Vulnerabilities in Qualcomm, Inc.

2,934 results

Vexday analysis

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2017-11079—In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, while processing sparse imagEPSS 0.4%CVE-2017-9709—In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a privilege escalation vulneEPSS 0.4%CVE-2017-15813—In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a buffer overflow can occur EPSS 0.4%CVE-2018-5850—In the function csr_update_fils_params_rso(), insufficient validation on a key length can result in an integer underflow leading to a bufferEPSS 0.4%CVE-2023-28582CRITICALBuffer Copy Without Checking Size of Input in Data ModemEPSS 0.4%CVE-2018-3584—In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security pEPSS 0.4%CVE-2018-3598—In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security pEPSS 0.4%CVE-2017-17770—In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security pEPSS 0.4%CVE-2014-9975—In all Qualcomm products with Android releases from CAF using the Linux kernel, a rollback vulnerability potentially exists in Full Disk EncEPSS 0.4%CVE-2022-22096CRITICALMemory corruption in Bluetooth HOST due to stack-based buffer overflow when when extracting data using command length parameter in SnapdragoEPSS 0.4%CVE-2022-25748CRITICALMemory corruption in WLAN due to integer overflow to buffer overflow while parsing GTK frames. in Snapdragon Auto, Snapdragon Compute, SnapdEPSS 0.4%CVE-2023-33061HIGHBuffer Over-read in WLAN FirmwareEPSS 0.4%CVE-2023-33056HIGHNULL Pointer dereference in WLAN FirmwareEPSS 0.4%CVE-2023-33047HIGHBuffer Over-read in WLAN FirmwareEPSS 0.4%CVE-2022-25671HIGHDenial of service in MODEM due to reachable assertion in Snapdragon MobileEPSS 0.4%CVE-2023-33048HIGHBuffer over-read in WLAN FirmwareEPSS 0.4%CVE-2015-9031—In all Android releases from CAF using the Linux kernel, a TZ memory address is exposed to HLOS by HDCP.EPSS 0.4%CVE-2015-9032—In all Android releases from CAF using the Linux kernel, a DRM key was exposed to QTEE applications.EPSS 0.4%CVE-2023-28540CRITICALImproper Authentication in Data ModemEPSS 0.4%CVE-2022-22105CRITICALMemory corruption in bluetooth due to integer overflow while processing HFP-UNIT profile in Snapdragon Auto, Snapdragon Consumer IOT, SnapdrEPSS 0.4%

← previouspage 47 / 147next →