Vulnerabilidades em Qualcomm, Inc.

2.934 resultados
Análise Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2024-33054HIGHBuffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Computer VisionEPSS 0.1%CVE-2024-38401HIGHUse After Free in Qualcomm IPCEPSS 0.1%CVE-2019-10486Race condition due to the lack of resource lock which will be concurrently modified in the memcpy statement leads to out of bound access in EPSS 0.1%CVE-2021-35079MEDIUMImproper validation of permissions for third party application accessing Telephony service API can lead to information disclosure in SnapdraEPSS 0.1%CVE-2024-23365HIGHUse After Free in SCE-MinkEPSS 0.1%CVE-2022-25705HIGHInteger Overflow to Buffer Overflow in ModemEPSS 0.1%CVE-2022-40530HIGHInteger overflow to buffer overflow in WLANEPSS 0.1%CVE-2022-33248HIGHInteger overflow to buffer overflow in User Identity ModuleEPSS 0.1%CVE-2020-11198Key material used for TZ diag buffer encryption and other data related to log buffer is not wiped securely due to improper usage of memset iEPSS 0.1%CVE-2022-25695HIGHMemory corruption in MODEM due to Improper Validation of Array Index while processing GSTK Proactive commands in Snapdragon Auto, SnapdragonEPSS 0.1%CVE-2023-28578CRITICALImproper Input Validation in ServicesEPSS 0.1%CVE-2024-33047HIGHBuffer Over-read in DisplayEPSS 0.1%CVE-2022-25698HIGHMemory corruption in SPI buses due to improper input validation while reading address configuration from spi buses in Snapdragon Mobile, SnaEPSS 0.1%CVE-2022-25697HIGHMemory corruption in i2c buses due to improper input validation while reading address configuration from i2c driver in Snapdragon Mobile, SnEPSS 0.1%CVE-2023-24852HIGHImproper Authentication in CoreEPSS 0.1%CVE-2023-28556HIGHImproper Authorization in HLOSEPSS 0.1%CVE-2022-25682HIGHMemory corruption in MODEM UIM due to usage of out of range pointer offset while decoding command from card in Snapdragon Auto, Snapdragon CEPSS 0.1%CVE-2022-25681HIGHPossible memory corruption in kernel while performing memory access due to hypervisor not correctly invalidated the processor translation caEPSS 0.1%CVE-2022-40531HIGHIncorrect type conversion in WLANEPSS 0.1%CVE-2022-25677MEDIUMMemory corruption in diag due to use after free while processing dci packet in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT,EPSS 0.1%