Vulnerabilidades en Qualcomm, Inc.

2934 resultados
Análisis Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2026-21381HIGHBuffer Over-read in WLAN FirmwareEPSS 0.1%CVE-2021-1957MEDIUMImproper Access Control when ACL link encryption is failed and ACL link is not disconnected during reconnection with paired device in SnapdrEPSS 0.1%CVE-2021-1912HIGHPossible integer overflow can occur due to improper length check while calculating count and grace period in Snapdragon Auto, Snapdragon ComEPSS 0.1%CVE-2021-35095HIGHImproper serialization of message queue client registration can lead to race condition allowing multiple gunyah message clients to register EPSS 0.1%CVE-2021-30267HIGHPossible integer overflow to buffer overflow due to improper input validation in FTM ARA commands in Snapdragon Auto, Snapdragon Compute, SnEPSS 0.1%CVE-2021-1942CRITICALImproper handling of permissions of a shared memory region can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, Snapdragon EPSS 0.1%CVE-2017-18169User process can perform the kernel DOS in ashmem when doing cache maintenance operation in all Android releases(Android for MSM, Firefox OSEPSS 0.1%CVE-2017-8244In core_info_read and inst_info_read in all Android releases from CAF using the Linux kernel, variable "dbg_buf", "dbg_buf->curr" and "dbg_bEPSS 0.1%CVE-2021-30260HIGHPossible Integer overflow to buffer overflow issue can occur due to improper validation of input parameters when extscan hostlist configuratEPSS 0.1%CVE-2024-38408HIGHCryptographic Issues in BT ControllerEPSS 0.1%CVE-2021-1930MEDIUMPossible out of bounds read due to incorrect validation of incoming buffer length in Snapdragon Auto, Snapdragon Compute, Snapdragon ConnectEPSS 0.1%CVE-2021-30285CRITICALImproper validation of memory region in Hypervisor can lead to incorrect region mapping in Snapdragon Auto, Snapdragon Compute, Snapdragon CEPSS 0.1%CVE-2020-11294MEDIUMOut of bound write in logger due to prefix size is not validated while prepended to logging string in Snapdragon Auto, Snapdragon Compute, SEPSS 0.1%CVE-2017-14873In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, in the pp_pgc_get_config() gEPSS 0.1%CVE-2021-1966MEDIUMPossible buffer overflow due to lack of length check of source and destination buffer before copying in Snapdragon Auto, Snapdragon Compute,EPSS 0.1%CVE-2021-30262HIGHImproper validation of a socket state when socket events are being sent to clients can lead to invalid access of memory in Snapdragon Auto, EPSS 0.1%CVE-2021-30318HIGHImproper validation of input when provisioning the HDCP key can lead to memory corruption in Snapdragon Auto, Snapdragon Compute, SnapdragonEPSS 0.1%CVE-2021-30297HIGHPossible out of bound read due to improper validation of packet length while handling data transfer in VR service in Snapdragon Auto, SnapdrEPSS 0.1%CVE-2021-1928MEDIUMBuffer over read could occur due to incorrect check of buffer size while flashing emmc devices in Snapdragon Connectivity, Snapdragon ConsumEPSS 0.1%CVE-2021-1985HIGHPossible buffer over read due to lack of data length check in QVR Service configuration in Snapdragon Auto, Snapdragon Compute, Snapdragon CEPSS 0.1%