CVE-2023-28538 – Stack-based Buffer Overflow in WIN Product
https://notcve.org/view.php?id=CVE-2023-28538
Memory corruption in WIN Product while invoking WinAcpi update driver in the UEFI region. Corrupción de la memoria en el producto WIN al invocar el controlador de actualización WinAcpi en la región UEFI. • https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2022-33275 – Improper validation of array index in WLAN HAL
https://notcve.org/view.php?id=CVE-2022-33275
Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range. Corrupción de memoria debido a la validación incorrecta del índice de matriz en WLAN HAL cuando se recibe "lm_itemNum" estando fuera de rango. • https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin • CWE-129: Improper Validation of Array Index •
CVE-2023-21626 – Improper Authentication in HLOS.
https://notcve.org/view.php?id=CVE-2023-21626
Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key. Problema criptográfico en HLOS debido a una autenticación incorrecta al realizar comprobaciones de velocidad de clave utilizando más de una clave. • https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin • CWE-287: Improper Authentication CWE-320: Key Management Errors •
CVE-2022-40510 – Buffer copy without checking size of input in Audio.
https://notcve.org/view.php?id=CVE-2022-40510
Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder. Corrupción de memoria debida a la copia del búfer sin comprobar el tamaño de la entrada en Audio durante una llamada de voz con el vocoder EVS. • https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin • CWE-457: Use of Uninitialized Variable CWE-787: Out-of-bounds Write •
CVE-2023-21631 – Improper Input Validation in Modem
https://notcve.org/view.php?id=CVE-2023-21631
Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network. • https://www.qualcomm.com/company/product-security/bulletins/july-2023-bulletin • CWE-20: Improper Input Validation •