Vulnerabilities in Qualcomm, Inc.

2,934 results

Vexday analysis

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2022-25708CRITICALMemory corruption in WLAN due to buffer copy without checking size of input while parsing keys in Snapdragon Connectivity, Snapdragon MobileEPSS 0.4%CVE-2018-5881—Improper validation of buffer length checks in the lwm2m device management protocol can leads to a buffer overflow in snapdragon mobile and EPSS 0.4%CVE-2019-14041—During listener modified response processing, a buffer overrun occurs due to lack of buffer size verification when updating message buffer wEPSS 0.4%CVE-2018-5879—Improper length check while processing an MQTT message can lead to heap overflow in snapdragon mobile and snapdragon wear in versions MDM920EPSS 0.4%CVE-2021-35111HIGHImproper validation of tag id while RRC sending tag id to MAC can lead to TOCTOU race condition in Snapdragon Connectivity, Snapdragon MobilEPSS 0.4%CVE-2022-34145HIGHBuffer over-read in WLAN HostEPSS 0.4%CVE-2022-40502HIGHImproper input validation in WLAN HostEPSS 0.4%CVE-2023-28581CRITICALImproper Restriction of Operations within the Bounds of a Memory Buffer in WLAN FirmwareEPSS 0.4%CVE-2022-33306HIGHBuffer over-read in WLANEPSS 0.4%CVE-2022-34146HIGHImproper input validation in WLAN HostEPSS 0.4%CVE-2022-40512HIGHBuffer over-read in WLAN Firmware.EPSS 0.4%CVE-2017-9694—While parsing Netlink attributes in QCA_WLAN_VENDOR_ATTR_EXTSCAN_BSSID_HOTLIST_PARAMS_LOST_AP_SAMPLE_SIZE in qcacld 2.0 before 2017-05-16, aEPSS 0.4%CVE-2018-5820—In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security pEPSS 0.4%CVE-2018-5822—In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security pEPSS 0.4%CVE-2019-10561—Improper initialization of local variables which are parameters to sfs api may cause invalid pointer dereference and leads to denial of servEPSS 0.4%CVE-2020-11156—u'Buffer over-read issue in Bluetooth estack due to lack of check for invalid length of L2cap packet received from peer device.' in SnapdragEPSS 0.4%CVE-2022-25720CRITICALMemory corruption in WLAN due to out of bound array access during connect/roaming in Snapdragon Auto, Snapdragon Compute, Snapdragon ConnectEPSS 0.4%CVE-2022-25727CRITICALMemory Corruption in modem due to improper length check while copying into memory in Snapdragon Consumer IOT, Snapdragon Industrial IOT, SnaEPSS 0.4%CVE-2022-25745CRITICALAlways Incorrect Control Flow Implementation in MODEMEPSS 0.4%CVE-2022-25678CRITICALBuffer Copy Without Checking Size of Input in MODEMEPSS 0.4%

← previouspage 48 / 147next →