Memory corruption in Trusted Execution Environment while deinitializing an object used for license...
7.8CVSS
7.2AI Score
0.0004EPSS
7.5CVSS
0.0005EPSS
7.8CVSS
9.5AI Score
0.0004EPSS
7.8CVSS
0.0004EPSS
7.8CVSS
0.0004EPSS
Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6...
7.8CVSS
7.8AI Score
0.0004EPSS
Memory corruption when IPv6 prefix timer object`s lifetime expires which are created while Netmgr daemon gets an IPv6...
7.8CVSS
7.1AI Score
0.0004EPSS
Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input...
7.8CVSS
7.9AI Score
0.0004EPSS
7.8CVSS
0.0004EPSS
Memory Corruption in Radio Interface Layer while sending an SMS or writing an SMS to...
7.8CVSS
7.5AI Score
0.0004EPSS
CVE-2023-33079 Use of Out-of-range Pointer Offset in Audio
Memory corruption in Audio while running invalid audio recording from...
7.8CVSS
8AI Score
0.0004EPSS
CVE-2023-33043 Reachable Assertion in Modem
Transient DOS in Modem when a Beam switch request is made with a non-configured...
7.5CVSS
7.7AI Score
0.0005EPSS
CVE-2023-33041 Reachable assertion in WLAN Firmware
Under certain scenarios the WLAN Firmware will reach an assertion due to state confusion while looking up peer...
7.5CVSS
7.7AI Score
0.0005EPSS
CVE-2023-43514 Use After Free in DSP Services
Memory corruption while invoking IOCTLs calls from user space for internal mem MAP and internal mem...
8.4CVSS
8.8AI Score
0.0004EPSS
CVE-2023-33116 Buffer over-read without Checking Size of Input in WLAN Host
Transient DOS while parsing ieee80211_parse_mscs_ie in WIN WLAN...
7.5CVSS
7.7AI Score
0.0004EPSS
CVE-2023-33109 NULL Pointer Dereference in WLAN Firmware
Transient DOS while processing a WMI P2P listen start command (0xD00A) sent from...
7.5CVSS
7.8AI Score
0.0005EPSS
CVE-2023-33085 Buffer Copy Without Checking Size of Input (Classic Buffer Overflow) in Wearables
Memory corruption in wearables while processing data from...
7.8CVSS
8AI Score
0.0004EPSS
7.5CVSS
7.7AI Score
0.0005EPSS
CVE-2023-33033 Use of Out-of-range Pointer Offset in Audio
Memory corruption in Audio during playback with speaker...
8.4CVSS
8.8AI Score
0.0004EPSS
CVE-2023-33030 Buffer Copy without Checking Size of Input in HLOS
Memory corruption in HLOS while running playready...
9.3CVSS
9.6AI Score
0.0004EPSS
CVE-2023-43536 Buffer Over-read in WLAN Firmware
Transient DOS while parse fils IE with length equal to...
7.5CVSS
7.7AI Score
0.0005EPSS
CVE-2023-43522 NULL Pointer Dereference in WLAN Firmware
Transient DOS while key unwrapping process, when the given encrypted key is empty or...
7.5CVSS
7.8AI Score
0.0005EPSS
CVE-2023-33076 Configuration Issue in Core
Memory corruption in Core when updating rollback version for TA and OTA feature is...
5.9CVSS
8.1AI Score
0.0004EPSS
CVE-2023-33068 Buffer Copy Without Checking Size of Input in Audio
Memory corruption in Audio while processing IIR config data from AFE calibration...
6.7CVSS
8AI Score
0.0004EPSS
CVE-2023-33046 Time-of-check Time-of-use (TOCTOU) Race Condition in Trusted Execution Environment
Memory corruption in Trusted Execution Environment while deinitializing an object used for license...
7.8CVSS
8.1AI Score
0.0004EPSS
9.8CVSS
9.8AI Score
0.001EPSS
Memory corruption while parsing beacon/probe response frame when AP sends more supported links in...
9.8CVSS
9.8AI Score
0.001EPSS
8.4CVSS
8.7AI Score
0.001EPSS
Transient DOS in WLAN Host and Firmware when large number of open authentication frames are sent with an invalid transaction sequence...
7.5CVSS
7.6AI Score
0.0005EPSS
8.4CVSS
8.6AI Score
0.0004EPSS
Memory corruption in Core Services while executing the command for removing a single event...
9.3CVSS
9.6AI Score
0.001EPSS
New Rust-based Fickle Malware Uses PowerShell for UAC Bypass and Data Exfiltration
A new Rust-based information stealer malware called Fickle Stealer has been observed being delivered via multiple attack chains with the goal of harvesting sensitive information from compromised hosts. Fortinet FortiGuard Labs said it's aware of four different distribution methods -- namely VBA...
7AI Score
CVE-2023-33086 Improper Release of Memory Before Removing Last Reference in Data Modem
Transient DOS while processing multiple IKEV2 Informational Request to device from IPSEC server with different...
7.5CVSS
7.7AI Score
0.0005EPSS
CVE-2023-33084 Improper Release of Memory Before Removing Last Reference in Data Modem
Transient DOS while processing IE fragments from server during DTLS...
7.5CVSS
7.8AI Score
0.0005EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
7.5CVSS
7.5AI Score
0.0005EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
7.5CVSS
7.7AI Score
0.0004EPSS
8.4CVSS
7.9AI Score
0.0004EPSS
Transient DOS in WLAN Firmware while interpreting MBSSID IE of a received beacon...
7.5CVSS
7.5AI Score
0.0005EPSS
In the function call related to CAM_REQ_MGR_RELEASE_BUF there is no check if the buffer is being used. So when a function called cam_mem_get_cpu_buf to get the kernel va to use, another thread can call CAM_REQ_MGR_RELEASE_BUF to unmap the kernel va which cause UAF of the kernel...
7.8CVSS
7.5AI Score
0.0004EPSS
The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to...
7.8CVSS
7.5AI Score
0.0004EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
9.8CVSS
9.6AI Score
0.001EPSS
Memory corruption in WLAN FW while processing command parameters from untrusted WMI...
7.8CVSS
7.9AI Score
0.0004EPSS
9.8CVSS
9.4AI Score
0.001EPSS
7.8CVSS
7.8AI Score
0.0004EPSS
7.8CVSS
7.9AI Score
0.0004EPSS
5.5CVSS
6.1AI Score
0.0004EPSS