CVSS: 7.8EPSS: 0%CPEs: 456EXPL: 0CVE-2023-28549 – Improper Restriction of Operations within the Bounds of a Memory Buffer in WLAN HAL
https://notcve.org/view.php?id=CVE-2023-28549
05 Sep 2023 — Memory corruption in WLAN HAL while parsing Rx buffer in processing TLV payload. Corrupción de memoria en WLAN HAL al analizar el búfer Rx en el procesamiento del payload TLV. • https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.4EPSS: 0%CPEs: 518EXPL: 0CVE-2022-33275 – Improper validation of array index in WLAN HAL
https://notcve.org/view.php?id=CVE-2022-33275
05 Sep 2023 — Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of range. Corrupción de memoria debido a la validación incorrecta del índice de matriz en WLAN HAL cuando se recibe "lm_itemNum" estando fuera de rango. • https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin • CWE-129: Improper Validation of Array Index •
CVSS: 8.4EPSS: 0%CPEs: 366EXPL: 0CVE-2023-28537 – Integer Overflow or Wraparound in Audio
https://notcve.org/view.php?id=CVE-2023-28537
08 Aug 2023 — Memory corruption while allocating memory in COmxApeDec module in Audio. Corrupción de memoria al asignar memoria en el módulo COmxApeDec en Audio. • https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 368EXPL: 1CVE-2023-21670 – Improper Access control in GPU Subsystem
https://notcve.org/view.php?id=CVE-2023-21670
06 Jun 2023 — Memory Corruption in GPU Subsystem due to arbitrary command execution from GPU in privileged mode. Qualcomm Adreno/KGSL suffers from an issue where code in user-writable mapping is executed in non-protected mode. • https://packetstorm.news/files/id/173296 • CWE-284: Improper Access Control CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 540EXPL: 0CVE-2023-21659 – Buffer Over-read in WLAN Firmware
https://notcve.org/view.php?id=CVE-2023-21659
06 Jun 2023 — Transient DOS in WLAN Firmware while processing frames with missing header fields. • https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin • CWE-125: Out-of-bounds Read CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 162EXPL: 0CVE-2022-40536 – Improper authentication in Modem
https://notcve.org/view.php?id=CVE-2022-40536
06 Jun 2023 — Transient DOS due to improper authentication in modem while receiving plain TLB OTA request message from network. • https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 484EXPL: 0CVE-2022-40521 – Improper authorization in Modem
https://notcve.org/view.php?id=CVE-2022-40521
06 Jun 2023 — Transient DOS due to improper authorization in Modem • https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin • CWE-285: Improper Authorization CWE-287: Improper Authentication •
CVSS: 8.4EPSS: 3%CPEs: 484EXPL: 0CVE-2022-40507 – Double free in Core
https://notcve.org/view.php?id=CVE-2022-40507
06 Jun 2023 — Memory corruption due to double free in Core while mapping HLOS address to the list. • https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin • CWE-415: Double Free •
CVSS: 7.9EPSS: 0%CPEs: 484EXPL: 0CVE-2022-33264 – Stack-based buffer overflow in Modem
https://notcve.org/view.php?id=CVE-2022-33264
06 Jun 2023 — Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request Message. • https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 148EXPL: 0CVE-2022-33251 – Reachable assertion in Modem
https://notcve.org/view.php?id=CVE-2022-33251
06 Jun 2023 — Transient DOS due to reachable assertion in Modem because of invalid network configuration. • https://www.qualcomm.com/company/product-security/bulletins/june-2023-bulletin • CWE-617: Reachable Assertion •