Vulnerabilidades em Qualcomm, Inc.

2.934 resultados
Análise Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2022-22062HIGHAn out-of-bounds read can occur while parsing a server certificate due to improper length check in Snapdragon Auto, Snapdragon Compute, SnapEPSS 0.3%CVE-2017-8257In all Qualcomm products with Android releases from CAF using the Linux kernel, when accessing the sde_rotator debug interface for register EPSS 0.3%CVE-2022-25674MEDIUMCryptographic issues in WLAN during the group key handshake of the WPA/WPA2 protocol in Snapdragon Consumer IOT, Snapdragon Industrial IOT, EPSS 0.3%CVE-2020-11269Possible memory corruption while processing EAPOL frames due to lack of validation of key length before using it in Snapdragon Auto, SnapdraEPSS 0.3%CVE-2019-14088Possible use after free issue while CRM is accessing the link pointer from device private data due to lack of resource protection in SnapdraEPSS 0.3%CVE-2025-21459HIGHBuffer Over-read in WLAN Host CommunicationEPSS 0.3%CVE-2017-8235In all Android releases from CAF using the Linux kernel, a memory structure in a camera driver is not properly protected.EPSS 0.3%CVE-2017-18295Possible buffer overflow if input is not null terminated in DSP Service module in Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear EPSS 0.3%CVE-2017-18303While processing the sensors registry configuration file, if inputs are not validated a buffer overflow will occur in Snapdragon Automobile,EPSS 0.3%CVE-2024-33013HIGHBuffer Over-read in WLAN HostEPSS 0.3%CVE-2024-33015HIGHBuffer Over-read in WLAN HostEPSS 0.3%CVE-2024-33012HIGHBuffer Over-read in WLAN HostEPSS 0.3%CVE-2024-33011HIGHBuffer Over-read in WLAN HostEPSS 0.3%CVE-2021-35123HIGHBuffer copy in GATT multi notification due to improper length check for the data coming over-the-air in Snapdragon Connectivity, Snapdragon EPSS 0.3%CVE-2024-33026HIGHBuffer Over-read in WLAN HostEPSS 0.3%CVE-2024-33010HIGHUse After Free in WLAN HostEPSS 0.3%CVE-2024-33020HIGHBuffer Over-read in WLAN HOSTEPSS 0.3%CVE-2024-33024HIGHInteger Overflow or Wraparound in WLAN HostEPSS 0.3%CVE-2024-33019HIGHBuffer Over-read in WLAN HostEPSS 0.3%CVE-2024-33025HIGHBuffer Over-read in WLAN HostEPSS 0.3%