CVSS: 7.8EPSS: 0%CPEs: 294EXPL: 0CVE-2023-33040 – Buffer Over-read in Data Modem
https://notcve.org/view.php?id=CVE-2023-33040
02 Jan 2024 — Transient DOS in Data Modem during DTLS handshake. DOS transitorio en el módem de datos durante el protocolo de enlace DTLS. • https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin • CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 294EXPL: 0CVE-2023-33038 – Integer Overflow or Wraparound in Radio Interface Layer
https://notcve.org/view.php?id=CVE-2023-33038
02 Jan 2024 — Memory corruption while receiving a message in Bus Socket Transport Server. Corrupción de la memoria al recibir un mensaje en Bus Socket Transport Server. • https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin • CWE-190: Integer Overflow or Wraparound CWE-787: Out-of-bounds Write •
CVSS: 7.1EPSS: 0%CPEs: 166EXPL: 0CVE-2023-33037 – Cryptographic Issues in Automotive
https://notcve.org/view.php?id=CVE-2023-33037
02 Jan 2024 — Cryptographic issue in Automotive while unwrapping the key secs2d and verifying with RPMB data. Problema criptográfico en Automotive al desenvolver la clave secs2d y verificar con datos de RPMB. • https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin • CWE-310: Cryptographic Issues CWE-311: Missing Encryption of Sensitive Data •
CVSS: 8.4EPSS: 0%CPEs: 534EXPL: 0CVE-2023-33033 – Use of Out-of-range Pointer Offset in Audio
https://notcve.org/view.php?id=CVE-2023-33033
02 Jan 2024 — Memory corruption in Audio during playback with speaker protection. Corrupción de la memoria en audio durante la reproducción con protección de altavoz. • https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin • CWE-787: Out-of-bounds Write CWE-823: Use of Out-of-range Pointer Offset •
CVSS: 9.3EPSS: 0%CPEs: 602EXPL: 0CVE-2023-33030 – Buffer Copy without Checking Size of Input in HLOS
https://notcve.org/view.php?id=CVE-2023-33030
02 Jan 2024 — Memory corruption in HLOS while running playready use-case. Corrupción de la memoria en HLOS mientras se ejecuta el caso de uso de PlayReady. • https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 0%CPEs: 48EXPL: 0CVE-2023-33025 – Buffer Copy without Checking Size of Input in Data Modem
https://notcve.org/view.php?id=CVE-2023-33025
02 Jan 2024 — Memory corruption in Data Modem when a non-standard SDP body, during a VOLTE call. Corrupción de la memoria en el módem de datos cuando un cuerpo SDP no estándar, durante una llamada VOLTE. • https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.6EPSS: 0%CPEs: 74EXPL: 0CVE-2023-33014 – Improper Input Validation in Services
https://notcve.org/view.php?id=CVE-2023-33014
02 Jan 2024 — Information disclosure in Core services while processing a Diag command. Divulgación de información en servicios principales mientras se procesa un comando Diag. • https://www.qualcomm.com/company/product-security/bulletins/january-2024-bulletin • CWE-20: Improper Input Validation •
CVSS: 8.4EPSS: 0%CPEs: 264EXPL: 0CVE-2023-33029 – Use After Free in DSP Service
https://notcve.org/view.php?id=CVE-2023-33029
03 Oct 2023 — Memory corruption in DSP Service during a remote call from HLOS to DSP. Corrupción de la memoria en el servicio DSP durante una llamada remota de HLOS a DSP. • https://www.qualcomm.com/company/product-security/bulletins/october-2023-bulletin • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 144EXPL: 0CVE-2023-28584 – Improper Authorization in WLAN Host
https://notcve.org/view.php?id=CVE-2023-28584
05 Sep 2023 — Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement (CSA). Un ataque de denegación de servicio (DOS) en WLAN host cuando una estación móvil recibe un canal no válido en CSA IE mientras realiza el anuncio de cambio de canal (CSA). • https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin • CWE-285: Improper Authorization •
CVSS: 7.8EPSS: 0%CPEs: 584EXPL: 0CVE-2023-28567 – Improper Validation of Array Index in WLAN HAL
https://notcve.org/view.php?id=CVE-2023-28567
05 Sep 2023 — Memory corruption in WLAN HAL while handling command through WMI interfaces. Corrupción de memoria en WLAN HAL al manejar flujos de comandos a través de interfaces WMI. • https://www.qualcomm.com/company/product-security/bulletins/september-2023-bulletin • CWE-129: Improper Validation of Array Index CWE-787: Out-of-bounds Write •