Vulnerabilities in Qualcomm, Inc.

2,934 results
Vexday analysis

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2025-21434HIGHBuffer Over-read in WLAN HostEPSS 0.2%CVE-2018-5866While processing logs, data is copied into a buffer pointed to by an untrusted pointer in Snapdragon Mobile, Snapdragon Wear in version MDM9EPSS 0.2%CVE-2018-11877When the buffer length passed is very large in WLAN, bounds check could be bypassed leading to potential buffer overwrite in Snapdragon MobiEPSS 0.2%CVE-2018-11879When the buffer length passed is very large, bounds check could be bypassed leading to potential buffer overwrite in Snapdragon Mobile in veEPSS 0.2%CVE-2018-5912Potential buffer overflow in Video due to lack of input validation in input and output values in Snapdragon Automobile, Snapdragon Mobile inEPSS 0.2%CVE-2018-5880Improper data length check while processing an event report indication can lead to a buffer overflow in snapdragon mobile and snapdragon weaEPSS 0.2%CVE-2019-13994u'Lack of check that the current received data fragment size of a particular packet that are read from shared memory are less than the actuaEPSS 0.2%CVE-2018-11873Improper input validation leads to buffer overwrite in the WLAN function that handles WLAN roam buffer in Snapdragon Mobile in version SD 84EPSS 0.2%CVE-2018-11870Buffer overwrite can occur when the legacy rates count received from the host is not checked against the maximum number of legacy rates in SEPSS 0.2%CVE-2018-11922HIGHConfigurations in Android BuildEPSS 0.2%CVE-2020-3656Out of bound access can happen in MHI command process due to lack of check of command channel id value received from MHI devices in SnapdragEPSS 0.2%CVE-2018-11871Buffer overwrite can happen in WLAN function while processing set pdev parameter command due to lack of input validation in Snapdragon AutomEPSS 0.2%CVE-2020-11124u'Possible use-after-free while accessing diag client map table since list can be reallocated due to exceeding max client limit.' in SnapdraEPSS 0.2%CVE-2025-21428HIGHBuffer Over-read in WLAN HostEPSS 0.2%CVE-2020-3616Buffer overflow in display function due to memory copy without checking length of size using strcpy function in Snapdragon Auto, Snapdragon EPSS 0.2%CVE-2018-13918kernel could return a received message length higher than expected, which leads to buffer overflow in a subsequent operation and stops normaEPSS 0.2%CVE-2021-30348MEDIUMImproper validation of LLM utility timers availability can lead to denial of service in Snapdragon Auto, Snapdragon Compute, Snapdragon ConnEPSS 0.2%CVE-2017-18155While playing HEVC content using HD DMB in Snapdragon Automobile and Snapdragon Mobile in version MSM8996AU, SD 450, SD 625, SD 820, SD 820AEPSS 0.2%CVE-2020-3678u'A buffer overflow could occur if the API is improperly used due to UIE init does not contain a buffer size a param' in Snapdragon ConsumerEPSS 0.2%CVE-2020-11308Buffer overflow occurs when trying to convert ASCII string to Unicode string if the actual size is more than required in Snapdragon Auto, SnEPSS 0.2%