Vulnerabilidades en Qualcomm, Inc.

2934 resultados
Análisis Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2022-40510CRITICALBuffer copy without checking size of input in Audio.EPSS 0.4%CVE-2017-8267In all Qualcomm products with Android releases from CAF using the Linux kernel, a race condition exists in an IOCTL handler potentially leadEPSS 0.4%CVE-2017-15837In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security pEPSS 0.4%CVE-2017-15853In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security pEPSS 0.4%CVE-2025-21480HIGHIncorrect Authorization in Graphics WindowsEPSS 0.4%KEVCVE-2023-33054CRITICALImproper Authentication in GPS HLOS DriverEPSS 0.4%CVE-2024-33069HIGHUse After Free in WLAN HostEPSS 0.4%CVE-2022-33265HIGHInformation exposure in Powerline Communication FirmwareEPSS 0.4%CVE-2023-33058HIGHBuffer Copy Without Checking Size of Input in ModemEPSS 0.4%CVE-2017-8272In all Qualcomm products with Android releases from CAF using the Linux kernel, in a driver function, a value from userspace is not properlyEPSS 0.4%CVE-2017-8271Out of bound memory write can happen in the MDSS Rotator driver in all Qualcomm products with Android releases from CAF using the Linux kernEPSS 0.4%CVE-2017-8256In all Qualcomm products with Android releases from CAF using the Linux kernel, array out of bounds access can occur if userspace sends moreEPSS 0.4%CVE-2017-8261In all Qualcomm products with Android releases from CAF using the Linux kernel, in a camera driver ioctl, a kernel overwrite can potentiallyEPSS 0.4%CVE-2022-33284HIGHBuffer over-read in WLANEPSS 0.4%CVE-2022-25726HIGHBuffer Over-read in MODEMEPSS 0.4%CVE-2022-25730HIGHBuffer Over-read in MODEMEPSS 0.4%CVE-2023-21669HIGHBuffer Over-read in WLAN HOSTEPSS 0.4%CVE-2022-40505HIGHBuffer over-read in ModemEPSS 0.4%CVE-2022-25747HIGHBuffer Over-read in MODEMEPSS 0.4%CVE-2022-25737HIGHUse of Uninitialized Variable in MODEMEPSS 0.4%