Ricoh Company, Ltd. Security Vulnerabilities
CVE-2022-33240 Incorrect type conversion or cast in Audio
Memory corruption in Audio due to incorrect type cast during audio...
6.7CVSS
8AI Score
0.0004EPSS
CVE-2023-28541 Buffer Over-read in WLAN Host
Memory Corruption in Data Modem while processing DMA buffer release event about CFR...
7.8CVSS
8AI Score
0.0004EPSS
CVE-2023-24854 Stack-based Buffer Overflow in WLAN HOST
Memory Corruption in WLAN HOST while parsing QMI WLAN Firmware response...
7.8CVSS
7.8AI Score
0.0005EPSS
CVE-2023-24851 Buffer Copy Without Checking Size of Input in WLAN HOST
Memory Corruption in WLAN HOST while parsing QMI response message from...
7.8CVSS
7.8AI Score
0.001EPSS
CVE-2023-22386 Buffer Copy Without Checking Size of Input in WLAN HOST
Memory Corruption in WLAN HOST while processing WLAN FW request to allocate...
7.8CVSS
7.8AI Score
0.0004EPSS
CVE-2023-21638 Incorrect Type Conversion or Cast in Video
Memory corruption in Video while calling APIs with different instance ID than the one received in...
6.7CVSS
8AI Score
0.0004EPSS
CVE-2023-22666 Integer Overflow or Wraparound in Audio
Memory Corruption in Audio while playing amrwbplus clips with modified...
8.4CVSS
8.6AI Score
0.0004EPSS
CVE-2023-33021 Use After Free in Graphics
Memory corruption in Graphics while processing user packets for command...
8.4CVSS
8.9AI Score
0.0004EPSS
CVE-2023-33020 Improper Authorization in WLAN Host
Transient DOS in WLAN Host when an invalid channel (like channel out of range) is received in STA during CSA...
7.5CVSS
7.8AI Score
0.0005EPSS
CVE-2023-28567 Improper Validation of Array Index in WLAN HAL
Memory corruption in WLAN HAL while handling command through WMI...
7.8CVSS
8.1AI Score
0.0004EPSS
CVE-2023-28559 Buffer Copy Without Checking Size of Input in WLAN HAL
Memory corruption in WLAN FW while processing command parameters from untrusted WMI...
7.8CVSS
8.1AI Score
0.0004EPSS
Memory Corruption in Core Platform while printing the response buffer in...
7.8CVSS
8AI Score
0.0004EPSS
CVE-2023-21655 Integer Overflow or Wraparound in Display
Memory corruption in Audio while validating and mapping...
6.7CVSS
8.1AI Score
0.0004EPSS
CVE-2022-33275 Improper validation of array index in WLAN HAL
Memory corruption due to improper validation of array index in WLAN HAL when received lm_itemNum is out of...
8.4CVSS
8.7AI Score
0.0004EPSS
CVE-2023-33039 Use After Free in Automotive Display
Memory corruption in Automotive Display while destroying the image handle created using connected display...
8.4CVSS
8.7AI Score
0.0004EPSS
CVE-2023-33035 Buffer Copy Without Checking Size of Input in Audio
Memory corruption while invoking callback function of AFE from...
7.8CVSS
8.1AI Score
0.0004EPSS
CVE-2023-24853 Improper Input Validation in HLOS
Memory Corruption in HLOS while registering for key provisioning...
8.4CVSS
8.6AI Score
0.0004EPSS
CVE-2023-24849 Buffer Over-read in Data Modem
Information Disclosure in data Modem while parsing an FMTP line in an SDP...
8.2CVSS
8.2AI Score
0.001EPSS
CVE-2023-22384 Buffer Copy Without Checking Size of Input in VR Service
Memory Corruption in VR Service while sending data using Fast Message Queue...
6.7CVSS
7.8AI Score
0.0004EPSS
CVE-2023-21673 Improper Access Control in Kernel
Improper Access to the VM resource manager can lead to Memory...
8.7CVSS
8.8AI Score
0.0004EPSS
CVE-2023-33061 Buffer Over-read in WLAN Firmware
Transient DOS in WLAN Firmware while parsing WLAN beacon or probe-response...
7.5CVSS
7.8AI Score
0.0004EPSS
CVE-2023-28570 Buffer Copy without Checking Size of Input in Audio
Memory corruption while processing audio...
6.7CVSS
8.1AI Score
0.0004EPSS
Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access...
9.8CVSS
9.2AI Score
0.001EPSS
Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon...
7.5CVSS
7.5AI Score
0.0005EPSS
Transient DOS in WLAN Firmware when the length of received beacon is less than length of ieee802.11 beacon...
7.5CVSS
7.5AI Score
0.0005EPSS
Transient DOS while processing 11AZ RTT management action frame received through...
7.5CVSS
7.5AI Score
0.0005EPSS
Transient DOS while key unwrapping process, when the given encrypted key is empty or...
7.5CVSS
7.6AI Score
0.0005EPSS
Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo...
9.8CVSS
9.5AI Score
0.001EPSS
Memory corruption when AP includes TID to link mapping IE in the beacons and STA is parsing the beacon TID to link mapping...
9.8CVSS
9.5AI Score
0.001EPSS
9.8CVSS
8AI Score
0.001EPSS
Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem...
8.4CVSS
7.8AI Score
0.0004EPSS
Memory corruption while processing the event ring, the context read pointer is untrusted to HLOS and when it is passed with arbitrary values, may point to address in the middle of ring...
7.8CVSS
7.7AI Score
0.0004EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same...
7.8CVSS
8.8AI Score
0.0004EPSS
Memory corruption while running NPU, when NETWORK_UNLOAD and (NETWORK_UNLOAD or NETWORK_EXECUTE_V2) commands are submitted at the same...
8.4CVSS
7.9AI Score
0.0004EPSS
The session index variable in PCM host voice audio driver initialized before PCM open, accessed during event callback from ADSP and reset during PCM close may lead to race condition between event callback - PCM close and reset session index causing memory...
7CVSS
7.6AI Score
0.0004EPSS
Transient DOS when WLAN firmware receives "reassoc response" frame including RIC_DATA...
7.5CVSS
7.6AI Score
0.0005EPSS
8.4CVSS
7.8AI Score
0.0004EPSS
Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected...
8.4CVSS
7.8AI Score
0.0004EPSS
Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected...
7.8CVSS
0.0004EPSS
Transient DOS while parsing WPA IES, when it is passed with length more than expected...
7.5CVSS
7.5AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
Memory corruption while sending an Assoc Request having BTM Query or BTM Response containing MBO...
9.8CVSS
9.6AI Score
0.001EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics...
8.4CVSS
7.7AI Score
0.0004EPSS
Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap...
7.8CVSS
7.2AI Score
0.0004EPSS
7.1CVSS
6.4AI Score
0.0004EPSS
7.1CVSS
6.8AI Score
0.0004EPSS
Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance...
9.1CVSS
9.1AI Score
0.001EPSS
Cryptographic issue in GPS HLOS Driver while downloading Qualcomm GNSS assistance...
9.1CVSS
0.001EPSS