CVSS: 7.8EPSS: 0%CPEs: 456EXPL: 0CVE-2023-28549 – Improper Restriction of Operations within the Bounds of a Memory Buffer in WLAN HAL
https://notcve.org/view.php?id=CVE-2023-28549
05 Sep 2023 — Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload. Corrupción de memoria en WLAN HAL al analizar el búfer Rx en el procesamiento del payload TLV. • https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 372EXPL: 0CVE-2023-28548 – Improper Validation of Array Index in WLAN HAL
https://notcve.org/view.php?id=CVE-2023-28548
05 Sep 2023 — Memory corruption in WLAN HAL while processing Tx/Rx commands from QDART. Corrupción de memoria en WLAN HAL al procesar comandos Tx/Rx desde QDART. • https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin • CWE-129: Improper Validation of Array Index •
CVSS: 7.8EPSS: 0%CPEs: 418EXPL: 0CVE-2023-28544 – Buffer Copy without Checking the Size of Input in WLAN Firmware
https://notcve.org/view.php?id=CVE-2023-28544
05 Sep 2023 — Memory corruption in WLAN while sending transmit command from HLOS to UTF handlers. Corrupción de memoria en WLAN al enviar comandos de transmisión desde HLOS a controladores UTF. • https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.4EPSS: 0%CPEs: 260EXPL: 0CVE-2023-28538 – Stack-based Buffer Overflow in WIN Product
https://notcve.org/view.php?id=CVE-2023-28538
05 Sep 2023 — Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region. Corrupción de la memoria en el producto WIN al invocar el controlador de actualización WinAcpi en la región UEFI. • https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 450EXPL: 0CVE-2022-33302 – Improper validation of array index in User Identity Module
https://notcve.org/view.php?id=CVE-2022-33302
04 Apr 2023 — Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length. • https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin • CWE-129: Improper Validation of Array Index •
CVSS: 9.3EPSS: 0%CPEs: 202EXPL: 0CVE-2022-33269 – Integer overflow or wraparound in Core
https://notcve.org/view.php?id=CVE-2022-33269
04 Apr 2023 — Memory corruption due to integer overflow or wraparound in Core while DDR memory assignment. • https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 0%CPEs: 438EXPL: 0CVE-2022-33231 – Double free in Core
https://notcve.org/view.php?id=CVE-2022-33231
04 Apr 2023 — Memory corruption due to double free in core while initializing the encryption key. • https://www.qualcomm.com/company/product-security/bulletins/april-2023-bulletin • CWE-415: Double Free •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2021-25480
https://notcve.org/view.php?id=CVE-2021-25480
06 Oct 2021 — A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile network connection. Una falta de protección contra ataques de repetición en el proceso de mensajes GUTI REALLOCATION COMMAND del módem Qualcomm versiones anteriores a SMR Oct-2021 Release 1, puede conllevar a una denegación de servicio remota en la conexión de red móvil • https://security.samsungmobile.com/securityUpdate.smsb?year=2021&month=10 • CWE-294: Authentication Bypass by Capture-replay •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-3687
https://notcve.org/view.php?id=CVE-2020-3687
21 Jan 2021 — Local privilege escalation in admin services in Windows environment can occur due to an arbitrary read issue. Una escalada de privilegios local en los servicios de administración en el entorno de Windows puede ocurrir debido a un problema de lectura arbitraria • https://www.qualcomm.com/company/product-security/bulletins/december-2020-bulletin • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 2%CPEs: 1EXPL: 1CVE-2020-25858
https://notcve.org/view.php?id=CVE-2020-25858
15 Oct 2020 — The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not validate the return value of a strstr() or strchr() call in the Tokenizer() function. An attacker who invokes the web interface with a crafted URL can crash the process, causing denial of service. This version of QCMAP is used in many kinds of networking devices, primarily mobile hotspots and LTE routers. El binario QCMAP_Web_CLIENT en la suite de software Qualcomm QCMAP anteriores a las vers... • http://vdoo.com/blog/qualcomm-qcmap-vulnerabilities • CWE-476: NULL Pointer Dereference •