CVSS: 6.8EPSS: 0%CPEs: 29EXPL: 0CVE-2024-33016 – Improper Restriction of Operations within the Bounds of a Memory Buffer in Storage
https://notcve.org/view.php?id=CVE-2024-33016
memory corruption when an invalid firehose patch command is invoked. • https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 19EXPL: 0CVE-2024-23362 – Improper Input Validation in Trusted Execution Environment
https://notcve.org/view.php?id=CVE-2024-23362
Cryptographic issue while parsing RSA keys in COBR format. • https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html • CWE-20: Improper Input Validation •
CVSS: 8.2EPSS: 0%CPEs: 15EXPL: 0CVE-2024-23359 – Buffer Over-read in Multi Mode Call Processor
https://notcve.org/view.php?id=CVE-2024-23359
Information disclosure while decoding Tracking Area Update Accept or Attach Accept message received from network. • https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html • CWE-126: Buffer Over-read •
CVSS: 7.5EPSS: 0%CPEs: 44EXPL: 0CVE-2024-23353 – Buffer Over-read in Multi Mode Call Processor
https://notcve.org/view.php?id=CVE-2024-23353
Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI. • https://docs.qualcomm.com/product/publicresources/securitybulletin/august-2024-bulletin.html • CWE-126: Buffer Over-read •
CVSS: 9.1EPSS: 0%CPEs: 45EXPL: 0CVE-2023-43551 – Improper Authentication in Multi-Mode Call Processor
https://notcve.org/view.php?id=CVE-2023-43551
Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. Problema criptográfico al realizar la conexión con una red LTE, una estación base no autorizada puede omitir la fase de autenticación y enviar inmediatamente el comando del modo de seguridad. • https://docs.qualcomm.com/product/publicresources/securitybulletin/june-2024-bulletin.html • CWE-287: Improper Authentication •