Vulnerabilidades em Qualcomm, Inc.

2.934 resultados
Análise Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2018-13907While deserializing any key blob during key operations, buffer overflow could occur, exposing partial key information if any key operations EPSS 0.7%CVE-2025-21479HIGHIncorrect Authorization in GraphicsEPSS 0.7%KEVCVE-2024-21473CRITICALImproper Input Validation in WIN SONEPSS 0.7%CVE-2020-11115u'Buffer over read occurs while processing information element from beacon due to lack of check of data received from beacon' in Snapdragon EPSS 0.7%CVE-2019-2310Out of bound read would occur while trying to read action category and action ID without validating the action length of the Rx Frame body iEPSS 0.7%CVE-2020-11118u'Information exposure issues while processing IE header due to improper check of beacon IE frame' in Snapdragon Auto, Snapdragon Compute, SEPSS 0.7%CVE-2020-11303HIGHAccepting AMSDU frames with mismatched destination and source address can lead to information disclosure in Snapdragon Auto, Snapdragon ConnEPSS 0.7%CVE-2019-2273IOMMU page fault while playing h265 video file leads to denial of service issue in Snapdragon Auto, Snapdragon Compute, Snapdragon ConnectivEPSS 0.7%CVE-2019-10485Infinite loop while decoding compressed data can lead to overrun condition in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, EPSS 0.7%CVE-2019-2337While Skipping unknown IES, EMM is reading the buffer even if the no of bytes to read are more than message length which may cause device toEPSS 0.7%CVE-2020-3645Firmware will hit assert in WLAN firmware If encrypted data length in FILS IE of reassoc response is more than 528 bytes in Snapdragon CompuEPSS 0.7%CVE-2019-14010The device may enter into error state when some tool or application gets failure at 1st buffer map all and performs 2nd buffer map which hapEPSS 0.7%CVE-2020-3651Active command timeout since WM status change cmd is not removed from active queue if peer sends multiple deauth frames. in Snapdragon Auto,EPSS 0.7%CVE-2014-9935In TrustZone an integer overflow vulnerability leading to a buffer overflow could potentially occur in a DRM routine in all Android releasesEPSS 0.7%CVE-2017-17766In wma_peer_info_event_handler() in Android for MSM, Firefox OS for MSM, and QRD Android before 2017-10-03, the value of num_peers received EPSS 0.7%CVE-2016-10239In TrustZone access control policy may potentially be bypassed in all Android releases from CAF using the Linux kernel due to improper inputEPSS 0.7%CVE-2017-11088Improper Input Validation in Linux io-prefetch in Snapdragon Mobile and Snapdragon Wear, A SQL injection vulnerability exists in versions MSEPSS 0.7%CVE-2017-18147In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security pEPSS 0.7%CVE-2019-10482Due to the use of non-time-constant comparison functions there is issue in timing side channels which can be used as a potential side channeEPSS 0.6%CVE-2019-2335While processing Attach Reject message, Valid exit condition is not met resulting into an infinite loop in Snapdragon Auto, Snapdragon CompuEPSS 0.6%