Vulnerabilidades em Qualcomm, Inc.

2.934 resultados
Análise Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2022-25728HIGHBuffer Over-read in MODEMEPSS 0.4%CVE-2018-5916Buffer overread while decoding PDP modify request or network initiated secondary PDP activation in Snapdragon Automobile, Snapdragon Mobile EPSS 0.4%CVE-2018-3566In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security pEPSS 0.4%CVE-2014-9934A PKCS#1 v1.5 signature verification routine in all Android releases from CAF using the Linux kernel may not check padding.EPSS 0.4%CVE-2018-11904In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, asynchronous callbacks received EPSS 0.4%CVE-2024-21453HIGHImproper Input Validation in Automotive TelematicsEPSS 0.4%CVE-2024-21454HIGHInteger Overflow to Buffer Overflow in Automotive TelematicsEPSS 0.4%CVE-2017-8254In all Qualcomm products with Android releases from CAF using the Linux kernel, an audio client pointer is dereferenced before being checkedEPSS 0.4%CVE-2017-8258An array out-of-bounds access in all Qualcomm products with Android releases from CAF using the Linux kernel can potentially occur in a cameEPSS 0.4%CVE-2018-5848In the function wmi_set_ie(), the length validation code does not handle unsigned integer overflow properly. As a result, a large value of tEPSS 0.4%CVE-2022-40537HIGHImproper Validation of Array Index in Bluetooth HOSTEPSS 0.4%CVE-2017-14879In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, by calling an IPA ioctl and EPSS 0.4%CVE-2017-8233In a camera driver function in all Android releases from CAF using the Linux kernel, a bounds check is missing when writing into an array poEPSS 0.4%CVE-2017-7371In all Android releases from CAF using the Linux kernel, a data pointer is potentially used after it has been freed when SLIMbus is turned oEPSS 0.4%CVE-2022-25706HIGHInformation disclosure in Bluetooth driver due to buffer over-read while reading l2cap length in Snapdragon Auto, Snapdragon Compute, SnapdrEPSS 0.4%CVE-2017-7367In all Android releases from CAF using the Linux kernel, an integer underflow vulnerability exists while processing the boot image.EPSS 0.4%CVE-2017-8234In all Android releases from CAF using the Linux kernel, an out of bounds access can potentially occur in a camera function.EPSS 0.4%CVE-2022-25690HIGHInformation disclosure in WLAN due to improper validation of array index while parsing crafted ANQP action frames in Snapdragon Auto, SnapdrEPSS 0.4%CVE-2017-7365In all Android releases from CAF using the Linux kernel, a buffer overread can occur if a particular string is not NULL terminated.EPSS 0.4%CVE-2022-40510CRITICALBuffer copy without checking size of input in Audio.EPSS 0.4%