Ricoh Company, Ltd. Security Vulnerabilities

CVE-2023-33082 Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN Host

Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO...

CVE-2023-33071 Improper Access Control in Automotive OS Platform Android

Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics...

CVE-2023-28585 Integer Overflow to Buffer Overflow in TZ Secure OS

Memory corruption while loading an ELF segment in TEE...

CVE-2023-28551 Improper Restriction of Operations within the Bounds of a Memory Buffer in UTILS

Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input...

CVE-2023-28546 Buffer Copy Without Checking Size of Input in SPS Applications

Memory Corruption in SPS Application while exporting public key in sorter...

CVE-2023-33117 Use After Free in Audio

Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE...

CVE-2023-33110 Use of Out-of-range Pointer Offset in Audio

The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory...

CVE-2023-33038 Integer Overflow or Wraparound in Radio Interface Layer

Memory corruption while receiving a message in Bus Socket Transport...

CVE-2023-43532 Untrusted Pointer Dereference in Display

Memory corruption while reading ACPI config through the user mode...

CVE-2023-33069 Buffer Copy Without Checking Size of Input in Audio

Memory corruption in Audio while processing the calibration data returned from ACDB...

CVE-2023-33058 Buffer Copy Without Checking Size of Input in Modem

Information disclosure in Modem while processing...

CVE-2023-43552

Memory corruption while processing MBSSID beacon containing several subelement...

CVE-2023-43548

Memory corruption while parsing qcp clip with invalid chunk data...

CVE-2023-33104

Transient DOS while processing PDU Release command with a parameter PDU ID out of...

CVE-2023-43539

Transient DOS while processing an improperly formatted 802.11az Fine Time Measurement protocol...

CVE-2023-33084

Transient DOS while processing IE fragments from server during DTLS...

CVE-2023-33086

Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different...

CVE-2023-33086

Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different...

CVE-2023-33066

Memory corruption in Audio while processing RT proxy port register...

CVE-2023-33078

Information Disclosure while processing IOCTL request in...

CVE-2023-28582

Memory corruption in Data Modem while verifying hello-verify message during the DTLS...

CVE-2023-28578

Memory corruption in Core Services while executing the command for removing a single event...

Interpol Conference Highlights Cyber-Crime Challenges and Solutions

The emergence of cyber-crime, which transcends man-made boundaries, has underscored the urgent need for global cooperation among law enforcement agencies to prevent and solve these crimes, according to a senior Dubai Police official. At the Third International Conference on Interpol for the Middle....

CVE-2023-43546 Use After Free in Automotive Multimedia

Memory corruption while invoking HGSL IOCTL context...

CVE-2023-43541 NULL Pointer Dereference in Windows Graphics

Memory corruption while invoking the SubmitCommands call on Gfx engine during the graphics...

CVE-2023-43540 Buffer Copy Without Checking Size of Input in Bluetooth HOST

Memory corruption while processing the IOCTL FM HCI WRITE...

CVE-2023-33104 Improper input Validation in Multi-Mode Call Processor

Transient DOS while processing PDU Release command with a parameter PDU ID out of...

CVE-2023-33096 Reachable Assertion in Multi-Mode Call Processor

Transient DOS while processing DL NAS Transport message, as specified in 3GPP 24.501...

CVE-2023-28582 Buffer Copy Without Checking Size of Input in Data Modem

Memory corruption in Data Modem while verifying hello-verify message during the DTLS...

JVN#51770585: EC-CUBE vulnerable to authorization bypass

EC-CUBE from EC-CUBE CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains an authorization bypass vulnerability (CWE-639). ## Impact A user of the affected shopping website may obtain other users' information by sending a crafted HTTP request. ## Solution Apply the...

CVE-2023-33061

Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response...

CVE-2023-33061

Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response...

CVE-2023-33048

Transient DOS in WLAN Firmware while parsing t2lm...

CVE-2023-33047

Transient DOS in WLAN Firmware while parsing no-inherit...

CVE-2023-33039

Memory corruption in Automotive Display while destroying the image handle created using connected display...

CVE-2023-33039

Memory corruption in Automotive Display while destroying the image handle created using connected display...

CVE-2023-33031

Memory corruption in Automotive Audio while copying data from ADSP shared buffer to the VOC packet data...

CVE-2023-33029

Memory corruption in DSP Service during a remote call from HLOS to...

CVE-2023-33034

Memory corruption while parsing the ADSP response...

CVE-2023-33019

Transient DOS in WLAN Host while doing channel switch announcement (CSA), when a mobile station receives invalid channel in CSA...

CVE-2023-28577

In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel...

CVE-2023-28573

Memory corruption in WLAN HAL while parsing WMI command...

CVE-2023-28573

Memory corruption in WLAN HAL while parsing WMI command...

CVE-2023-28569

Information disclosure in WLAN HAL while handling command through WMI...

CVE-2023-28570

Memory corruption while processing audio...

CVE-2023-28566

Information disclosure in WLAN HAL while handling the WMI state info...

CVE-2023-28566

Information disclosure in WLAN HAL while handling the WMI state info...

CVE-2023-28563

Information disclosure in IOE Firmware while handling WMI...

CVE-2023-28561

Memory corruption in QESL while processing payload from external ESL device to...

CVE-2023-28557

Memory corruption in WLAN HAL while processing command parameters from untrusted WMI...