CVSS: 5.5EPSS: 0%CPEs: 20EXPL: 0CVE-2024-43046 – Information Exposure in TZ Secure OS
https://notcve.org/view.php?id=CVE-2024-43046
07 Apr 2025 — There may be information disclosure during memory re-allocation in TZ Secure OS. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2025-bulletin.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 19EXPL: 0CVE-2024-38426 – Improper Authentication in Modem
https://notcve.org/view.php?id=CVE-2024-38426
03 Mar 2025 — While processing the authentication message in UE, improper authentication may lead to information disclosure. • https://docs.qualcomm.com/product/publicresources/securitybulletin/march-2025-bulletin.html • CWE-287: Improper Authentication •
CVSS: 8.4EPSS: 0%CPEs: 46EXPL: 0CVE-2024-33056 – Buffer Over-read in MProc
https://notcve.org/view.php?id=CVE-2024-33056
02 Dec 2024 — Memory corruption when allocating and accessing an entry in an SMEM partition continuously. Corrupción de memoria al asignar y acceder a una entrada en una partición SMEM de forma continua. • https://docs.qualcomm.com/product/publicresources/securitybulletin/december-2024-bulletin.html • CWE-126: Buffer Over-read •
CVSS: 7.2EPSS: 0%CPEs: 29EXPL: 0CVE-2024-33016 – Improper Restriction of Operations within the Bounds of a Memory Buffer in Storage
https://notcve.org/view.php?id=CVE-2024-33016
02 Sep 2024 — memory corruption when an invalid firehose patch command is invoked. • https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 19EXPL: 0CVE-2024-23362 – Improper Input Validation in Trusted Execution Environment
https://notcve.org/view.php?id=CVE-2024-23362
02 Sep 2024 — Cryptographic issue while parsing RSA keys in COBR format. • https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html • CWE-20: Improper Input Validation •
CVSS: 8.5EPSS: 0%CPEs: 15EXPL: 0CVE-2024-23359 – Buffer Over-read in Multi Mode Call Processor
https://notcve.org/view.php?id=CVE-2024-23359
02 Sep 2024 — Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network. • https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html • CWE-126: Buffer Over-read •
CVSS: 7.8EPSS: 0%CPEs: 44EXPL: 0CVE-2024-23353 – Buffer Over-read in Multi Mode Call Processor
https://notcve.org/view.php?id=CVE-2024-23353
05 Aug 2024 — Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI. • https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html • CWE-126: Buffer Over-read •
CVSS: 9.4EPSS: 0%CPEs: 45EXPL: 0CVE-2023-43551 – Improper Authentication in Multi-Mode Call Processor
https://notcve.org/view.php?id=CVE-2023-43551
03 Jun 2024 — Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. Problema criptográfico al realizar la conexión con una red LTE, una estación base no autorizada puede omitir la fase de autenticación y enviar inmediatamente el comando del modo de seguridad. • https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 17EXPL: 0CVE-2023-43542 – Buffer Copy Without Checking Size of Input in Trusted Execution Environment
https://notcve.org/view.php?id=CVE-2023-43542
03 Jun 2024 — Memory corruption while copying a keyblob`s material when the key material`s size is not accurately checked. Corrupción de la memoria al copiar el material de un keyblob cuando el tamaño del material de la clave no se verifica con precisión. • https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 8.4EPSS: 0%CPEs: 47EXPL: 0CVE-2023-28547 – Buffer Copy Without Checking Size of Input in SPS Applications
https://notcve.org/view.php?id=CVE-2023-28547
01 Apr 2024 — Memory corruption in SPS Application while requesting for public key in sorter TA. Corrupción de la memoria en la aplicación SPS al solicitar la clave pública en el clasificador TA. • https://docs.qualcomm.com/product/publicresources/securitybulletin/april-2024-bulletin.html • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •