Ricoh Company, Ltd. Security Vulnerabilities
Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to...
7.8CVSS
0.0004EPSS
CVE-2022-33260 Stack based buffer overflow in Core
Memory corruption due to stack based buffer overflow in core while sending command from USB of large...
5.9CVSS
8.3AI Score
0.001EPSS
6.7CVSS
8.1AI Score
0.0004EPSS
CVE-2022-33213 Memory Corruption in MODEM
Memory corruption in modem due to buffer overflow while processing a PPP...
7.5CVSS
9.2AI Score
0.001EPSS
CVE-2022-33302 Improper validation of array index in User Identity Module
Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command...
6.8CVSS
8.1AI Score
0.0004EPSS
CVE-2022-33297 Buffer overread in Linux Sensors
Information disclosure due to buffer overread in Linux...
6.8CVSS
6.8AI Score
0.0004EPSS
CVE-2022-33282 Integer overflow to buffer overflow in Automotive Multimedia
Memory corruption in Automotive Multimedia due to integer overflow to buffer overflow during IOCTL calls in video...
8.4CVSS
8.9AI Score
0.0004EPSS
CVE-2022-33231 Double free in Core
Memory corruption due to double free in core while initializing the encryption...
9.3CVSS
9.7AI Score
0.0004EPSS
CVE-2022-25731 Incorrect Calculation of Buffer Size in MODEM
Information disclosure in modem due to buffer over-read while processing packets from DNS...
7.5CVSS
7.7AI Score
0.001EPSS
CVE-2022-25678 Buffer Copy Without Checking Size of Input in MODEM
Memory correction in modem due to buffer overwrite during coap...
9.8CVSS
9.7AI Score
0.001EPSS
CVE-2023-33088 NULL pointer dereference in WLAN Firmware
Memory corruption when processing cmd parameters while parsing...
8.4CVSS
8.8AI Score
0.0004EPSS
CVE-2023-28588 Integer Overflow or Wraparound in Bluetooth Host
Transient DOS in Bluetooth Host while rfc slot...
7.5CVSS
7.7AI Score
0.0005EPSS
CVE-2023-21628 Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN HAL
Memory corruption in WLAN HAL while processing WMI-UTF command or FTM TLV1...
8.4CVSS
8.9AI Score
0.0004EPSS
Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in...
6CVSS
6.6AI Score
0.0004EPSS
CVE-2023-28579 Buffer Copy Without Checking Size of Input in WLAN Host
Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK...
6.7CVSS
7.8AI Score
0.0004EPSS
CVE-2022-40523 Information exposure in Kernel
Information disclosure in Kernel due to indirect branch...
7.1CVSS
7AI Score
0.0004EPSS
CVE-2023-22668 Use After Free in Audio
Memory Corruption in Audio while invoking IOCTLs calls from the...
6.7CVSS
7.8AI Score
0.0004EPSS
CVE-2022-33264 Stack-based buffer overflow in Modem
Memory corruption in modem due to stack based buffer overflow while parsing OTASP Key Generation Request...
7.9CVSS
8.4AI Score
0.001EPSS
CVE-2022-33251 Reachable assertion in Modem
Transient DOS due to reachable assertion in Modem because of invalid network...
7.5CVSS
7.7AI Score
0.001EPSS
CVE-2022-33226 Buffer copy without checking the size of input in Core
Memory corruption due to buffer copy without checking the size of input in Core while processing ioctl commands from diag client...
6.7CVSS
8.2AI Score
0.0004EPSS
CVE-2022-33224 Buffer copy without checking the size of input in Core
Memory corruption in core due to buffer copy without check9ing the size of input while processing ioctl...
6.7CVSS
8.1AI Score
0.0004EPSS
CVE-2023-28542 Buffer Over-read in WLAN HOST
Memory Corruption in WLAN HOST while fetching TX status...
7.8CVSS
7.8AI Score
0.0004EPSS
CVE-2023-21672 Use After Free in Audio
Memory corruption in Audio while running concurrent tunnel playback or during concurrent audio tunnel recording...
8.4CVSS
8.8AI Score
0.0004EPSS
CVE-2023-28576 Time-of-check Time-of-use (TOCTOU) Race Condition in Camera Kernel Driver
The buffer obtained from kernel APIs such as cam_mem_get_cpu_buf() may be readable/writable in userspace after kernel accesses it. In other words, user mode may race and modify the packet header (e.g. header.count), causing checks (e.g. size checks) in kernel code to be invalid. This may lead to...
6.4CVSS
7.1AI Score
0.0004EPSS
CVE-2023-21652 Key Management Errors in HLOS
Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after...
7.7CVSS
7.6AI Score
0.0004EPSS
CVE-2023-21649 Buffer Copy Without Checking Size of Input (`Classic Buffer Overflow`) in WLAN
Memory corruption in WLAN while running doDriverCmd for an unspecific...
6.7CVSS
8.1AI Score
0.0004EPSS
CVE-2023-21647 Improper Input Validation in Bluetooth HOST
Information disclosure in Bluetooth when an GATT packet is received due to improper input...
6.5CVSS
6.6AI Score
0.0005EPSS
CVE-2023-33015 Buffer Over-read in WLAN Firmware
Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon...
7.5CVSS
7.7AI Score
0.0005EPSS
CVE-2023-28584 Improper Authorization in WLAN Host
Transient DOS in WLAN Host when a mobile station receives invalid channel in CSA IE while doing channel switch announcement...
7.5CVSS
7.7AI Score
0.0005EPSS
Memory corruption in WLAN Firmware while parsing receieved GTK Keys in GTK...
9.8CVSS
9.8AI Score
0.001EPSS
CVE-2023-21644 Integer Overflow to Buffer Overflow in RIL
Memory corruption in RIL due to Integer Overflow while triggering qcril_uim_request_apdu...
6.7CVSS
8AI Score
0.0004EPSS
CVE-2023-28539 Buffer Copy Without Checking Size of Input in WLAN Host
Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available...
6.6CVSS
8.1AI Score
0.0004EPSS
CVE-2023-33112 Buffer Over-read in WLAN Firmware
Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA...
7.5CVSS
7.8AI Score
0.0005EPSS
CVE-2023-24844 Improper Access Control in Core
Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address...
8.4CVSS
8.5AI Score
0.0004EPSS
CVE-2023-33056 NULL Pointer dereference in WLAN Firmware
Transient DOS in WLAN Firmware when firmware receives beacon including T2LM...
7.5CVSS
7.8AI Score
0.0005EPSS
CVE-2023-33047 Buffer Over-read in WLAN Firmware
Transient DOS in WLAN Firmware while parsing no-inherit...
7.5CVSS
7.7AI Score
0.0004EPSS
CVE-2023-28568 Buffer Over-read in WLAN HAL
Information disclosure in WLAN HAL when reception status handler is...
6.1CVSS
6.4AI Score
0.0004EPSS
CVE-2023-28566 Buffer Over-read in WLAN HAL
Information disclosure in WLAN HAL while handling the WMI state info...
6.1CVSS
6.4AI Score
0.0004EPSS
CVE-2023-21671 Improper Input Validation in Core
Memory Corruption in Core during syscall for Sectools Fuse comparison...
9.3CVSS
9.5AI Score
0.0004EPSS
CVE-2023-43523 Reachable Assertion in WLAN Firmware
Transient DOS while processing 11AZ RTT management action frame received through...
7.5CVSS
7.8AI Score
0.0005EPSS
CVE-2023-33060 Buffer Over-read in Core
Transient DOS in Core when DDR memory check is called while DDR is not...
7.1CVSS
7.1AI Score
0.0004EPSS
CVE-2023-33057 Improper Input Validation in Multi-Mode Call Processor
Transient DOS in Multi-Mode Call Processor while processing UE policy...
7.5CVSS
7.7AI Score
0.0005EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
7.8CVSS
8.7AI Score
0.0004EPSS
The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory...
7.8CVSS
6.8AI Score
0.0004EPSS
Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from...
7.5CVSS
7.6AI Score
0.0005EPSS
Memory corruption in Graphics Driver when destroying a context with KGSL_GPU_AUX_COMMAND_TIMELINE objects...
8.4CVSS
7.8AI Score
0.0004EPSS
7.5CVSS
0.0004EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
Transient DOS while parsing a vender specific IE (Information Element) of reassociation response management...
7.5CVSS
7.5AI Score
0.0004EPSS