CVSS: 8.4EPSS: 0%CPEs: 190EXPL: 0CVE-2023-33092 – Buffer Copy Without Checking Size of Input in Bluetooth HOST
https://notcve.org/view.php?id=CVE-2023-33092
05 Dec 2023 — Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size. Corrupción de la memoria al procesar la respuesta del PIN en Bluetooth, cuando el código PIN recibido desde la capa de la APLICACIÓN es mayor que el tamaño esperado. • https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 732EXPL: 0CVE-2023-33080 – Buffer over-read in WLAN Firmware
https://notcve.org/view.php?id=CVE-2023-33080
05 Dec 2023 — Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management frame. DOS transitorio mientras se analiza un IE (elemento de información) específico del fabricante del frame de gestión de respuesta de reasociación. • https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 562EXPL: 0CVE-2023-33063 – Qualcomm Multiple Chipsets Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2023-33063
05 Dec 2023 — Memory corruption in DSP Services during a remote call from HLOS to DSP. Corrupción de la memoria en los servicios DSP durante una llamada remota de HLOS a DSP. Multiple Qualcomm chipsets contain a use-after-free vulnerability due to memory corruption in DSP Services during a remote call from HLOS to DSP. • https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin • CWE-416: Use After Free •
CVSS: 9.4EPSS: 0%CPEs: 336EXPL: 0CVE-2023-33054 – Improper Authentication in GPS HLOS Driver
https://notcve.org/view.php?id=CVE-2023-33054
05 Dec 2023 — Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance data. Problema criptográfico en el controlador GPS HLOS al descargar datos de asistencia GNSS de Qualcomm. • https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 142EXPL: 0CVE-2023-33024 – Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in Radio Interface Layer
https://notcve.org/view.php?id=CVE-2023-33024
05 Dec 2023 — Memory corruption while sending SMS from AP firmware. Corrupción de la memoria al enviar SMS desde el firmware AP. • https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 526EXPL: 0CVE-2023-33018 – Integer Overflow to Buffer Overflow in User Identity Module
https://notcve.org/view.php?id=CVE-2023-33018
05 Dec 2023 — Memory corruption while using the UIM diag command to get the operators name. Corrupción de la memoria al utilizar el comando diag de User Identity Module (UIM) para obtener el nombre del operador. • https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin • CWE-190: Integer Overflow or Wraparound CWE-680: Integer Overflow to Buffer Overflow •
CVSS: 7.8EPSS: 0%CPEs: 554EXPL: 0CVE-2023-33017 – Buffer Copy Without Checking Size of Input in Boot
https://notcve.org/view.php?id=CVE-2023-33017
05 Dec 2023 — Memory corruption in Boot while running a ListVars test in UEFI Menu during boot. Corrupción de la memoria en el arranque mientras se ejecuta una prueba ListVars en el menú UEFI durante el arranque. • https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.8EPSS: 0%CPEs: 428EXPL: 2CVE-2023-28588 – Integer Overflow or Wraparound in Bluetooth Host
https://notcve.org/view.php?id=CVE-2023-28588
05 Dec 2023 — Transient DOS in Bluetooth Host while rfc slot allocation. DOS transitorio en el host Bluetooth mientras se asigna la ranura RFC. • https://github.com/Trinadh465/CVE-2023-28588 • CWE-190: Integer Overflow or Wraparound •
CVSS: 6.5EPSS: 0%CPEs: 626EXPL: 0CVE-2023-28586 – Improper Restriction of Operation within the Bounds of a Memory Buffer in TZ Secure OS
https://notcve.org/view.php?id=CVE-2023-28586
05 Dec 2023 — Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. Divulgación de información cuando se accede a las direcciones de símbolos de metadatos de la aplicación confiable mientras se carga un ELF en TEE. • https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 496EXPL: 0CVE-2023-28551 – Improper Restriction of Operations within the Bounds of a Memory Buffer in UTILS
https://notcve.org/view.php?id=CVE-2023-28551
05 Dec 2023 — Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments. Corrupción de la memoria en UTILS cuando el módem procesa comandos Diag específicos de la memoria que tienen valores de dirección arbitrarios como argumentos de entrada. • https://www.qualcomm.com/company/product-security/bulletins/december-2023-bulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-787: Out-of-bounds Write •