Vulnerabilidades en Qualcomm, Inc.

2934 resultados
Análisis Vexday

Com 2.934 CVEs catalogadas, a Qualcomm apresenta um volume expressivo de vulnerabilidades, reflexo da amplitude de seu portfólio de chipsets e firmware embarcado. A taxa de exploração ativa — 12 entradas no catálogo KEV da CISA, ou 0,41% do total — está em linha com a média geral do catálogo, indicando que o risco de exploração confirmada não foge do padrão da indústria, embora 94 falhas de severidade crítica representem uma superfície de ataque relevante para equipes de segurança que dependem de componentes Qualcomm em ambientes móveis, automotivos ou de IoT. A CVE mais perigosa atualmente em exploração ativa, CVE-2020-11261, apresenta EPSS de 0,0177, sugerindo probabilidade de exploração adicional relativamente baixa no curto prazo, mas sua presença no KEV exige atenção imediata em qualquer inventário de ativos afetados. O surgimento de 49 novas CVEs nos últimos 90 dias e a disponibilidade de PoCs públicas para 3 vulnerabilidades reforçam a necessidade de ciclos contínuos de atualização de firmware e monitoramento ativo de patches liberados pelo fabricante.

CVE-2018-11876Lack of input validation while copying to buffer in WLAN will lead to a buffer overflow in Snapdragon Mobile in version SD 835, SD 845, SD 8EPSS 0.2%CVE-2018-11874Buffer overflow if the length of passphrase is more than 32 when setting up secure NDP connection in Snapdragon Mobile in version SD 835, SDEPSS 0.2%CVE-2018-11884Improper input validation leads to buffer overflow while processing network list offload command in WLAN function in Snapdragon Mobile in veEPSS 0.2%CVE-2018-11998While processing a packet decode request in MQTT, Race condition can occur leading to an out-of-bounds access in snapdragon mobile and snapdEPSS 0.2%CVE-2017-18280In Snapdragon (Automobile, Mobile, Wear) in version MDM9607, MSM8909W, MSM8996AU, SD 210/SD 212/SD 205, SD 425, SD 427, SD 430, SD 435, SD 4EPSS 0.2%CVE-2018-11258In ADSP RPC in Snapdragon Automobile, Snapdragon Mobile and Snapdragon Wear, a Use After Free condition can occur in versions MDM9206, MDM96EPSS 0.2%CVE-2024-33068HIGHUse After Free in WLAN Host CommunicationEPSS 0.2%CVE-2024-38405HIGHBuffer Over-read in WLAN HostEPSS 0.2%CVE-2018-11872Improper input validation leads to buffer overwrite in the WLAN function that handles WMI commands in Snapdragon Mobile in version SD 845, SEPSS 0.2%CVE-2017-14904In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, a crafted binder request canEPSS 0.2%CVE-2018-11880Incorrect bound check can lead to potential buffer overwrite in WLAN function in Snapdragon Mobile in version SD 835, SD 845, SD 850, SDA660EPSS 0.2%CVE-2024-38403HIGHBuffer Over-read in WLAN FirmwareEPSS 0.2%CVE-2024-23385HIGHReachable Assertion in ModemEPSS 0.2%CVE-2023-43555HIGHBuffer Over-read in VideoEPSS 0.2%CVE-2022-33252HIGHBuffer over-read in WLANEPSS 0.2%CVE-2025-21484HIGHBuffer Over-read in Data Network Stack & ConnectivityEPSS 0.2%CVE-2018-5877In the device programmer target-side code for firehose, a string may not be properly NULL terminated can lead to a incorrect buffer size in EPSS 0.2%CVE-2025-21487HIGHBuffer Over-read in Data Network Stack & ConnectivityEPSS 0.2%CVE-2018-5870While loading a service image, an untrusted pointer dereference can occur in Snapdragon Mobile in versions SD 835, SDA660, SDX24.EPSS 0.2%CVE-2017-18329Possible Buffer overflow when transmitting an RTP packet in snapdragon automobile and snapdragon wear in versions MDM9615, MDM9625, MDM9635MEPSS 0.2%