Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

wcn6855_firmware

Source -

NVDADP

CNA CVEs -

0

ADP CVEs -

97

CISA CVEs -

0

NVD CVEs -

380
Related CVEsRelated VendorsRelated AssignersReports
450Vulnerabilities found

CVE-2025-21476
Assigner-Qualcomm, Inc.
ShareView Details
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.08% / 0.25%
||
7 Day CHG~0.00%
Published-24 Sep, 2025 | 15:33
Updated-26 Feb, 2026 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy Without Checking Size of Input in Computer Vision

Memory corruption when passing parameters to the Trusted Virtual Machine during the handshake.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qcm8550_firmwaresm8750p_firmwarewcn7880_firmwareqcs5430sm7635_firmwarewcn7850_firmwaresm8650p_firmwarewcn6650sm8550p_firmwarewcn7880sm7675_firmwaresm8550psm8550_firmwareqcn9012sm8635_firmwareqcs5430_firmwarewcn6755sg8275_firmwarewcn6750_firmwareqcm8550sm8650_firmwareqcs9100_firmwareqca6391sm8650q_firmwarewcn7860_firmwareqca6391_firmwarewcn7850wcn3950qcm5430_firmwaresm8750_firmwareqcs615wcn7851wcn7851_firmwarewcn7881_firmwareqcn9012_firmwaresm7675psm7635sm6650qcm6490wcn7860wcn6855sm8635p_firmwarewcn3910qca6698aqsm8635psxr2330pqcs9100sm7675wcn6750qcs8550_firmwarewcn6856_firmwaresg8275psm8650wcn3950_firmwarewcn7861wcn6855_firmwareqcn9274_firmwaresg8275wcn7881sm8650qwcn6755_firmwareqcs615_firmwarewcn3910_firmwareqcm5430qcm6490_firmwarewcn7861_firmwaresm8550qcs8550qcs6490_firmwaresg8275p_firmwarewcn6856sm8635sm8750psm8750qcs6490wcn6650_firmwaresm6650_firmwaresm7675p_firmwareqcn9011qcn9274sxr2330p_firmwaresm8650pqca6698aq_firmwareqcn9011_firmwareSnapdragon
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2021-30299
Assigner-Qualcomm, Inc.
ShareView Details
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.12% / 2.46%
||
7 Day CHG~0.00%
Published-22 Nov, 2024 | 09:09
Updated-25 Nov, 2024 | 19:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Input Validation in Audio

Possible out of bound access in audio module due to lack of validation of user provided input.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwaremdm9150_firmwarewsa8830sa6150p_firmwaresa8145p_firmwareqcs610qcs2290_firmwareqca8337csra6620qcs4290wcn3950_firmwaresd765g_firmwaresa8150p_firmwareqcs2290qca6390_firmwarewcd9370csra6620_firmwareqcs605_firmwarecsra6640_firmwareqcs6125_firmwareqca6564qca6426wcn3990_firmwareqrb5165n_firmwarewcn3998wcd9385_firmwaresdxr2_5g_firmwarewcn3950wcn3660bsm6375_firmwareqca6574au_firmwaresdx55_firmwarewcd9375_firmwarewcn3998_firmwaresm7250p_firmwarewcn3610_firmwareqca6436_firmwareqrb5165nqca6564au_firmwaresa6155p_firmwaresm6225qcs6490qrb5165m_firmwaresdxr2_5gqrb5165_firmwareqcs6125wcn3988_firmwareqcs405sd205sa6145p_firmwarewcd9340sa8195pwsa8810_firmwaresd765gsd765_firmwareqca6436wcn6851wcd9335sa6155pqcs603_firmwareqcs4290_firmwarewcd9385wcd9341qca6696_firmwareqcs6490_firmwaresd870_firmwarewcn3910_firmwarewcd9375qca6390ar8035sa8150pwsa8830_firmwaresda429wsd210wcn3620_firmwaresd865_5g_firmwarewsa8815_firmwarewcn6850_firmwarewsa8835_firmwarewcn3988wcn3620sd888_5g_firmwaresa8195p_firmwareqcm6490wcn6750_firmwareqca6564awcn3610qcm6125_firmwareqcm2290_firmwaresm6375wcn3991wcd9380_firmwaresda429w_firmwareqca8337_firmwarewcn3990sd780gsd865_5gqca6564ausdx55m_firmwarewcn6856_firmwarewsa8835wcd9380sd888_5gqcs410qca6574awcn6855_firmwarewcn6750wcn3980wcd9335_firmwareqcs605wcd9340_firmwarewsa8815wcn6850wcn3910sd765qca6426_firmwarewcn3660b_firmwareqca6574a_firmwaresd768g_firmwareqrb5165mwcn3980_firmwareqca6391sdx55mwcn6740_firmwareqcm4290qcm6490_firmwarear8031_firmwareqrb5165wcn6851_firmwaresd480_firmwareqcs603sm6225_firmwareqca6574ausa8155p_firmwaresd205_firmwareqca6564a_firmwarewcd9341_firmwareqcm6125wsa8810sd870sd480wcn6855qcm4290_firmwaresd210_firmwareqcs610_firmwaremdm9150wcn6856sa6145pqca6564_firmwaresd768gar8031apq8096auqcs405_firmwaresa8145pwcn6740qca6696qca6391_firmwarewcd9370_firmwaresd780g_firmwaresdx55sa6150psa8155pcsra6640apq8096au_firmwaresm7250pqcs410_firmwarear8035_firmwareqcm2290Snapdragonqcm2290_firmwarewcn3991_firmwaremdm9150_firmwareqca8337_firmwaresda429w_firmwaresa6150p_firmwarewcd9380_firmwaresa8145p_firmwareqcs2290_firmwaresdx55m_firmwarewcn6856_firmwarewcn3950_firmwaresa8150p_firmwaresd765g_firmwareqca6390_firmwarecsra6620_firmwareqcs605_firmwarewcn6855_firmwarecsra6640_firmwareqcs6125_firmwarewcn3990_firmwareqrb5165n_firmwarewcd9335_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcd9340_firmwaresm6375_firmwareqca6426_firmwarewcn3660b_firmwareqca6574a_firmwareqca6574au_firmwaresdx55_firmwaresd768g_firmwarewcd9375_firmwarewcn3998_firmwarewcn3980_firmwaresm7250p_firmwarewcn3610_firmwareqca6436_firmwarewcn6740_firmwareqca6564au_firmwaresa6155p_firmwarear8031_firmwareqrb5165_firmwareqrb5165m_firmwareqcm6490_firmwaresd480_firmwarewcn6851_firmwaresm6225_firmwarewcn3988_firmwaresa6145p_firmwaresa8155p_firmwaresd205_firmwareqca6564a_firmwarewsa8810_firmwarewcd9341_firmwareqcm4290_firmwaresd765_firmwaresd210_firmwareqcs603_firmwareqcs610_firmwareqcs4290_firmwareqca6564_firmwareqca6696_firmwareqcs6490_firmwareqcs405_firmwaresd870_firmwareqca6391_firmwarewcn3910_firmwaresd780g_firmwarewcd9370_firmwareapq8096au_firmwarewsa8830_firmwaresd865_5g_firmwarewcn3620_firmwarewsa8815_firmwaresd888_5g_firmwarewcn6850_firmwarewsa8835_firmwaresa8195p_firmwareqcs410_firmwarewcn6750_firmwarear8035_firmwareqcm6125_firmware
CWE ID-CWE-20
Improper Input Validation
CVE-2023-23700
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-7.6||HIGH
EPSS-0.68% / 48.43%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 06:30
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress OceanWP theme <= 3.4.1 - Authenticated Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in OceanWP allows PHP Local File Inclusion.This issue affects OceanWP: from n/a through 3.4.1.

Action-Not Available
Vendor-OceanWPoceanwp
Product-OceanWPoceanwp
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-22656
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-3.9||LOW
EPSS-0.27% / 19.44%
||
7 Day CHG~0.00%
Published-16 May, 2024 | 20:47
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in Intel(R) Media SDK and some Intel(R) oneVPL software before version 23.3.5 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-Intel(R) Media SDK and some Intel(R) oneVPL softwaremedia_sdkonevpl_gpu_runtime
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-23474
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-3.7||LOW
EPSS-0.43% / 34.69%
||
7 Day CHG~0.00%
Published-03 May, 2024 | 17:15
Updated-07 Jan, 2025 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Cognos Controller information disclosure

IBM Cognos Controller 10.4.1, 10.4.2, and 11.0.0 could allow a remote attacker to obtain sensitive information when a stack trace is returned in the browser. IBM X-Force ID: 245403.

Action-Not Available
Vendor-IBM Corporation
Product-cognos_controllerCognos Controllercognos_controller
CWE ID-CWE-209
Generation of Error Message Containing Sensitive Information
CVE-2023-23019
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.31% / 22.81%
||
7 Day CHG~0.00%
Published-01 May, 2024 | 00:00
Updated-04 Apr, 2025 | 14:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross site scripting (XSS) vulnerability in file main.php in sourcecodester oretnom23 Blog Site 1.0 via the name and email parameters to function user_add.\

Action-Not Available
Vendor-n/aoretnom23SourceCodester
Product-blog_siten/ablog_site
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-22869
Assigner-IBM Corporation
ShareView Details
Assigner-IBM Corporation
CVSS Score-5.5||MEDIUM
EPSS-0.19% / 8.76%
||
7 Day CHG~0.00%
Published-19 Apr, 2024 | 15:48
Updated-19 Dec, 2024 | 15:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM Aspera Faspex information disclosure

IBM Aspera Faspex 5.0.0 through 5.0.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: 244119.

Action-Not Available
Vendor-IBM Corporation
Product-aspera_faspexAspera Faspexaspera_faspex
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2023-23649
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-8.1||HIGH
EPSS-0.75% / 50.83%
||
7 Day CHG~0.00%
Published-28 Mar, 2024 | 06:12
Updated-28 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MainWP Links Manager Extension Plugin <= 2.1 - Unauthenticated PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in MainWP MainWP Links Manager Extension.This issue affects MainWP Links Manager Extension: from n/a through 2.1.

Action-Not Available
Vendor-MainWPmainwp
Product-MainWP Links Manager Extensionmainwp_links_manager_extension
CWE ID-CWE-502
Deserialization of Untrusted Data
CVE-2023-23656
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-10||CRITICAL
EPSS-0.81% / 52.79%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 19:51
Updated-28 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MainWP File Uploader Extension Plugin <= 4.1 - Unauthenticated Arbitrary File Upload Vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in MainWP MainWP File Uploader Extension.This issue affects MainWP File Uploader Extension: from n/a through 4.1.

Action-Not Available
Vendor-MainWPmainwp
Product-MainWP File Uploader Extensionmainwp_file_uploader_extension
CWE ID-CWE-434
Unrestricted Upload of File with Dangerous Type
CVE-2023-22655
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.25% / 15.99%
||
7 Day CHG~0.00%
Published-14 Mar, 2024 | 16:45
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Protection mechanism failure in some 3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-3rd and 4th Generation Intel(R) Xeon(R) Processors when using Intel(R) SGX or Intel(R) TDX4th_gen_intel_xeon_scalable_processors_with_intel_vran4th_gen_intel_xeon_bronze_processors4th_gen_intel_xeon_gold_processorsxeon_d_processorxeon_cpu_max_series_processors4th_generation_intel_xeon_gold_processors4th_gen_intel_xeon_platinum_processors4th_gen_intel_xeon_silver_processors4th_generation_intel_xeon_platinum_processors4th_gen_intel_xeon_scalable_processors3rd_gen_intel_xeon_scalable_processor_family
CWE ID-CWE-693
Protection Mechanism Failure
CVE-2023-22527
Assigner-Atlassian
ShareView Details
Assigner-Atlassian
CVSS Score-10||CRITICAL
EPSS-99.98% / 99.98%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 05:00
Updated-24 Oct, 2025 | 13:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-02-14||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version must take immediate action. Most recent supported versions of Confluence Data Center and Server are not affected by this vulnerability as it was ultimately mitigated during regular version updates. However, Atlassian recommends that customers take care to install the latest version to protect their instances from non-critical vulnerabilities outlined in Atlassian’s January Security Bulletin.

Action-Not Available
Vendor-Atlassian
Product-confluence_data_centerconfluence_serverConfluence ServerConfluence Data Centerconfluence_data_centerconfluence_serverConfluence Data Center and Server
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2023-22275
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-1.34% / 68.15%
||
7 Day CHG~0.00%
Published-17 Nov, 2023 | 12:52
Updated-04 Sep, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-21306: Adobe RoboHelp Server GetNewUserId SQL Injection Information Disclosure Vulnerability

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-robohelp_serverwindowsRoboHelprobohelp
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-22272
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-1.39% / 69.30%
||
7 Day CHG~0.00%
Published-17 Nov, 2023 | 12:52
Updated-04 Sep, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-21309: Adobe RoboHelp Server resolveDistinguishedName LDAP Injection Information Disclosure Vulnerability

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Input Validation vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-robohelp_serverwindowsRoboHelprobohelp
CWE ID-CWE-20
Improper Input Validation
CVE-2023-22274
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.5||HIGH
EPSS-1.46% / 70.59%
||
7 Day CHG~0.00%
Published-17 Nov, 2023 | 12:52
Updated-04 Sep, 2024 | 19:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-21305: Adobe RoboHelp Server UpdateCommandStream XML External Entity Processing Information Disclosure Vulnerability

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could lead to information disclosure by an unauthenticated attacker. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Microsoft CorporationAdobe Inc.
Product-robohelp_serverwindowsRoboHelprobohelp
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2023-22273
Assigner-Adobe Systems Incorporated
ShareView Details
Assigner-Adobe Systems Incorporated
CVSS Score-7.2||HIGH
EPSS-1.94% / 77.83%
||
7 Day CHG~0.00%
Published-17 Nov, 2023 | 12:52
Updated-16 Dec, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
ZDI-CAN-21307: Adobe RoboHelp Server OnPublishFile Directory Traversal Remote Code Execution Vulnerability

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction.

Action-Not Available
Vendor-Adobe Inc.Microsoft Corporation
Product-robohelp_serverwindowsRoboHelprobohelp
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2023-22327
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-6||MEDIUM
EPSS-0.23% / 13.48%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-15 Oct, 2024 | 17:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds write in firmware for some Intel(R) FPGA products before version 2.8.1 may allow a privileged user to potentially enable information disclosure via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-stratix_10_sx_650_fpgastratix_10_gx_400_fpga_firmwareagilex_7_fpga_f-series_006_firmwareagilex_7_fpga_i-series_022stratix_10_tx_2500_fpga_firmwarestratix_10_gx_10m_fpga_firmwarestratix_10_gx_2800_fpga_firmwarestratix_10_sx_1650_fpgastratix_10_tx_850_fpga_firmwarestratix_10_tx_1650_fpgastratix_10_gx_850_fpgastratix_10_gx_1660_fpgastratix_10_sx_400_fpga_firmwareagilex_7_fpga_i-series_022_firmwarestratix_10_dx_2100_fpgaagilex_7_fpga_i-series_035_firmwarestratix_10_tx_400_fpga_firmwarestratix_10_gx_10m_fpgaagilex_7_fpga_m-series_039stratix_10_gx_2500_fpga_firmwarestratix_10_mx_2100_fpga_firmwareagilex_7_fpga_f-series_012_firmwareagilex_7_fpga_f-series_023stratix_10_gx_2100_fpga_firmwarestratix_10_tx_1100_fpga_firmwarestratix_10_tx_1650_fpga_firmwareagilex_7_fpga_m-series_039_firmwareagilex_7_fpga_f-series_019_firmwarestratix_10_sx_1100_fpgaagilex_7_fpga_f-series_022stratix_10_tx_2800_fpga_firmwarestratix_10_tx_2800_fpgaagilex_7_fpga_i-series_023_firmwarestratix_10_sx_2500_fpga_firmwarestratix_10_gx_650_fpgaagilex_7_fpga_i-series_041agilex_7_fpga_i-series_040stratix_10_tx_1100_fpgaagilex_7_fpga_f-series_008stratix_10_gx_2100_fpgastratix_10_gx_1650_fpgaagilex_7_fpga_f-series_022_firmwarestratix_10_gx_1100_fpga_firmwarestratix_10_sx_400_fpgastratix_10_dx_1100_fpgastratix_10_sx_1100_fpga_firmwarestratix_10_gx_2110_fpga_firmwareagilex_7_fpga_f-series_027stratix_10_sx_650_fpga_firmwareagilex_7_fpga_i-series_027_firmwareagilex_7_fpga_i-series_027stratix_10_sx_850_fpgastratix_10_nx_2100_fpga_firmwareagilex_7_fpga_f-series_012stratix_10_dx_1100_fpga_firmwarestratix_10_nx_2100_fpgaagilex_7_fpga_f-series_008_firmwarestratix_10_sx_850_fpga_firmwarestratix_10_sx_1650_fpga_firmwarestratix_10_gx_400_fpgastratix_10_mx_1650_fpgastratix_10_sx_2100_fpgastratix_10_gx_1660_fpga_firmwarestratix_10_tx_2100_fpga_firmwareagilex_7_fpga_i-series_040_firmwarestratix_10_sx_2800_fpgastratix_10_tx_400_fpgaagilex_7_fpga_i-series_035agilex_7_fpga_i-series_041_firmwareagilex_7_fpga_f-series_006agilex_7_fpga_f-series_027_firmwarestratix_10_tx_2100_fpgastratix_10_gx_650_fpga_firmwareagilex_7_fpga_f-series_014agilex_7_fpga_f-series_014_firmwarestratix_10_tx_2500_fpgaagilex_7_fpga_f-series_023_firmwarestratix_10_gx_1650_fpga_firmwarestratix_10_sx_2100_fpga_firmwarestratix_10_dx_2800_fpga_firmwarestratix_10_dx_2800_fpgastratix_10_tx_850_fpgastratix_10_sx_2500_fpgastratix_10_dx_2100_fpga_firmwareagilex_7_fpga_i-series_019_firmwarestratix_10_gx_850_fpga_firmwareagilex_7_fpga_i-series_019stratix_10_sx_2800_fpga_firmwarestratix_10_gx_1100_fpgaagilex_7_fpga_f-series_019stratix_10_gx_2110_fpgastratix_10_mx_1650_fpga_firmwarestratix_10_gx_2500_fpgaagilex_7_fpga_i-series_023stratix_10_gx_2800_fpgastratix_10_mx_2100_fpgaIntel(R) FPGA productssoc_fpga_firmware
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-22305
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.21% / 10.64%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-14 Aug, 2024 | 21:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow in some Intel(R) Aptio* V UEFI Firmware Integrator Tools may allow an authenticated user to potentially enable denial of service via local access.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncIntel CorporationMicrosoft Corporation
Product-windowslinux_kernelaptio_v_uefi_firmware_integrator_toolsIntel(R) Aptio* V UEFI Firmware Integrator Toolsaptio_v_uefi_firmware_integrator_tools
CWE ID-CWE-680
Integer Overflow to Buffer Overflow
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-23678
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4||MEDIUM
EPSS-0.60% / 45.00%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 15:48
Updated-28 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Cookie Notice for GDPR, CCPA & ePrivacy Consent Plugin <= 2.2.5 is vulnerable to CSV Injection

Improper Neutralization of Formula Elements in a CSV File vulnerability in WPEkaClub WP Cookie Consent ( for GDPR, CCPA & ePrivacy ).This issue affects WP Cookie Consent ( for GDPR, CCPA & ePrivacy ): from n/a through 2.2.5.

Action-Not Available
Vendor-wpekaWPEkaClubwpeka
Product-wp_cookie_consentWP Cookie Consent ( for GDPR, CCPA & ePrivacy )wp_cookie_consent
CWE ID-CWE-1236
Improper Neutralization of Formula Elements in a CSV File
CVE-2023-22719
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.7||MEDIUM
EPSS-0.63% / 46.12%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 15:41
Updated-28 Apr, 2026 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress GiveWP Plugin <= 2.25.1 is vulnerable to CSV Injection

Improper Neutralization of Formula Elements in a CSV File vulnerability in GiveWP.This issue affects GiveWP: from n/a through 2.25.1.

Action-Not Available
Vendor-GiveWPThe Events Calendar (StellarWP)
Product-givewpGiveWPgivewp
CWE ID-CWE-1236
Improper Neutralization of Formula Elements in a CSV File
CVE-2023-23373
Assigner-QNAP Systems, Inc.
ShareView Details
Assigner-QNAP Systems, Inc.
CVSS Score-8.8||HIGH
EPSS-1.14% / 63.07%
||
7 Day CHG~0.00%
Published-20 Oct, 2023 | 16:14
Updated-16 Sep, 2024 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
QUSBCam2

An OS command injection vulnerability has been reported to affect QUSBCam2. If exploited, the vulnerability could allow users to execute commands via a network. We have already fixed the vulnerability in the following version: QUSBCam2 2.0.3 ( 2023/06/15 ) and later

Action-Not Available
Vendor-QNAP Systems, Inc.
Product-qusbcam2QUSBCam2qusbcam2
CWE ID-CWE-78
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CVE-2023-22108
Assigner-Oracle
ShareView Details
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.57% / 43.22%
||
7 Day CHG~0.00%
Published-17 Oct, 2023 | 21:03
Updated-13 Sep, 2024 | 16:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).

Action-Not Available
Vendor-Oracle Corporation
Product-weblogic_serverWebLogic Serverweblogic_server
CVE-2023-22325
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-5.9||MEDIUM
EPSS-0.96% / 57.48%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 15:27
Updated-02 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

Action-Not Available
Vendor-softetherSoftEther VPNsoftether
Product-vpnSoftEther VPNvpn
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2023-23581
Assigner-Talos
ShareView Details
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.83% / 53.59%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 15:27
Updated-02 Aug, 2024 | 10:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service.

Action-Not Available
Vendor-softetherSoftEther VPNsoftether
Product-vpnSoftEther VPNvpn
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-23737
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-9.3||CRITICAL
EPSS-0.60% / 44.78%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 11:31
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MainWP Broken Links Checker Extension Plugin <= 4.0 is vulnerable to SQL Injection

Unauth. SQL Injection (SQLi) vulnerability in MainWP MainWP Broken Links Checker Extension plugin <= 4.0 versions.

Action-Not Available
Vendor-managewpMainWPmanagewp
Product-broken_link_checkerMainWP Broken Links Checker Extensionbroken_link_checker
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2023-23632
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.19% / 9.11%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 00:00
Updated-03 Nov, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

BeyondTrust Privileged Remote Access (PRA) versions 22.2.x to 22.4.x are vulnerable to a local authentication bypass. Attackers can exploit a flawed secret verification process in the BYOT shell jump sessions, allowing unauthorized access to jump items by guessing only the first character of the secret.

Action-Not Available
Vendor-n/aBeyondTrust Corporation
Product-privileged_remote_accessn/aprivileged_remote_access
CWE ID-CWE-287
Improper Authentication
CVE-2023-22515
Assigner-Atlassian
ShareView Details
Assigner-Atlassian
CVSS Score-10||CRITICAL
EPSS-99.16% / 99.93%
||
7 Day CHG~0.00%
Published-04 Oct, 2023 | 14:00
Updated-25 Mar, 2026 | 17:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2023-10-13||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable. Check all affected Confluence instances for evidence of compromise per vendor instructions and report any positive findings to CISA.

Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances. Atlassian Cloud sites are not affected by this vulnerability. If your Confluence site is accessed via an atlassian.net domain, it is hosted by Atlassian and is not vulnerable to this issue.

Action-Not Available
Vendor-Atlassian
Product-confluence_data_centerconfluence_serverConfluence Data CenterConfluence ServerConfluence Data Center and Server
CWE ID-CWE-20
Improper Input Validation
CVE-2023-22618
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-8.1||HIGH
EPSS-0.15% / 4.68%
||
7 Day CHG~0.00%
Published-04 Oct, 2023 | 00:00
Updated-20 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

If Security Hardening guide rules are not followed, then Nokia WaveLite products allow a local user to create new users with administrative privileges by manipulating a web request. This affects (for example) WaveLite Metro 200 and Fan, WaveLite Metro 200 OPS and Fans, WaveLite Metro 200 and F2B fans, WaveLite Metro 200 OPS and F2B fans, WaveLite Metro 200 NE and F2B fans, and WaveLite Metro 200 NE OPS and F2B fans.

Action-Not Available
Vendor-n/aNokia Corporation
Product-wavelite_metro_200_and_f2b_fanswavelite_metro_200_ne_and_f2b_fans_firmwarewavelite_metro_200_ne_ops_and_f2b_fanswavelite_metro_200_ops_and_fanswavelite_metro_200_and_fanwavelite_metro_200_ops_and_f2b_fans_firmwarewavelite_metro_200_ops_and_f2b_fanswavelite_metro_200_ne_and_f2b_fanswavelite_metro_200_ops_and_fans_firmwarewavelite_metro_200_and_fan_firmwarewavelite_metro_200_ne_ops_and_f2b_fans_firmwarewavelite_metro_200_and_f2b_fans_firmwaren/awavelite_metro_200_and_f2b_fanswavelite_metro_200_ne_ops_and_f2b_fanswavelite_metro_200_ops_and_fanswavelite_metro_200_and_fanwavelite_metro_200_ne_and_f2b_fans
CWE ID-CWE-284
Improper Access Control
CVE-2023-23623
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.66% / 47.29%
||
7 Day CHG~0.00%
Published-06 Sep, 2023 | 20:16
Updated-26 Sep, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Content-Secrity-Policy disabling eval not applied consistently in renderers with sandbox disabled in Electron

Electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. A Content-Security-Policy that disables eval, specifically setting a `script-src` directive and _not_ providing `unsafe-eval` in that directive, is not respected in renderers that have sandbox disabled. i.e. `sandbox: false` in the `webPreferences` object. This allows usage of methods like `eval()` and `new Function` unexpectedly which can result in an expanded attack surface. This issue only ever affected the 22 and 23 major versions of Electron and has been fixed in the latest versions of those release lines. Specifically, these versions contain the fixes: 22.0.1 and 23.0.0-alpha.2 We recommend all apps upgrade to the latest stable version of Electron. If upgrading isn't possible, this issue can be addressed without upgrading by enabling `sandbox: true` on all renderers.

Action-Not Available
Vendor-Electron UserlandElectron (OpenJS Foundation)
Product-electronelectronelectron
CWE ID-CWE-670
Always-Incorrect Control Flow Implementation
CVE-2023-21667
Assigner-Qualcomm, Inc.
ShareView Details
Assigner-Qualcomm, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.31% / 23.40%
||
7 Day CHG~0.00%
Published-05 Sep, 2023 | 06:24
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Over-read in Bluetooth HOST

Transient DOS in Bluetooth HOST while passing descriptor to validate the blacklisted BT keyboard.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8830wcd9380_firmwaresa6150p_firmwaresa8145p_firmwareqcs610sw5100psd865_5gqcc5100sdx55m_firmwarewcn6856_firmwarewsa8835wcn3950_firmwaresd_8_gen1_5gwcd9380sa8150p_firmwareqca6595au_firmwareqca6390_firmwareqcs410wcd9370wcn6855_firmwareqca6426wcn3980sdxr2_5g_firmwarewcn3950sd_8_gen1_5g_firmwarewcn3660bwsa8815wcn6850qca6426_firmwarewcn3660b_firmwarewcn7850qca6574au_firmwarewcn3680b_firmwareqca6595auwcn3980_firmwareqca6391sdx55mqca6436_firmwareqcc5100_firmwaresa6155p_firmwarewcn7851sdxr2_5gwcn6851_firmwarewcn3988_firmwareqca6574auqcn9074sa6145p_firmwaresa8155p_firmwaresa8195pwsa8810_firmwarewcd9341_firmwaresw5100wsa8810sd870qca6436wcn6851wcn6855sa6155psw5100p_firmwareqcs610_firmwarewcn7851_firmwarewcn6856sa6145pwcn3680bwcd9341qca6696_firmwaresa8145psd870_firmwareqca6696qca6391_firmwareqca6390wcd9370_firmwaresa8150psa6150psa8155pwsa8830_firmwaresd865_5g_firmwarewcn3988wcn6850_firmwarewsa8815_firmwarewcn7850_firmwarewsa8835_firmwaresa8195p_firmwaresw5100_firmwareqcn9074_firmwareqcs410_firmwareSnapdragon
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-21664
Assigner-Qualcomm, Inc.
ShareView Details
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 1.53%
||
7 Day CHG~0.00%
Published-05 Sep, 2023 | 06:24
Updated-27 Feb, 2025 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy without Checking the Size of Input(Classic Buffer Overflow) in Core Platform

Memory Corruption in Core Platform while printing the response buffer in log.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresd_8cx_gen3_firmwaresa6150p_firmwareqca8337qca6431_firmwaresdx65wcn3950_firmwareipq5028_firmwaresa8150p_firmwareqca6595au_firmwaresa6155qca6335qcs605_firmwaresd_675_firmwarewcn3998qam8295psd_8cx_gen2_firmwareqcn6024_firmwareqca8386_firmwarewcn3950sd_8_gen1_5g_firmwareqca8084_firmwareqsm8350_firmwareqsm8350sm7315_firmwarewcn7850qca6574au_firmwarewcd9375_firmwareqca8081_firmwaresa6155_firmwarewcn3998_firmwareqca6420sd_8cx_gen2qrb5165_firmwareipq5028qrb5165m_firmwareqca6698aqsa4155p_firmwaresa8155_firmwareqca6430sdx65mwcd9340qcn6132sd765gfsm10056_firmwareqca6436wcn6851sa6155pqcs603_firmwarewcn7851_firmwareqca6698aq_firmwareqcn6122wcd9341qca6431qca6696_firmwaresd870_firmwareipq9008_firmwaresd_8cxsa8150pwsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwaresd660_firmwarewcn7850_firmwaresa8195p_firmwaresa8295p_firmwarewcn6750_firmwareipq5018_firmwarewcn3991qca8337_firmwarewcd9380_firmwaressg2125pqca8084qca6564ausdx55m_firmwarewcn6856_firmwareipq9008sd670_firmwareqca6574wcd9380sdx50m_firmwaresxr1230psdx24_firmwareqca6430_firmwareqcn9012_firmwareqcn9274_firmwarewcd9335_firmwarewcn3980qca6335_firmwareqcs605wcd9340_firmwarewsa8815wcn6850qca6426_firmwareqcn9024ipq9574_firmwarewcn3980_firmwaresdx55msa8295pqca6421_firmwarewcn6740_firmwaresd678_firmwareqrb5165wcn6851_firmwareqcs603sd670qca6564a_firmwareqcn9024_firmwaresdx57msd870wsa8832wcn6855sa8540psa6145pqca6595_firmwaresa8145pqca6391_firmwaresa4150p_firmwaresd780g_firmwarewcd9370_firmwaresdx55sd888_firmwaresa8155psd675sdx70mssg2115p_firmwareqcs8155_firmwaresa4155par8035_firmwarewcn3991_firmwarewsa8830sd678qcn9070sa8145p_firmwaresxr2230p_firmwarefsm10056qca8082qcn9072qca8386sd765g_firmwareqca6420_firmwareqca6390_firmwarewcd9370sd675_firmwaressg2115pqca6564qca6426wcn3990_firmwareqrb5165n_firmwareqcn9000_firmwareipq5018qca9377sd_8cx_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcd9326_firmwareqam8295p_firmwareqcn9011_firmwareqca8082_firmwaresa8155sa9000p_firmwaresdx55_firmwareqca6595auqcn6023_firmwaresm7250p_firmwareqca6436_firmwareqrb5165nipq5010qca6564au_firmwaresd778gsa6155p_firmwareqca6310qcn9274qcs8155wcn7851qcs6490sdxr2_5gqcn9074sa6145p_firmwareqca6421qca8085sd778g_firmwaresa8195pwsa8810_firmwaresd765_firmwarewcd9326wcd9335qca8081qcn6023sdx65m_firmwareqca6174a_firmwarewcd9385qca8085_firmwareqcs6490_firmwaresd_8cx_gen3sdx70m_firmwarear8035qca6390wcd9375aqt1000qcn9100_firmwareipq5010_firmwareqcm6490sd888_5g_firmwarewcn6850_firmwarewsa8815_firmwarewsa8835_firmwareqca6564asa4150pwcn3990qcn9000sd_675sd780gsd865_5gqca6595sdx24qcn9012sd888qcn6122_firmwarewsa8835sxr1230p_firmwaresa8540p_firmwaresd_8_gen1_5gsd888_5gssg2125p_firmwareqca6574awcn6855_firmwareqca6174asm7325pqcn6132_firmwareqca6310_firmwarewcn6750sa9000pqca6574_firmwaresd855sm7325p_firmwaresxr2230psdx57m_firmwaresd765qca6574a_firmwaresd768g_firmwareqrb5165msd850_firmwaresm7315qca6391aqt1000_firmwareqcn9100sdx65_firmwareqcm6490_firmwaresdx50mwsa8832_firmwareqcn9070_firmwareqcn9011qca6574ausa8155p_firmwareipq9574wcd9341_firmwarewsa8810wcn6856qca6564_firmwaresd768gwcn6740qca6696sd845_firmwaresa6150pqcn9022_firmwareqcn6024qcn9022sd845qcn9072_firmwaresm7250pqcn9074_firmwaresd850Snapdragon
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-21663
Assigner-Qualcomm, Inc.
ShareView Details
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 1.49%
||
7 Day CHG~0.00%
Published-05 Sep, 2023 | 06:24
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Restrictions of Operations within the Bounds of a Memory Buffer in Display

Memory Corruption while accessing metadata in Display.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sda429w_firmwarewcd9380_firmwaresa6150p_firmwarewsa8830sa8145p_firmwaresw5100pqcc5100wcn6856_firmwarewsa8835sd_8_gen1_5gwcd9380sa8150p_firmwaresd888_5gqca6420_firmwarewcn6855_firmwareqca6430_firmwarewcn3980wcn3998wcd9385_firmwaresd_8_gen1_5g_firmwaresd855wcn3660bwcn6850wsa8815wcn3660b_firmwarewcn7850qca6574au_firmwarewcn3680b_firmwarewcn3998_firmwarewcn3980_firmwarewcn3610_firmwareqca6420qcc5100_firmwareaqt1000_firmwaresa6155p_firmwarewcn7851wcn6851_firmwarewcn3988_firmwareqca6430qca6574ausa6145p_firmwaresa8155p_firmwaresa8195pwsa8810_firmwarewcd9341_firmwaresw5100wsa8810wcn6855wcn6851sa6155psw5100p_firmwarewcn7851_firmwarewcn6856sa6145pwcn3680bwcd9385wcd9341qca6696_firmwaresa8145pqca6696aqt1000sa8150psa6150psa8155pwsa8830_firmwaresda429wsd855_firmwarewsa8815_firmwarewcn3988wsa8835_firmwaresd888_5g_firmwarewcn6850_firmwarewcn7850_firmwaresa8195p_firmwaresw5100_firmwarewcn3610Snapdragon
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-21662
Assigner-Qualcomm, Inc.
ShareView Details
Assigner-Qualcomm, Inc.
CVSS Score-7.8||HIGH
EPSS-0.11% / 1.53%
||
7 Day CHG~0.00%
Published-05 Sep, 2023 | 06:24
Updated-27 Feb, 2025 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer Copy without Checking the Size of Input(Classic Buffer Overflow) in Core Platform

Memory corruption in Core Platform while printing the response buffer in log.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresd_8cx_gen3_firmwaresa6150p_firmwareqca8337qca6431_firmwaresdx65wcn3950_firmwareipq5028_firmwaresa8150p_firmwareqca6595au_firmwaresa6155qca6335qcs605_firmwaresd_675_firmwarewcn3998qam8295psd_8cx_gen2_firmwareqcn6024_firmwareqca8386_firmwarewcn3950sd_8_gen1_5g_firmwareqca8084_firmwareqsm8350_firmwareqsm8350sm7315_firmwarewcn7850qca6574au_firmwarewcd9375_firmwareqca8081_firmwaresa6155_firmwarewcn3998_firmwareqca6420sd_8cx_gen2qrb5165_firmwareipq5028qrb5165m_firmwareqca6698aqsa4155p_firmwaresa8155_firmwareqca6430sdx65mwcd9340qcn6132sd765gfsm10056_firmwareqca6436wcn6851sa6155pqcs603_firmwarewcn7851_firmwareqca6698aq_firmwareqcn6122wcd9341qca6431qca6696_firmwaresd870_firmwareipq9008_firmwaresd_8cxsa8150pwsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwaresd660_firmwarewcn7850_firmwaresa8195p_firmwaresa8295p_firmwarewcn6750_firmwareipq5018_firmwarewcn3991qca8337_firmwarewcd9380_firmwaressg2125pqca8084qca6564ausdx55m_firmwarewcn6856_firmwareipq9008sd670_firmwareqca6574wcd9380sdx50m_firmwaresxr1230psdx24_firmwareqca6430_firmwareqcn9012_firmwareqcn9274_firmwarewcd9335_firmwarewcn3980qca6335_firmwareqcs605wcd9340_firmwarewsa8815wcn6850qca6426_firmwareqcn9024ipq9574_firmwarewcn3980_firmwaresdx55msa8295pqca6421_firmwarewcn6740_firmwaresd678_firmwareqrb5165wcn6851_firmwareqcs603sd670qca6564a_firmwareqcn9024_firmwaresdx57msd870wsa8832wcn6855sa8540psa6145pqca6595_firmwaresa8145pqca6391_firmwaresa4150p_firmwaresd780g_firmwarewcd9370_firmwaresdx55sd888_firmwaresa8155psd675sdx70mssg2115p_firmwareqcs8155_firmwaresa4155par8035_firmwarewcn3991_firmwarewsa8830sd678qcn9070sa8145p_firmwarefsm10056qca8082qcn9072qca8386sd765g_firmwareqca6420_firmwareqca6390_firmwarewcd9370sd675_firmwaressg2115pqca6564qca6426wcn3990_firmwareqrb5165n_firmwareqcn9000_firmwareipq5018qca9377sd_8cx_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcd9326_firmwareqam8295p_firmwareqcn9011_firmwareqca8082_firmwaresa8155sa9000p_firmwaresdx55_firmwareqca6595auqcn6023_firmwaresm7250p_firmwareqca6436_firmwareqrb5165nipq5010qca6564au_firmwaresd778gsa6155p_firmwareqca6310qcn9274qcs8155wcn7851qcs6490sdxr2_5gqcn9074sa6145p_firmwareqca6421qca8085sd778g_firmwaresa8195pwsa8810_firmwaresd765_firmwarewcd9326wcd9335qca8081qcn6023sdx65m_firmwareqca6174a_firmwarewcd9385qca8085_firmwareqcs6490_firmwaresd_8cx_gen3sdx70m_firmwarear8035qca6390wcd9375aqt1000qcn9100_firmwareipq5010_firmwareqcm6490sd888_5g_firmwarewcn6850_firmwarewsa8815_firmwarewsa8835_firmwareqca6564asa4150pwcn3990qcn9000sd_675sd780gsd865_5gqca6595sdx24qcn9012sd888qcn6122_firmwarewsa8835sxr1230p_firmwaresa8540p_firmwaresd_8_gen1_5gsd888_5gssg2125p_firmwareqca6574awcn6855_firmwareqca6174asm7325pqcn6132_firmwareqca6310_firmwarewcn6750sa9000pqca6574_firmwaresd855sm7325p_firmwaresdx57m_firmwaresd765qca6574a_firmwaresd768g_firmwareqrb5165msd850_firmwaresm7315qca6391aqt1000_firmwareqcn9100sdx65_firmwareqcm6490_firmwaresdx50mwsa8832_firmwareqcn9070_firmwareqcn9011qca6574ausa8155p_firmwareipq9574wcd9341_firmwarewsa8810wcn6856qca6564_firmwaresd768gwcn6740qca6696sd845_firmwaresa6150pqcn9022_firmwareqcn6024qcn9022sd845qcn9072_firmwaresm7250pqcn9074_firmwaresd850Snapdragon
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-21655
Assigner-Qualcomm, Inc.
ShareView Details
Assigner-Qualcomm, Inc.
CVSS Score-6.7||MEDIUM
EPSS-0.11% / 1.49%
||
7 Day CHG~0.00%
Published-05 Sep, 2023 | 06:23
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer Overflow or Wraparound in Display

Memory corruption in Audio while validating and mapping metadata.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-sa6155p_firmwaresda429w_firmwarewcd9380_firmwaresa6150p_firmwarewsa8830sa8145p_firmwaresw5100pwcn7851wcn6851_firmwareqcc5100wcn6856_firmwarewcn3988_firmwareqca6574ausa6145p_firmwaresa8155p_firmwarewsa8835sa8195psd_8_gen1_5gwcd9380sa8150p_firmwaresd888_5gsw5100wcn6855wcn6851sa6155psw5100p_firmwarewcn7851_firmwarewcn6856sa6145pwcn3680bwcn6855_firmwarewcd9385qca6696_firmwarewcn3980sa8145pqca6696qca6391_firmwarewcd9385_firmwaresa8150psd_8_gen1_5g_firmwaresa6150pwcn3660bwcn6850sa8155pwsa8830_firmwaresda429wwcn3988sd888_5g_firmwarewcn3660b_firmwarewcn6850_firmwarewcn7850_firmwareqca6574au_firmwaresa8195p_firmwarewcn3680b_firmwarewcn7850sw5100_firmwarewsa8835_firmwarewcn3980_firmwareqca6391wcn3610_firmwarewcn3610qcc5100_firmwareSnapdragonwcn6855_firmwaresa6155p_firmwaresda429w_firmwarewcd9380_firmwaresa6150p_firmwaresa8145p_firmwareqca6696_firmwareqca6391_firmwarewcd9385_firmwarewcn6851_firmwarewcn6856_firmwaresd_8_gen1_5g_firmwarewcn3988_firmwarewsa8830_firmwaresa6145p_firmwaresa8155p_firmwaresd888_5g_firmwarewcn3660b_firmwarewcn6850_firmwarewcn7850_firmwaresa8150p_firmwareqca6574au_firmwaresa8195p_firmwarewcn3680b_firmwarewsa8835_firmwaresw5100_firmwarewcn3980_firmwaresw5100p_firmwarewcn3610_firmwarewcn7851_firmwareqcc5100_firmware
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2023-21653
Assigner-Qualcomm, Inc.
ShareView Details
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.32% / 24.55%
||
7 Day CHG~0.00%
Published-05 Sep, 2023 | 06:23
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reachable Assertion in Modem

Transient DOS in Modem while processing RRC reconfiguration message.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn6855_firmwareqca8337_firmwarewcd9380_firmwaresdx65_firmwareqca8337sdx70m_firmwareqcn6024_firmwarear8035wcn6856_firmwarear8035_firmwaresdx65qcn6024sdx70mqcn9024_firmwarewcd9380qcn9024wcn6855qca8081_firmwareqca8081wcn6856Snapdragonwcn6855_firmwareqca8337_firmwarewcd9380_firmwaresdx65_firmwareqcn9024_firmwaresdx70m_firmwareqca8081_firmwareqcn6024_firmwarewcn6856_firmwarear8035_firmware
CWE ID-CWE-617
Reachable Assertion
CVE-2023-21646
Assigner-Qualcomm, Inc.
ShareView Details
Assigner-Qualcomm, Inc.
CVSS Score-7.5||HIGH
EPSS-0.32% / 24.55%
||
7 Day CHG~0.00%
Published-05 Sep, 2023 | 06:23
Updated-02 Aug, 2024 | 09:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Reachable Assertion in Modem

Transient DOS in Modem while processing invalid System Information Block 1.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwarewcn3991wsa8830qca8337_firmwarewcd9380_firmwaresd780gqca8337sd865_5gsdx55m_firmwarewcn6856_firmwarewcd9360_firmwaresdx65wsa8835qcx315_firmwarewcd9380sd765g_firmwaresd888_5gqca6595au_firmwareqca6390_firmwaresd690_5gwcd9370qca6574asd690_5g_firmwarewcn6855_firmwaresm7325psm8450wcn6750sm4375wcn3998wcd9385_firmwareqcn6024_firmwaresa515mwsa8815sm7325p_firmwarewcn6850sd765wcn7850qca6574a_firmwaresd695sd768g_firmwaresdx55_firmwareqcn9024qca6595auqca8081_firmwarewcd9375_firmwarewcn3998_firmwaresm7250p_firmwareqca6391sdx55mwcd9360wcn6740_firmwaresd778gsdx65_firmwaresa515m_firmwareqcs6490wcn7851qcm6490_firmwaresd480_firmwarewcn6851_firmwarewcn3988_firmwaresd778g_firmwareqcn9024_firmwarewsa8810_firmwaresd765gwcd9341_firmwaresm4375_firmwaresm8450_firmwaresd765_firmwaresd480sd870wcn6851wsa8810wcn6855qca8081wcn7851_firmwarewcn6856wcd9385wcd9341sd695_firmwaresd768gqca6696_firmwareqcs6490_firmwaresd870_firmwarewcn6740qca6696sdx70m_firmwareqca6391_firmwareqca6390ar8035wcd9375sd780g_firmwarewcd9370_firmwaresdx55wsa8830_firmwareqcn6024sdx70msd865_5g_firmwareqcm6490sd888_5g_firmwarewcn3988wcn6850_firmwarewcn7850_firmwarewsa8815_firmwarewsa8835_firmwaresm7250pqcx315wcn6750_firmwarear8035_firmwareSnapdragonwcn6740_firmwarewcn3991_firmwareqca8337_firmwarewcd9380_firmwaresdx65_firmwaresa515m_firmwareqcm6490_firmwaresd480_firmwarewcn6851_firmwaresdx55m_firmwarewcn6856_firmwaresnapdragon_4_gen_1_firmwarewcd9360_firmwarewcn3988_firmwareqcx315_firmwaresd778g_firmwareqcn9024_firmwarewsa8810_firmwaresd765g_firmwarewcd9341_firmwareqca6595au_firmwaresd765_firmwareqca6390_firmwarewcn7851_firmwaresd690_5g_firmwarewcn6855_firmwaresd695_firmwareqca6696_firmwareqcs6490_firmwaresd870_firmwaresdx70m_firmwareqca6391_firmwarewcd9385_firmwareqcn6024_firmwaresd780g_firmwarewcd9370_firmwaresd_8_gen1_5g_firmwarewcn6750_firmwaresm7325p_firmwarewsa8830_firmwaresd865_5g_firmwarewsa8815_firmwaresd888_5g_firmwarewcn6850_firmwareqca6574a_firmwarewcn7850_firmwaresd768g_firmwaresdx55_firmwarewsa8835_firmwarewcd9375_firmwareqca8081_firmwarewcn3998_firmwaresm7250p_firmwarear8035_firmware
CWE ID-CWE-617
Reachable Assertion
CVE-2022-33220
Assigner-Qualcomm, Inc.
ShareView Details
Assigner-Qualcomm, Inc.
CVSS Score-5.1||MEDIUM
EPSS-0.11% / 1.35%
||
7 Day CHG~0.00%
Published-05 Sep, 2023 | 06:23
Updated-03 Aug, 2024 | 08:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Buffer over-read in Automotive multimedia

Information disclosure in Automotive multimedia due to buffer over-read.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wsa8830wcd9380_firmwaresa6150p_firmwaresa8145p_firmwaresw5100psd865_5gqcc5100sdx55m_firmwarewcn6856_firmwarewsa8835sd_8_gen1_5gwcd9380sa8150p_firmwaresd888_5gqca6420_firmwareqca6595au_firmwareqca6390_firmwarewcn6855_firmwareqca6426qca6430_firmwarewcn3980wcn3998wcd9385_firmwareqam8295psdxr2_5g_firmwaresd_8_gen1_5g_firmwaresd855wsa8815wcn6850qam8295p_firmwareqca6426_firmwarewcn7850qca6574au_firmwareqca6595auwcn3998_firmwarewcn3980_firmwareqca6391sdx55mqca6420qca6436_firmwaresa8295pqcc5100_firmwareaqt1000_firmwaresa6155p_firmwarewcn7851sdxr2_5gwcn6851_firmwarewcn3988_firmwareqca6430qca6574ausa6145p_firmwaresa8155p_firmwaresa8195pwsa8810_firmwarewcd9341_firmwaresw5100wsa8810sd870qca6436wcn6851wcn6855sa6155psw5100p_firmwarewcn7851_firmwarewcn6856sa6145pwcd9385wcd9341qca6696_firmwaresa8145psd870_firmwareqca6696qca6391_firmwareqca6390aqt1000sa8150psa6150psa8155pwsa8830_firmwaresd855_firmwaresd865_5g_firmwarewcn3988sd888_5g_firmwarewcn6850_firmwarewcn7850_firmwarewsa8815_firmwarewsa8835_firmwaresa8195p_firmwaresw5100_firmwaresa8295p_firmwareSnapdragon
CWE ID-CWE-126
Buffer Over-read
CWE ID-CWE-125
Out-of-bounds Read
CVE-2023-23774
Assigner-National Cyber Security Centre Netherlands (NCSC-NL)
ShareView Details
Assigner-National Cyber Security Centre Netherlands (NCSC-NL)
CVSS Score-8.4||HIGH
EPSS-0.20% / 9.84%
||
7 Day CHG~0.00%
Published-29 Aug, 2023 | 08:49
Updated-03 Oct, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Motorola EBTS/MBTS Site Controller drops to debug prompt on unhandled exception. The Motorola MBTS Site Controller exposes a debug prompt on the device's serial port in case of an unhandled exception. This allows an attacker with physical access that is able to trigger such an exception to extract secret key material and/or gain arbitrary code execution on the device.

Action-Not Available
Vendor-Motorola Mobility LLC. (Lenovo Group Limited)
Product-ebts_site_controllerebts_site_controller_firmwarembts_site_controller_firmwarembts_site_controllerEBTS/MBTS Base Radioebts_mbts_base_radio
CWE ID-CWE-248
Uncaught Exception
CWE ID-CWE-755
Improper Handling of Exceptional Conditions
CVE-2023-23773
Assigner-National Cyber Security Centre Netherlands (NCSC-NL)
ShareView Details
Assigner-National Cyber Security Centre Netherlands (NCSC-NL)
CVSS Score-7.2||HIGH
EPSS-0.42% / 33.98%
||
7 Day CHG~0.00%
Published-29 Aug, 2023 | 08:49
Updated-01 Oct, 2024 | 20:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Motorola EBTS/MBTS Base Radio fails to check firmware authenticity. The Motorola MBTS Base Radio lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.

Action-Not Available
Vendor-Motorola Mobility LLC. (Lenovo Group Limited)
Product-mbts_base_radiombts_base_radio_firmwareebts_base_radioebts_base_radio_firmwareEBTS/MBTS Base Radioebts_mbts_base_radio
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-23772
Assigner-National Cyber Security Centre Netherlands (NCSC-NL)
ShareView Details
Assigner-National Cyber Security Centre Netherlands (NCSC-NL)
CVSS Score-7.2||HIGH
EPSS-0.42% / 33.98%
||
7 Day CHG~0.00%
Published-29 Aug, 2023 | 08:48
Updated-02 Oct, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Motorola MBTS Site Controller fails to check firmware update authenticity. The Motorola MBTS Site Controller lacks cryptographic signature validation for firmware update packages, allowing an authenticated attacker to gain arbitrary code execution, extract secret key material, and/or leave a persistent implant on the device.

Action-Not Available
Vendor-Motorola Mobility LLC. (Lenovo Group Limited)
Product-mbts_site_controller_firmwarembts_site_controllerMBTS Site Controllermbts_site_controller
CWE ID-CWE-347
Improper Verification of Cryptographic Signature
CVE-2023-23771
Assigner-National Cyber Security Centre Netherlands (NCSC-NL)
ShareView Details
Assigner-National Cyber Security Centre Netherlands (NCSC-NL)
CVSS Score-8.4||HIGH
EPSS-0.18% / 7.26%
||
7 Day CHG~0.00%
Published-29 Aug, 2023 | 08:48
Updated-02 Oct, 2024 | 14:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Motorola MBTS Base Radio accepts hard-coded backdoor password. The Motorola MBTS Base Radio Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled.

Action-Not Available
Vendor-Motorola Mobility LLC. (Lenovo Group Limited)
Product-mbts_base_radiombts_base_radio_firmwareMBTS Base Radiombts_base_radio
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-23770
Assigner-National Cyber Security Centre Netherlands (NCSC-NL)
ShareView Details
Assigner-National Cyber Security Centre Netherlands (NCSC-NL)
CVSS Score-9.4||CRITICAL
EPSS-0.45% / 36.54%
||
7 Day CHG~0.00%
Published-29 Aug, 2023 | 08:47
Updated-02 Oct, 2024 | 14:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Motorola MBTS Site Controller accepts hard-coded backdoor password. The Motorola MBTS Site Controller Man Machine Interface (MMI), allowing for service technicians to diagnose and configure the device, accepts a hard-coded backdoor password that cannot be changed or disabled.

Action-Not Available
Vendor-Motorola Mobility LLC. (Lenovo Group Limited)
Product-mbts_site_controller_firmwarembts_site_controllerMBTS Site Controllermbts_site_controller
CWE ID-CWE-259
Use of Hard-coded Password
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-22449
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-7.5||HIGH
EPSS-0.16% / 5.76%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-09 Oct, 2024 | 17:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in some Intel(R) NUC BIOS firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-nuc_pro_board_nuc12wsbi70znuc_13_extreme_compute_element_nuc13sbbi9_firmwarenuc_laptop_kit_lapkc51e_firmwarenuc_pro_board_nuc11tnhv50lnuc_12_compute_element_elm12hbc_firmwarenuc_pro_ki_nuc11tnkv5_firmwarenuc_pro_kit_nuc12wshi30l_firmwarenuc_pro_mini_pc_nuc11tnkv50z_firmwarenuc_laptop_kit_lapkc71e_firmwarenuc_13_extreme_kit_nuc13rngi7nuc_13_extreme_compute_element_nuc13sbbi5nuc_laptop_kit_lapbc710_firmwarenuc_pro_ki_nuc11tnkv50znuc_pro_board_nuc12wshi7nuc_pro_board_nuc12wsbi5_firmwarenuc_11_performance_mini_pc_nuc11pahi3nuc_pro_ki_nuc11tnbv7nuc_pro_board_nuc12wshi70z_firmwarenuc_pro_board_nuc12wski70z_firmwarenuc_boards_nuc11tnhi70l_firmwarenuc_13_extreme_compute_element_nuc13sbbi7fnuc_boards_nuc11tnbi30z_firmwarenuc_pro_mini_pc_nuc11tnkv7_firmwarenuc_11_performance_mini_pc_nuc11paki3nuc_13_extreme_compute_element_nuc13sbbi5_firmwarenuc_pro_ki_nuc11tnkv50z_firmwarenuc_11_performance_mini_pc_nuc11paki7_firmwarenuc_laptop_kits_lapac71g_firmwarenuc_11_performance_kit_nuc11pahi30znuc_pro_board_nuc12wsbi50z_firmwarenuc_11_performance_kit_nuc11pahi30z_firmwarenuc_11_compute_element_cm11ebc4w_firmwarenuc_pro_board_nuc12wshi30z_firmwarenuc_boards_nuc11tnbi50znuc_boards_nuc11tnhi70znuc_pro_kit_nuc12wsbi5_firmwarenuc_essential_nuc11atbc4_firmwarenuc_pro_mini_pc_nuc11tnbv7nuc_boards_nuc11tnki30z_firmwarenuc_pro_kit_nuc12wsbi70znuc_pro_board_nuc11tnkv50znuc_boards_nuc11tnki30znuc_pro_kit_nuc12wsbi5nuc_enthusiast_nuc12snki72nuc_boards_nuc11tnki50z_firmwarenuc_11_performance_mini_pc_nuc11paki3_firmwarenuc_extreme_nuc12dcmi9_firmwarenuc_11_performance_mini_pc_nuc11pahi7nuc_13_extreme_kit_nuc13rngi7_firmwarenuc_enthusiast_nuc12snki72vanuc_boards_nuc11tnki50znuc_pro_kit_nuc12wshi50znuc_pro_ki_nuc11tnhv7nuc_pro_board_nuc11tnbv7_firmwarenuc_pro_kit_nuc12wski50z_firmwarenuc_11_performance_mini_pc_nuc11paqi70qanuc_boards_nuc11tnki5nuc_pro_board_nuc12wski7nuc_essential_nuc11atkc2nuc_boards_nuc11tnhi50znuc_pro_board_nuc12wsbi3nuc_boards_nuc11tnbi5_firmwarenuc_11_performance_mini_pc_nuc11paki7nuc_boards_nuc11tnki7nuc_pro_board_nuc12wsbi70z_firmwarenuc_laptop_kit_lapbc710nuc_11_performance_mini_pc_nuc11pahi7_firmwarenuc_pro_kit_nuc12wshi30znuc_11_performance_kit_nuc11paqi50wanuc_pro_mini_pc_nuc11tnhv5_firmwarenuc_13_extreme_compute_element_nuc13sbbi7_firmwarenuc_laptop_kit_lapkc71fnuc_11_performance_mini_pc_nuc11pahi50znuc_pro_mini_pc_nuc11tnhv70lnuc_11_performance_kit_nuc11pahi3_firmwarenuc_pro_board_nuc12wsbi30znuc_essential_nuc11atkc2_firmwarenuc_laptop_kit_lapbc510_firmwarenuc_pro_ki_nuc11tnhv70l_firmwarenuc_boards_nuc11tnki3_firmwarenuc_11_compute_element_cm11ebi58wnuc_boards_nuc11tnbi30znuc_13_extreme_kit_nuc13rngi9_firmwarenuc_11_performance_mini_pc_nuc11pahi70z_firmwarenuc_12_compute_element_elm12hbcnuc_essential_nuc11atkpenuc_boards_nuc11tnhi30l_firmwarenuc_11_performance_mini_pc_nuc11pahi70znuc_boards_nuc11tnhi30z_firmwarenuc_11_performance_mini_pc_nuc11paqi70qa_firmwarenuc_boards_nuc11tnhi3nuc_pro_board_nuc12wshi5_firmwarenuc_laptop_kit_lapkc51enuc_11_performance_kit_nuc11pahi50znuc_pro_board_nuc12wshi30lnuc_pro_kit_nuc12wsbi3nuc_boards_nuc11tnhi50z_firmwarenuc_boards_nuc11tnhi7_firmwarenuc_pro_board_nuc11tnbv5nuc_laptop_kit_laprc710_firmwarenuc_pro_board_nuc12wshi3nuc_pro_board_nuc12wsbi50znuc_pro_board_nuc11tnhv7_firmwarenuc_pro_kit_nuc12wski70z_firmwarenuc_essential_nuc11atkc4nuc_11_performance_mini_pc_nuc11pahi50z_firmwarenuc_13_extreme_kit_nuc13rngi9nuc_11_compute_element_cm11ebi38w_firmwarenuc_11_performance_kit_nuc11paki3_firmwarenuc_11_performance_mini_pc_nuc11pahi5nuc_pro_kit_nuc12wski7nuc_12_compute_element_elm12hbi3nuc_pro_ki_nuc11tnhv5_firmwarenuc_boards_nuc11tnki70znuc_11_compute_element_cm11ebi38wnuc_boards_nuc11tnhi3_firmwarenuc_13_extreme_compute_element_nuc13sbbi7f_firmwarenuc_12_compute_element_elm12hbi5nuc_pro_board_nuc12wshi7_firmwarenuc_11_performance_kit_nuc11paki7nuc_pro_ki_nuc11tnbv5nuc_11_performance_kit_nuc11pahi70znuc_pro_ki_nuc11tnhv5nuc_pro_board_nuc11tnkv5_firmwarenuc_boards_nuc11tnbi7_firmwarenuc_boards_nuc11tnhi50lnuc_pro_kit_nuc12wski7_firmwarenuc_boards_nuc11tnhi30p_firmwarenuc_pro_mini_pc_nuc11tnhv7_firmwarenuc_boards_nuc11tnki7_firmwarenuc_boards_nuc11tnhi70q_firmwarenuc_pro_board_nuc12wski5_firmwarenuc_pro_kit_nuc12wski30znuc_laptop_kit_lapkc71enuc_pro_board_nuc12wshi50znuc_11_performance_mini_pc_nuc11paki5nuc_11_compute_element_cm11ebi716wnuc_extreme_nuc12dcmi7_firmwarenuc_pro_board_nuc12wshi30znuc_pro_ki_nuc11tnhv70lnuc_pro_kit_nuc12wski70znuc_pro_board_nuc12wski3_firmwarenuc_pro_mini_pc_nuc11tnkv5_firmwarenuc_pro_kit_nuc12wshi5_firmwarenuc_12_extreme_compute_element_nuc12dcmi9_firmwarenuc_laptop_kit_laprc510_firmwarenuc_pro_board_nuc11tnhv50l_firmwarenuc_pro_kit_nuc12wski3nuc_pro_ki_nuc11tnhv50l_firmwarenuc_pro_mini_pc_nuc11tnbv7_firmwarenuc_boards_nuc11tnki5_firmwarenuc_pro_kit_nuc12wski3_firmwarenuc_pro_kit_nuc12wsbi3_firmwarenuc_extreme_compute_element_nuc11dbbi9nuc_nuc11phki7cnuc_pro_mini_pc_nuc11tnbv5_firmwarenuc_extreme_compute_element_nuc11dbbi7nuc_11_performance_mini_pc_nuc11pahi5_firmwarenuc_13_extreme_compute_element_nuc13sbbi9fnuc_11_performance_kit_nuc11pahi3nuc_nuc11phki7c_firmwarenuc_13_extreme_compute_element_nuc13sbbi9f_firmwarenuc_pro_board_nuc11tnkv50z_firmwarenuc_11_performance_kit_nuc11pahi50z_firmwarenuc_pro_board_nuc12wshi70znuc_pro_board_nuc12wski30z_firmwarenuc_essential_nuc11atkc4_firmwarenuc_boards_nuc11tnhi50w_firmwarenuc_13_extreme_compute_element_nuc13sbbi5f_firmwarenuc_boards_nuc11tnhi70lnuc_12_extreme_compute_element_nuc12dcmi7nuc_boards_nuc11tnhi50l_firmwarenuc_extreme_nuc12dcmi7nuc_pro_board_nuc12wshi30l_firmwarenuc_boards_nuc11tnhi30znuc_extreme_nuc12edbi7_firmwarenuc_12_extreme_compute_element_nuc12edbi9_firmwarenuc_pro_kit_nuc12wsbi50znuc_11_performance_kit_nuc11paqi50wa_firmwarenuc_pro_board_nuc11tnbv5_firmwarenuc_13_extreme_kit_nuc13rngi5nuc_pro_kit_nuc12wshi7_firmwarenuc_pro_kit_nuc12wshi7nuc_laptop_kit_lapbc510nuc_extreme_compute_element_nuc11dbbi9_firmwarenuc_pro_mini_pc_nuc11tnhv50lnuc_boards_nuc11tnbi7nuc_pro_ki_nuc11tnkv7_firmwarenuc_11_performance_kit_nuc11paki5_firmwarenuc_boards_nuc11tnhi30lnuc_pro_kit_nuc12wski30z_firmwarenuc_pro_ki_nuc11tnbv5_firmwarenuc_pro_ki_nuc11tnkv7nuc_essential_nuc11atkpe_firmwarenuc_pro_board_nuc12wsbi3_firmwarenuc_pro_kit_nuc12wshi5nuc_pro_board_nuc12wski50z_firmwarenuc_extreme_compute_element_nuc11btmi7nuc_extreme_nuc12edbi7nuc_pro_kit_nuc12wski5nuc_boards_nuc11tnhi7nuc_pro_mini_pc_nuc11tnhv7nuc_11_performance_kit_nuc11pahi5_firmwarenuc_pro_board_nuc12wski3nuc_12_extreme_compute_element_nuc12edbi7_firmwarenuc_12_compute_element_elm12hbi5_firmwarenuc_pro_kit_nuc12wshi50z_firmwarenuc_pro_mini_pc_nuc11tnbv5nuc_pro_board_nuc11tnkv7_firmwarenuc_boards_nuc11tnbi50z_firmwarenuc_11_performance_kit_nuc11paki3nuc_12_compute_element_elm12hbi7nuc_13_extreme_compute_element_nuc13sbbi5fnuc_pro_kit_nuc12wshi3nuc_11_performance_mini_pc_nuc11pahi30z_firmwarenuc_boards_nuc11tnhi70z_firmwarenuc_11_performance_kit_nuc11paqi70qanuc_pro_board_nuc11tnkv7nuc_nuc11phki7caa_firmwarenuc_pro_board_nuc12wski30znuc_boards_nuc11tnbi3_firmwarenuc_boards_nuc11tnhi5nuc_pro_ki_nuc11tnhv50lnuc_pro_board_nuc11tnhv5_firmwarenuc_11_performance_mini_pc_nuc11pahi3_firmwarenuc_pro_ki_nuc11tnhv7_firmwarenuc_extreme_nuc12dcmi9nuc_boards_nuc11tnhi50wnuc_13_extreme_compute_element_nuc13sbbi9nuc_boards_nuc11tnbi70z_firmwarenuc_pro_ki_nuc11tnbv7_firmwarenuc_extreme_compute_element_nuc11btmi9_firmwarenuc_enthusiast_nuc12snki72va_firmwarenuc_pro_mini_pc_nuc11tnhv5nuc_boards_nuc11tnki3nuc_pro_board_nuc12wski50znuc_11_performance_kit_nuc11paqi70qa_firmwarenuc_11_performance_mini_pc_nuc11paqi50wanuc_boards_nuc11tnki70z_firmwarenuc_pro_kit_nuc12wsbi50z_firmwarenuc_11_performance_kit_nuc11paki7_firmwarenuc_11_performance_mini_pc_nuc11paqi50wa_firmwarenuc_pro_kit_nuc12wshi70z_firmwarenuc_11_performance_kit_nuc11pahi7nuc_pro_board_nuc12wski70znuc_laptop_kits_lapac71gnuc_pro_mini_pc_nuc11tnhv50l_firmwarenuc_laptop_kit_laprc510nuc_pro_board_nuc11tnbv7nuc_11_compute_element_cm11ebc4wnuc_pro_board_nuc12wski7_firmwarenuc_pro_mini_pc_nuc11tnkv5nuc_pro_kit_nuc12wshi70znuc_boards_nuc11tnhi70qnuc_extreme_nuc12edbi9nuc_laptop_kit_lapkc71f_firmwarenuc_nuc11phki7caanuc_pro_mini_pc_nuc11tnkv7nuc_pro_kit_nuc12wsbi70z_firmwarenuc_11_performance_kit_nuc11paki5nuc_extreme_compute_element_nuc11btmi9nuc_pro_board_nuc12wski5nuc_pro_board_nuc11tnkv5nuc_pro_board_nuc11tnhv70l_firmwarenuc_11_compute_element_cm11ebi716w_firmwarenuc_13_extreme_compute_element_nuc13sbbi7nuc_13_extreme_kit_nuc13rngi5_firmwarenuc_11_performance_kit_nuc11pahi70z_firmwarenuc_extreme_compute_element_nuc11btmi7_firmwarenuc_boards_nuc11tnbi70znuc_12_extreme_compute_element_nuc12dcmi7_firmwarenuc_12_extreme_compute_element_nuc12edbi7nuc_laptop_kits_lapac71h_firmwarenuc_extreme_nuc12edbi9_firmwarenuc_12_compute_element_elm12hbi7_firmwarenuc_12_compute_element_elm12hbi3_firmwarenuc_extreme_compute_element_nuc11dbbi7_firmwarenuc_boards_nuc11tnbi5nuc_11_performance_mini_pc_nuc11pahi30znuc_pro_board_nuc12wsbi5nuc_pro_board_nuc11tnhv70lnuc_boards_nuc11tnhi5_firmwarenuc_pro_kit_nuc12wshi30z_firmwarenuc_laptop_kits_lapac71hnuc_11_compute_element_cm11ebi58w_firmwarenuc_pro_kit_nuc12wsbi30z_firmwarenuc_11_performance_kit_nuc11pahi5nuc_boards_nuc11tnhi30pnuc_essential_nuc11atbc4nuc_11_performance_kit_nuc11pahi7_firmwarenuc_pro_kit_nuc12wsbi30znuc_pro_board_nuc12wshi5nuc_pro_kit_nuc12wshi30lnuc_pro_ki_nuc11tnkv5nuc_pro_kit_nuc12wshi3_firmwarenuc_pro_mini_pc_nuc11tnkv50znuc_12_extreme_compute_element_nuc12dcmi9nuc_pro_kit_nuc12wski50znuc_enthusiast_nuc12snki72_firmwarenuc_boards_nuc11tnbi3nuc_pro_board_nuc12wshi3_firmwarenuc_pro_board_nuc11tnhv7nuc_11_performance_mini_pc_nuc11paki5_firmwarenuc_12_extreme_compute_element_nuc12edbi9nuc_pro_mini_pc_nuc11tnhv70l_firmwarenuc_pro_board_nuc12wshi50z_firmwarenuc_laptop_kit_laprc710nuc_pro_board_nuc12wsbi30z_firmwarenuc_pro_kit_nuc12wski5_firmwarenuc_pro_board_nuc11tnhv5Intel(R) NUC BIOS firmwarebios
CWE ID-CWE-20
Improper Input Validation
CVE-2023-22841
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.15% / 5.00%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-10 Feb, 2026 | 17:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unquoted search path in the software installer for the System Firmware Update Utility (SysFwUpdt) for some Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset before version 16.0.7 may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-server_firmware_update_utilityc621aSystem Firmware Update Utility (SysFwUpdt) for some Intel(R) Server Boards and Intel(R) Server Systems Based on Intel(R) 621A Chipset
CWE ID-CWE-428
Unquoted Search Path or Element
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-23577
Assigner-Intel Corporation
ShareView Details
Assigner-Intel Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.15% / 5.00%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 02:37
Updated-10 Oct, 2024 | 15:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Uncontrolled search path element for some ITE Tech consumer infrared drivers before version 5.5.2.1 for Intel(R) NUC may allow an authenticated user to potentially enable escalation of privilege via local access.

Action-Not Available
Vendor-n/aIntel Corporation
Product-ite_tech_consumer_infrared_drivernuc_11_enthusiast_kit_nuc11phki7cnuc_11_enthusiast_mini_pc_nuc11phki7caaITE Tech consumer infrared drivers for Intel(R) NUCite_tech_consumer_infared_drivers_for_intel_nuc
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2023-22955
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.30% / 21.91%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 00:00
Updated-17 Apr, 2025 | 13:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. The validation of firmware images only consists of simple checksum checks for different firmware components. Thus, by knowing how to calculate and where to store the required checksums for the flasher tool, an attacker is able to store malicious firmware.

Action-Not Available
Vendor-audiocodesn/aaudiocodes_ltd
Product-405hd_firmware445hd_firmware405hd445hdc450hdc450hd_firmwaren/avoip_phones
CWE ID-CWE-345
Insufficient Verification of Data Authenticity
CVE-2023-22957
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.13% / 62.82%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 00:00
Updated-10 Oct, 2024 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in libac_des3.so on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of hard-coded cryptographic key, an attacker with access to backup or configuration files is able to decrypt encrypted values and retrieve sensitive information, e.g., the device root password.

Action-Not Available
Vendor-audiocodesn/aaudiocodes_ltd
Product-c455hd_firmwarec435hd_firmwarec470hd_firmware405hd_firmware405hdc450hd_firmware445hd_firmwarec470hd445hdc435hdc455hdc450hdn/avoip_phones
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-22956
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.13% / 62.82%
||
7 Day CHG~0.00%
Published-11 Aug, 2023 | 00:00
Updated-10 Oct, 2024 | 14:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on AudioCodes VoIP desk phones through 3.4.4.1000. Due to the use of a hard-coded cryptographic key, an attacker is able to decrypt encrypted configuration files and retrieve sensitive information.

Action-Not Available
Vendor-audiocodesn/aaudiocodes_ltd
Product-c455hd_firmwarec435hd_firmwarec470hd_firmware405hd_firmware405hdc450hd_firmware445hd_firmwarec470hd445hdc435hdc455hdc450hdn/avoip_phones
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-22666
Assigner-Qualcomm, Inc.
ShareView Details
Assigner-Qualcomm, Inc.
CVSS Score-8.4||HIGH
EPSS-0.11% / 1.59%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:15
Updated-02 Aug, 2024 | 10:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Integer Overflow or Wraparound in Audio

Memory Corruption in Audio while playing amrwbplus clips with modified content.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresa6150p_firmwaresm6250p_firmwareqcs610qca8337qca6431_firmwarewcd9360_firmwaresdx65wcn3950_firmwaresa8150p_firmwareqcs2290qca6595au_firmwaresa6155qca6335msm8917csra6620_firmwareqcs605_firmwaresd_675_firmwarecsra6640_firmwareqcs6125_firmwaresd632msm8108sa415msm4375wcn3998wcd9371_firmwaremsm8108_firmwareqam8295pwcn3950sm4125sd720gmdm9628sd_8_gen1_5g_firmwarewcn3660bsd450_firmwaresd710_firmwaresd460_firmwareqca4020sm7315_firmwareqca6574au_firmwarewcd9375_firmwareqca8081_firmwarewcn3998_firmwaresa6155_firmwaresdx12_firmwareqca6420wcd9360sd680_firmwarewcn3999qrb5165_firmwareqrb5165m_firmwareqca6698aqqcs6125sa4155p_firmwaresa8155_firmwaresd662_firmwareqcs405qca6430wcd9340sd626_firmwaresd765gsd680qca4020_firmwareqca6436wcn6851sa6155pqca6698aq_firmwaremsm8209_firmwarewcn3660_firmwarewcd9341qca6431qca6696_firmwarewcd9371sd870_firmwaresd750gwcn3910_firmwaresxr2150p_firmwaresa8150pwsa8830_firmwaresd855_firmwaresd660sd865_5g_firmwarewcn3988sd660_firmwaresa8195p_firmwaremsm8208_firmwarewcn6750_firmwaresa8295p_firmwaresd450wcn3610msm8608wcn3991qca8337_firmwaresda429w_firmwarewcd9380_firmwaresdm429wmsm8996au_firmwaresd625_firmwareqca6564ausdx55m_firmwarewcn6856_firmwaresd670_firmwareqca6574sd632_firmwarewcd9380qcs410sd690_5g_firmwaresdx50m_firmwareqca9379_firmwaresdx24_firmwareqcn9012_firmwaresd626qca6430_firmwaresd439_firmwarewcd9335_firmwarewcn3980qca6335_firmwareqcs605wcd9340_firmwarewsa8815wcn6850wcn3910qca6320qca6426_firmwarewcn3660b_firmwarewcn3680sd695sd835wcn3980_firmwaresd730sdx55msa8295pqca6421_firmwarewcn6740_firmwaresd678_firmwarear8031_firmwarewcn3680_firmwareqrb5165wcn6851_firmwaresd670sd_636_firmwareqca6564a_firmwareqcm4290_firmwaresd480sd870wcn6855sd210_firmwareqcs610_firmwareqsm8250sa6145psd695_firmwaresdxr1ar8031apq8096auqca6595_firmwareqcs405_firmwaresa8145psdm630_firmwareqca6391_firmwaresa4150p_firmwarewcd9370_firmwareqm215_firmwaresd780g_firmwaresdx55sd888_firmwaresa8155pcsra6640sd675sd439wcn3660qca9379sa4155psxr2150par8035_firmwareqsm8250_firmwareqcm2290wcn3991_firmwarewsa8830sd678sa8145p_firmwareqcs2290_firmwarecsrb31024mdm9628_firmwaresd_636csra6620qcs4290sd765g_firmwareqca6420_firmwareqca6390_firmwareapq8009_firmwaresd690_5gsd730_firmwarewcd9370sd675_firmwaresd625qca6564qca6426qca6584au_firmwarewcn3990_firmwareqrb5165n_firmwareqca9377wcd9385_firmwaresdxr2_5g_firmwarewcd9326_firmwarewcn3615_firmwaresd662qam8295p_firmwareqcn9011_firmwaresa8155qca6320_firmwarewcn3680b_firmwaresdx55_firmwarewcn3615qca6595auwcn3999_firmwaresm7250p_firmwarewcn3610_firmwareqca6436_firmwareqrb5165nqca6564au_firmwareqca6584ausd778gsa6155p_firmwaremsm8208qca6310sa515m_firmwaresd429qcs6490sdxr2_5gsdm630sa415m_firmwarewcn3988_firmwareqcn9074sd205qm215qca6421sd429_firmwaresd778g_firmwaresa6145p_firmwaresa8195psm6250apq8017_firmwarewsa8810_firmwaresm4375_firmwaresd765_firmwarewcd9326wcd9335qca8081qca6174a_firmwareqcs4290_firmwarewcd9385qcs6490_firmwareqca6390wcd9375sd750g_firmwareaqt1000ar8035sm6250_firmwaresda429wmsm8917_firmwaresd210wcn3620_firmwarewsa8815_firmwaresd888_5g_firmwareqcm6490wcn6850_firmwarewsa8835_firmwarewcn3620apq8017qcx315qca6564asa4150pqcm6125_firmwareqcm2290_firmwarewcn3990sd_675sd780gsd865_5gqca6595sdx24qcn9012sd888wsa8835qcx315_firmwaremsm8996ausdm429w_firmwaresd665_firmwaresd_8_gen1_5gsd888_5gsm6250pqca6574awcn6855_firmwareqca6174asm7325pqca6310_firmwarewcn6750sa515mqca6574_firmwaresd855sm4125_firmwaresm7325p_firmwaresd665sd765qca6574a_firmwaresd768g_firmwaremsm8209qrb5165msm7315apq8009sd460qca6391sdxr1_firmwareaqt1000_firmwaresdx65_firmwareqcm4290csrb31024_firmwareqcm6490_firmwaresdx50msd480_firmwareqcn9011qca6574ausd710sa8155p_firmwaresd205_firmwarewcd9341_firmwareqcm6125wsa8810wcn6856wcn3680bsd835_firmwareqca6564_firmwaresd768gwcn6740qca6696sd845_firmwaremsm8608_firmwaresa6150papq8096au_firmwaresd845sm7250psd720g_firmwaresdx12qcn9074_firmwareqcs410_firmwareSnapdragon
CWE ID-CWE-190
Integer Overflow or Wraparound
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-21652
Assigner-Qualcomm, Inc.
ShareView Details
Assigner-Qualcomm, Inc.
CVSS Score-7.7||HIGH
EPSS-0.10% / 0.87%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:14
Updated-11 Oct, 2024 | 17:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Key Management Errors in HLOS

Cryptographic issue in HLOS as derived keys used to encrypt/decrypt information is present on stack after use.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-wcn3991_firmwaresd_8cx_gen3_firmwarewsa8830sd678sa6150p_firmwaresa8145p_firmwareqcs2290_firmwareqca8337qca6431_firmwaresdx65csra6620qcs4290wcn3950_firmwaresa8150p_firmwaresd765g_firmwareqca6420_firmwareqca6595au_firmwareqcs2290qca6390_firmwaresa6155sd690_5gsd730_firmwarewcd9370csra6620_firmwaresd_675_firmwaresd675_firmwaressg2115pcsra6640_firmwareqcs6125_firmwareqca6426wcn3990_firmwaresm4375wcn3998wcd9385_firmwareqam8295psdxr2_5g_firmwareqcn6024_firmwaresd720gsm4125wcd9326_firmwarewcn3950sd_8_gen1_5g_firmwareqsm8350_firmwaresd662sd710_firmwareqsm8350sd460_firmwareqam8295p_firmwaresa8155sa9000p_firmwaresm7315_firmwareqca6574au_firmwarewcn7850qca6595auqca8081_firmwaresa6155_firmwarewcd9375_firmwaresm7250p_firmwarewcn3998_firmwareqca6420qca6436_firmwaresd680_firmwaresd778gsa6155p_firmwarewcn7851qcs6490sdxr2_5gqcs6125sa8155_firmwaresd662_firmwareqcs405qca6430wcn3988_firmwaresa6145p_firmwareqca6421sd778g_firmwaresm6250sa8195pwsa8810_firmwaresd765gsm4375_firmwaresw5100sd765_firmwareqca6436sd680wcd9326sa6155psg4150pwcd9335qca8081wcn6851wcn7851_firmwareqcs4290_firmwarewcd9385wcd9341qca6431qca6696_firmwareqcs6490_firmwaresd750gsd870_firmwaresd_8cx_gen3qca6390ar8035sd750g_firmwareaqt1000sa8150psxr2150p_firmwaresm6250_firmwarewcd9375wcn3910_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwareqcm6490sd888_5g_firmwarewcn3988wcn6850_firmwarewcn7850_firmwarewsa8815_firmwaresa8195p_firmwarewsa8835_firmwareqcn7606_firmwaresa8295p_firmwarewcn6750_firmwaresa4150psg4150p_firmwareqcm6125_firmwareqcm2290_firmwarewcn3991qca8337_firmwarewcd9380_firmwaressg2125pwcn3990sd_675sw5100psd780gsd865_5gqca6595qcc5100sdx55m_firmwarewcn6856_firmwaresd888sd670_firmwareqca6574sxr1230p_firmwarewsa8835sd665_firmwaresa8540p_firmwaresd_8_gen1_5gwcd9380sd888_5gssg2125p_firmwareqca6574asd690_5g_firmwaresdx50m_firmwarewcn6855_firmwaresm7325psxr1230pqca6430_firmwarewcd9335_firmwarewcn3980wcn6750sa9000pqca6574_firmwaresd855sm4125_firmwaresm7325p_firmwaresd665wcn3910wcn6850wsa8815sd765qca6426_firmwareqca6574a_firmwaresd695sd768g_firmwareqcn9024wcn3980_firmwaresm7315sd460qca6391sd730sdx55msdxr1_firmwaresxr2150pqcc5100_firmwareqca6421_firmwaresa8295paqt1000_firmwarewcn6740_firmwaresdx65_firmwaresd678_firmwareqcm4290qcm6490_firmwaresdx50mwsa8832_firmwaresd480_firmwarewcn6851_firmwareqca6574ausa8155p_firmwaresd710sd670qcn9024_firmwarewcd9341_firmwareqcm6125qcm4290_firmwaresd480sd870wcn6855wsa8810wsa8832sa8540psw5100p_firmwarewcn6856sa6145psd695_firmwaresdxr1sd768gqca6595_firmwareqcs405_firmwaresa8145pwcn6740qca6696qca6391_firmwaresa4150p_firmwaresd780g_firmwarewcd9370_firmwaresa6150psd888_firmwaresa8155pcsra6640qcn6024sd675sm7250psd720g_firmwaressg2115p_firmwaresw5100_firmwarear8035_firmwareqcm2290qcn7606Snapdragonqcm2290_firmwarewcn3991_firmwaresd_8cx_gen3_firmwareqca8337_firmwarewcd9380_firmwaresa6150p_firmwaresa8145p_firmwareqcs2290_firmwareqca6431_firmwaresdx55m_firmwarewcn6856_firmwaresd670_firmwaresxr1230p_firmwarewcn3950_firmwaresd665_firmwaresa8540p_firmwaresa8150p_firmwaresd765g_firmwareqca6420_firmwareqca6595au_firmwareqca6390_firmwaresd730_firmwarecsra6620_firmwaressg2125p_firmwaresd_675_firmwaresd675_firmwaresd690_5g_firmwaresdx50m_firmwarecsra6640_firmwarewcn6855_firmwareqcs6125_firmwarewcn3990_firmwareqca6430_firmwarewcd9335_firmwarewcd9385_firmwaresdxr2_5g_firmwareqcn6024_firmwarewcd9326_firmwareqca6574_firmwaresd_8_gen1_5g_firmwaresm4125_firmwaresm7325p_firmwareqsm8350_firmwaresd710_firmwaresd460_firmwareqam8295p_firmwareqca6426_firmwaresa9000p_firmwaresm7315_firmwareqca6574a_firmwareqca6574au_firmwaresd768g_firmwarewcd9375_firmwareqca8081_firmwaresa6155_firmwarewcn3998_firmwaresm7250p_firmwarewcn3980_firmwaresdxr1_firmwareqca6436_firmwareqcc5100_firmwareqca6421_firmwareaqt1000_firmwaresd680_firmwarewcn6740_firmwaresa6155p_firmwaresdx65_firmwaresd678_firmwareqcm6490_firmwarewsa8832_firmwaresd480_firmwaresa8155_firmwarewcn6851_firmwaresd662_firmwareqcn7606_firmwarewcn3988_firmwaresa6145p_firmwaresa8155p_firmwaresd778g_firmwareqcn9024_firmwarewsa8810_firmwarewcd9341_firmwaresm4375_firmwareqcm4290_firmwaresd765_firmwaresw5100p_firmwarewcn7851_firmwareqcs4290_firmwaresd695_firmwareqca6696_firmwareqcs6490_firmwareqca6595_firmwareqcs405_firmwaresd870_firmwareqca6391_firmwaresa4150p_firmwarewcn3910_firmwaresxr2150p_firmwaresd750g_firmwarewcn6750_firmwaresd780g_firmwarewcd9370_firmwaresm6250_firmwaresd888_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwarewsa8815_firmwaresd888_5g_firmwarewcn6850_firmwarewcn7850_firmwarewsa8835_firmwaresd720g_firmwaresa8195p_firmwaressg2115p_firmwaresw5100_firmwaresa8295p_firmwaresg4150p_firmwarear8035_firmwareqcm6125_firmware
CWE ID-CWE-320
Not Available
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-2023-21651
Assigner-Qualcomm, Inc.
ShareView Details
Assigner-Qualcomm, Inc.
CVSS Score-9.3||CRITICAL
EPSS-0.11% / 1.59%
||
7 Day CHG~0.00%
Published-08 Aug, 2023 | 09:14
Updated-22 Oct, 2024 | 21:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Type Conversion or Cast in Core

Memory Corruption in Core due to incorrect type conversion or cast in secure_io_read/write function in TEE.

Action-Not Available
Vendor-Qualcomm Technologies, Inc.
Product-qca9377_firmwaresd_8cx_gen3_firmwareqca8337qca6431_firmwarewcd9360_firmwaresdx65wcn3950_firmwaresa8150p_firmwareqcs2290qca6595au_firmwaresa6155qca6335csra6620_firmwareqcs605_firmwaresd_675_firmwarecsra6640_firmwaresm4375wcn3998qam8295psd_8cx_gen2_firmwareqcn6024_firmwaresm4125wcn3950sd_8_gen1_5g_firmwareqsm8350_firmwareqsm8350sd460_firmwaresm7315_firmwarewcn7850qca6574au_firmwarewcd9375_firmwareqca8081_firmwaresa6155_firmwarewcn3998_firmwareqca6420wcd9360sd680_firmwarewcn3999sd_8cx_gen2qrb5165_firmwareqrb5165m_firmwaresa8155_firmwareqca4004_firmwaresd662_firmwareqcs405qca6430wcd9306_firmwarewcd9340sd765gsw5100qca6436sd680wcn6851sa6155pqcs603_firmwarewcn7851_firmwarewcd9341qca6431qca6696_firmwaresd750gsd870_firmwarewcn3910_firmwaresxr2150p_firmwaresd_8cxsa8150pqca4004wsa8830_firmwaresd855_firmwaresd865_5g_firmwarewcn3988wcn7850_firmwareqcn7606_firmwaresa8295p_firmwarewcn6750_firmwarewcn3991qca8337_firmwarewcd9380_firmwaressg2125psw5100pqca6564ausdx55m_firmwarewcn6856_firmwaresd670_firmwareqca6574wcd9380sd690_5g_firmwaresdx50m_firmwaresxr1230psdx24_firmwareqcn9012_firmwareqca6430_firmwarewcd9335_firmwarewcn3980qca6335_firmwareqcs605wcd9340_firmwarewsa8815wcn6850wcn3910qca6426_firmwareqca9984sd695qcn9024wcn3980_firmwaresdx55mqcc5100_firmwareqca6421_firmwaresa8295pwcn6740_firmwaresd678_firmwarear8031_firmwareqrb5165wcn6851_firmwareqcs603sd670qca6564a_firmwareqcn9024_firmwaresdx57mqcm4290_firmwaresd480sd870wcn6855wsa8832sa8540psw5100p_firmwareqsm8250sa6145psd695_firmwarear8031qca6595_firmwareqcs405_firmwaremdm9205_firmwareqca6391_firmwaresd780g_firmwarewcd9370_firmwaresdx55sd888_firmwaresa8155pcsra6640sd675ssg2115p_firmwaresxr2150par8035_firmwareqsm8250_firmwareqcm2290qcn7606wcn3991_firmwarewsa8830sd678qcs2290_firmwarecsra6620qcs4290sd765g_firmwareqca6420_firmwareqca6390_firmwaresd690_5gwcd9370sd675_firmwaressg2115pqca6426wcn3990_firmwareqrb5165n_firmwareqca9984_firmwareqca9377sd_8cx_firmwarewcd9385_firmwaresdxr2_5g_firmwarewcd9326_firmwaresd662qam8295p_firmwareqcn9011_firmwaresa8155sa9000p_firmwaresdx55_firmwareqca6595auwcn3999_firmwaresm7250p_firmwareqca6436_firmwareqrb5165nqca6564au_firmwaresd778gsa6155p_firmwareqca6310wcd9306sa515m_firmwareqcs6490wcn7851sdxr2_5gwcn3988_firmwaresa6145p_firmwareqca6421sd778g_firmwarewsa8810_firmwaresm4375_firmwaresd765_firmwarewcd9326wcd9335sg4150pqca8081qca6174a_firmwareqcs4290_firmwarewcd9385qcs6490_firmwaresd_8cx_gen3ar8035qca6390sd750g_firmwareaqt1000wcd9375qcm6490sd888_5g_firmwarewcn6850_firmwarewsa8815_firmwarewsa8835_firmwareqcx315qca6564asg4150p_firmwareqcm2290_firmwarewcn3990sd_675sd780gsd865_5gqca6595qcc5100sdx24qcn9012sd888wsa8835qcx315_firmwaresxr1230p_firmwaresd665_firmwaresa8540p_firmwaresd_8_gen1_5gsd888_5gssg2125p_firmwareqca6574awcn6855_firmwareqca6174asm7325pqca6310_firmwarewcn6750mdm9205sa515mqca6574_firmwaresa9000psd855sm4125_firmwaresm7325p_firmwaresd665sdx57m_firmwaresd765qca6574a_firmwaresd768g_firmwareqrb5165msd850_firmwaresm7315sd460qca6391aqt1000_firmwaresdx65_firmwareqcm4290qcm6490_firmwaresdx50mwsa8832_firmwaresd480_firmwareqcn9011qca6574ausa8155p_firmwarewcd9341_firmwarewsa8810wcn6856sd768gwcn6740qca6696sd845_firmwareqcn6024sd845sm7250psw5100_firmwaresd850Snapdragonqca9377_firmwaresd_8cx_gen3_firmwarewcn3991_firmwareqcs2290_firmwareqca6431_firmwarewcd9360_firmwarewcn3950_firmwaresa8150p_firmwaresd765g_firmwareqca6420_firmwareqca6595au_firmwareqca6390_firmwarecsra6620_firmwareqcs605_firmwaresd_675_firmwaresd675_firmwarecsra6640_firmwarewcn3990_firmwareqrb5165n_firmwareqca9984_firmwaresd_8cx_firmwarewcd9385_firmwaresdxr2_5g_firmwaresd_8cx_gen2_firmwareqcn6024_firmwarewcd9326_firmwaresd_8_gen1_5g_firmwareqsm8350_firmwaresd460_firmwareqam8295p_firmwareqcn9011_firmwaresa9000p_firmwaresm7315_firmwareqca6574au_firmwaresdx55_firmwarewcd9375_firmwareqca8081_firmwaresa6155_firmwarewcn3998_firmwaresm7250p_firmwarewcn3999_firmwareqca6436_firmwareqca6564au_firmwaresd680_firmwaresa6155p_firmwaresa515m_firmwareqrb5165_firmwareqrb5165m_firmwaresa8155_firmwareqca4004_firmwaresd662_firmwarewcn3988_firmwaresa6145p_firmwarewcd9306_firmwaresd778g_firmwarewsa8810_firmwaresm4375_firmwaresd765_firmwareqcs603_firmwarewcn7851_firmwareqca6174a_firmwareqcs4290_firmwareqca6696_firmwareqcs6490_firmwaresd870_firmwarewcn3910_firmwaresxr2150p_firmwaresd750g_firmwarewsa8830_firmwaresd855_firmwaresd865_5g_firmwarewsa8815_firmwaresd888_5g_firmwarewcn6850_firmwarewcn7850_firmwarewsa8835_firmwaresa8295p_firmwareqcn7606_firmwarewcn6750_firmwaresg4150p_firmwareqcm2290_firmwareqca8337_firmwarewcd9380_firmwaresdx55m_firmwarewcn6856_firmwaresd670_firmwareqcx315_firmwaresxr1230p_firmwaresd665_firmwaresa8540p_firmwaressg2125p_firmwaresd690_5g_firmwaresdx50m_firmwarewcn6855_firmwaresdx24_firmwareqca6310_firmwareqca6430_firmwareqcn9012_firmwarewcd9335_firmwareqca6335_firmwareqca6574_firmwarewcd9340_firmwaresm4125_firmwaresm7325p_firmwaresdx57m_firmwareqca6426_firmwareqca6574a_firmwaresd768g_firmwaresd850_firmwarewcn3980_firmwareqcc5100_firmwareqca6421_firmwareaqt1000_firmwarewcn6740_firmwaresdx65_firmwaresd678_firmwarear8031_firmwareqcm6490_firmwarewsa8832_firmwaresd480_firmwarewcn6851_firmwaresa8155p_firmwareqca6564a_firmwareqcn9024_firmwarewcd9341_firmwareqcm4290_firmwaresw5100p_firmwaresd695_firmwareqca6595_firmwareqcs405_firmwaremdm9205_firmwareqca6391_firmwaresd845_firmwaresd780g_firmwarewcd9370_firmwaresd888_firmwaressg2115p_firmwaresw5100_firmwarear8035_firmwareqsm8250_firmware
CWE ID-CWE-704
Incorrect Type Conversion or Cast
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 8
  • 9
  • Next