Vulnerabilidades em Qualcomm, Inc.

2.934 resultados
Análise Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2023-43534HIGHUse of Out-of-range Pointer Offset in WLAN HOSTEPSS 0.3%CVE-2023-43548HIGHBuffer Copy Without Checking Size of Input in VideoEPSS 0.3%CVE-2024-23359HIGHBuffer Over-read in Multi Mode Call ProcessorEPSS 0.3%CVE-2023-43520HIGHStack-based Buffer Overflow in WLAN HOSTEPSS 0.3%CVE-2025-27066HIGHReachable Assertion in WLAN FirmwareEPSS 0.3%CVE-2024-23358HIGHBuffer Over-read in Multi Mode Call ProcessorEPSS 0.3%CVE-2024-23363HIGHBuffer Over-read in WLAN FirmwareEPSS 0.3%CVE-2020-3679u'During execution after Address Space Layout Randomization is turned on for QTEE, part of code is still mapped at known address including cEPSS 0.3%CVE-2024-21467MEDIUMBuffer Over-read in WLAN Host CommunicationEPSS 0.3%CVE-2024-21459MEDIUMBuffer Over-read in WLAN HOSTEPSS 0.3%CVE-2017-18293When a particular GPIO is protected by blocking access to the corresponding GPIO resource registers, the protection can be bypassed using thEPSS 0.3%CVE-2018-5917Possible buffer overflow in OEM crypto function due to improper input validation in Snapdragon Automobile, Snapdragon Mobile in versions MSMEPSS 0.3%CVE-2018-5867Lack of checking input size can lead to buffer overflow In WideVine in snapdragon automobile, snapdragon mobile and snapdragon wear in versiEPSS 0.3%CVE-2018-5868Lack of checking input size can lead to buffer overflow In WideVine in snapdragon automobile and snapdragon mobile in versions MSM8996AU, SDEPSS 0.3%CVE-2017-18294While reading file class type from ELF header, a buffer overread may happen if the ELF file size is less than the size of ELF64 header size EPSS 0.3%CVE-2017-18298Lack of Input Validation in SDMX API can lead to NULL pointer access in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear in versEPSS 0.3%CVE-2017-18296Access control on applications is not applied while accessing SafeSwitch services can lead to improper access in Snapdragon Automobile, SnapEPSS 0.3%CVE-2017-18282Non-secure SW can cause SDCC to generate secure bus accesses, which may expose RPM access in Snapdragon Mobile, Snapdragon Wear in version MEPSS 0.3%CVE-2017-18304Insufficient memory allocation in boot due to incorrect size being passed could result in out of bounds access in Small Cell SoC, SnapdragonEPSS 0.3%CVE-2017-18297Double memory free while closing TEE SE API Session management in Snapdragon Mobile in version SD 425, SD 430, SD 450, SD 625, SD 650/52, SDEPSS 0.3%