Vulnerabilities in Qualcomm, Inc.

2,934 results

Vexday analysis

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2017-11013—In android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, countOffset (in function UnpEPSS 0.6%CVE-2021-1925HIGHPossible denial of service scenario due to improper handling of group management action frame in Snapdragon Auto, Snapdragon Compute, SnapdrEPSS 0.6%CVE-2020-11241—Out of bound read will happen if EAPOL Key length is less than expected while processing NAN shared key descriptor attribute in Snapdragon AEPSS 0.6%CVE-2020-11238—Possible Buffer over-read in ARP/NS parsing due to lack of check of packet length received in Snapdragon Auto, Snapdragon Compute, SnapdragoEPSS 0.6%CVE-2015-9027—In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.EPSS 0.6%CVE-2015-9026—In all Android releases from CAF using the Linux kernel, an untrusted pointer dereference vulnerability exists in WideVine DRM.EPSS 0.6%CVE-2018-5886—A pointer in an ADSPRPC command is not properly validated in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox EPSS 0.6%CVE-2021-1907HIGHPossible buffer overflow due to lack of length check in BA request in Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, SnapdragEPSS 0.6%CVE-2020-11296—Arithmetic overflow can happen while processing NOA IE due to improper error handling in Snapdragon Auto, Snapdragon Compute, Snapdragon ConEPSS 0.6%CVE-2024-33066CRITICALImproper Input Validation in WLAN Resource ManagerEPSS 0.6%CVE-2021-30284HIGHPossible information exposure and denial of service due to NAS not dropping messages when integrity check fails in Snapdragon Auto, SnapdragEPSS 0.6%CVE-2021-1977HIGHPossible buffer over read due to improper validation of frame length while processing AEAD decryption during ASSOC response in Snapdragon AuEPSS 0.6%CVE-2021-1981HIGHPossible buffer over read due to improper IE size check of Bearer capability IE in MT setup request from network in Snapdragon Auto, SnapdraEPSS 0.6%CVE-2021-30304HIGHPossible buffer out of bound read can occur due to improper validation of TBTT count and length while parsing the beacon response in SnapdraEPSS 0.6%CVE-2021-1980HIGHPossible buffer over read due to lack of length check while parsing beacon IE response in Snapdragon Auto, Snapdragon Compute, Snapdragon CoEPSS 0.6%CVE-2021-1954HIGHPossible buffer over read due to improper validation of data pointer while parsing FILS indication IE in Snapdragon Auto, Snapdragon ComputeEPSS 0.6%CVE-2021-1964HIGHPossible buffer over read due to improper validation of IE size while parsing beacon from peer device in Snapdragon Auto, Snapdragon ComputeEPSS 0.6%CVE-2021-1937HIGHReachable assertion is possible while processing peer association WLAN message from host and nonstandard incoming packet in Snapdragon Auto,EPSS 0.6%CVE-2021-1943HIGHPossible buffer out of bound read can occur due to improper validation of TBTT count and length while parsing the beacon response in SnapdraEPSS 0.6%CVE-2021-1953HIGHImproper handling of received malformed FTMR request frame can lead to reachable assertion while responding with FTM1 frame in Snapdragon AuEPSS 0.6%

← previouspage 37 / 147next →