14916—In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message EPSS 0.7%CVE-2017-14908—In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, the SafeSwitch test applicatEPSS 0.7%CVE-2017-14917—In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, buffer sizes in the message EPSS 0.7%CVE-2017-11006—In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition cEPSS 0.7%CVE-2017-14909—In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a count value that is read fEPSS 0.7%CVE-2017-11005—In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a Use After Free condition cEPSS 0.7%CVE-2017-14918—In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the GPS location wirelessEPSS 0.7%CVE-2017-14914—In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, handles in the global clientEPSS 0.7%

← previouspage 31 / 147next →