CPE Details
Qualcomm QTS110 FIRMWARE -
-
2023-02-15
10h47 +00:00
10h47 +00:00
2023-08-29
09h33 +00:00
09h33 +00:00
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:o:qualcomm:qts110_firmware:-:*:*:*:*:*:*:*
Informations
Vendor
qualcommProduct
qts110_firmwareVersion
-Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| While processing the authentication message in UE, improper authentication may lead to information disclosure. | 5.4 |
Moyen |
||
| Memory corruption when allocating and accessing an entry in an SMEM partition continuously. | 8.4 |
Haute |
||
| Transient DOS while decoding attach reject message received by UE, when IEI is set to ESM_IEI. | 7.5 |
Haute |
||
| Transient DOS while loading the TA ELF file. | 7.1 |
Haute |
||
| Memory corruption while performing finish HMAC operation when context is freed by keymaster. | 8.4 |
Haute |
||
| Cryptographic issue while performing attach with a LTE network, a rogue base station can skip the authentication phase and immediately send the Security Mode Command. | 9.1 |
Critique |
||
| Memory corruption in SPS Application while requesting for public key in sorter TA. | 8.4 |
Haute |
||
| Memory corruption in Audio while processing RT proxy port register driver. | 8.4 |
Haute |
||
| Memory corruption in Audio during playback with speaker protection. | 8.4 |
Haute |
||
| Memory corruption in TZ Secure OS while requesting a memory allocation from TA region. | 9.3 |
Critique |
||
| Memory corruption in HLOS while running playready use-case. | 9.3 |
Critique |
||
| Memory corruption while using the UIM diag command to get the operators name. | 7.8 |
Haute |
||
| Memory corruption in Boot while running a ListVars test in UEFI Menu during boot. | 7.8 |
Haute |
||
| Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. | 6.5 |
Moyen |
||
| Memory corruption while loading an ELF segment in TEE Kernel. | 8.8 |
Haute |
||
| Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments. | 7.8 |
Haute |
||
| Memory corruption in MPP performance while accessing DSM watermark using external memory address. | 7.8 |
Haute |
||
| Memory Corruption in SPS Application while exporting public key in sorter TA. | 7.8 |
Haute |
||
| Cryptographic issue in HLOS during key management. | 7.8 |
Haute |
||
| Memory Corruption in Core due to secure memory access by user while loading modem image. | 8.4 |
Haute |
||
| Memory Corruption in Multi-mode Call Processor while processing bit mask API. | 9.8 |
Critique |
||
| Memory Corruption in Data Modem while making a MO call or MT VOLTE call. | 9.8 |
Critique |
||
| Memory corruption in WLAN HAL while handling command streams through WMI interfaces. | 7.8 |
Haute |
||
| Information disclosure in Network Services due to buffer over-read while the device receives DNS response. | 8.2 |
Haute |
||
| Weak Configuration due to improper input validation in Modem while processing LTE security mode command message received from network. | 9.8 |
Critique |
||
| Transient DOS due to improper authorization in Modem | 7.5 |
Haute |
||
| Memory corruption due to double free in Core while mapping HLOS address to the list. | 8.4 |
Haute |
||
| information disclosure due to cryptographic issue in Core during RPMB read request. | 7.1 |
Haute |
||
| Information disclosure due to buffer over-read in Modem while parsing DNS hostname. | 8.2 |
Haute |
||
| Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet. | 7.5 |
Haute |
||
| Memory corruption due to integer overflow or wraparound in WLAN while sending WMI cmd from host to target. | 8.4 |
Haute |
||
| Memory corruption due to improper validation of array index in User Identity Module when APN TLV length is greater than command length. | 7.8 |
Haute |
||
| Information disclosure in Modem due to buffer over-read while parsing the wms message received given the buffer and its length. | 8.2 |
Haute |
||
| Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request message. | 7.5 |
Haute |
||
| Information disclosure in Modem due to buffer over-read while receiving a IP header with malformed length. | 8.2 |
Haute |
||
| Memory corruption occurs in Modem due to improper validation of array index when malformed APDU is sent from card. | 6.8 |
Moyen |
||
| Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet. | 8.2 |
Haute |
||
| Memory corruption due to buffer copy without checking the size of input in modem while decoding raw SMS received. | 9.8 |
Critique |
||
| Information disclosure due to buffer over-read in modem while reading configuration parameters. | 8.2 |
Haute |
||
| Memory corruption due to double free in core while initializing the encryption key. | 9.3 |
Critique |
||
| Information disclosure sue to buffer over-read in modem while processing ipv6 packet with hop-by-hop or destination option in header. | 8.2 |
Haute |
||
| Transient DOS in Modem due to null pointer dereference while processing the incoming packet with http chunked encoding. | 7.5 |
Haute |
||
| Information disclosure due to buffer over-read while parsing DNS response packets in Modem. | 8.2 |
Haute |
||
| memory corruption in modem due to improper check while calculating size of serialized CoAP message | 9.8 |
Critique |
||
| Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message | 8.2 |
Haute |
||
| Memory corruption in modem due to improper input validation while handling the incoming CoAP message | 9.8 |
Critique |
||
| Memory corruption in modem due to buffer overwrite while building an IPv6 multicast address based on the MAC address of the iface | 9.8 |
Critique |
||
| Denial of service in modem due to missing null check while processing the ipv6 packet received during ECM call | 7.5 |
Haute |
||
| Information disclosure in modem due to missing NULL check while reading packets received from local network | 7.5 |
Haute |
||
| Information disclosure in modem due to buffer over-read while processing packets from DNS server | 7.5 |
Haute |
||
| Information disclosure in modem due to improper check of IP type while processing DNS server query | 8.2 |
Haute |
||
| Information disclosure in modem data due to array out of bound access while handling the incoming DNS response packet | 8.2 |
Haute |
||
| Memory correction in modem due to buffer overwrite during coap connection | 9.8 |
Critique |
||
| Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message. | 8.4 |
Haute |
||
| Memory corruption in modem due to buffer overflow while processing a PPP packet | 8.8 |
Haute |
||
| Memory corruption in modem due to integer overflow to buffer overflow while handling APDU response | 7.8 |
Haute |
||
| Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM | 8.4 |
Haute |
||
| Memory corruption due to configuration weakness in modem wile sending command to write protected files. | 7.8 |
Haute |
||
| Information disclosure due to buffer over-read in Modem while using static array to process IPv4 packets. | 8.2 |
Haute |
||
| Information disclosure in modem due to buffer over-red while performing checksum of packet received | 8.2 |
Haute |
||
| Denial of service in modem due to missing null check while processing TCP or UDP packets from server | 7.5 |
Haute |
||
| Denial of service in modem due to missing null check while processing IP packets with padding | 7.5 |
Haute |
||
| Denial of service in modem due to null pointer dereference while processing DNS packets | 7.5 |
Haute |
||
| Information disclosure in modem due to buffer over read in dns client due to missing length check | 8.2 |
Haute |
||
| Memory corruption in modem due to improper length check while copying into memory | 9.8 |
Critique |
||
| Information disclosure in modem due to buffer over-read while processing response from DNS server | 8.2 |
Haute |
2025©
tesweb SA
