Total
82 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-47900 | 2025-03-14 | 7.8 High | ||
| Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory. | ||||
| CVE-2024-47896 | 2025-03-05 | 3.3 Low | ||
| Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. | ||||
| CVE-2022-25694 | 1 Qualcomm | 416 Apq8009, Apq8009 Firmware, Apq8009w and 413 more | 2025-03-05 | 8.4 High |
| Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM | ||||
| CVE-2022-25709 | 1 Qualcomm | 136 Ar8035, Ar8035 Firmware, Qca6174a and 133 more | 2025-03-05 | 8.4 High |
| Memory corruption in modem due to use of out of range pointer offset while processing qmi msg | ||||
| CVE-2024-43060 | 2025-03-03 | 7.8 High | ||
| Memory corruption during voice activation, when sound model parameters are loaded from HLOS to ADSP. | ||||
| CVE-2023-28564 | 1 Qualcomm | 498 Aqt1000, Aqt1000 Firmware, Ar8031 and 495 more | 2025-02-27 | 7.8 High |
| Memory corruption in WLAN HAL while passing command parameters through WMI interfaces. | ||||
| CVE-2023-24855 | 1 Qualcomm | 126 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 123 more | 2025-02-27 | 9.8 Critical |
| Memory corruption in Modem while processing security related configuration before AS Security Exchange. | ||||
| CVE-2024-52939 | 2025-02-24 | 7.8 High | ||
| Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to trigger a write data outside the Guest's virtualised GPU memory. | ||||
| CVE-2023-46724 | 2 Redhat, Squid-cache | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2025-02-13 | 8.6 High |
| Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages. | ||||
| CVE-2024-45573 | 1 Qualcomm | 48 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 45 more | 2025-02-12 | 7.8 High |
| Memory corruption may occour while generating test pattern due to negative indexing of display ID. | ||||
| CVE-2023-22388 | 1 Qualcomm | 458 315 5g Iot Modem, 315 5g Iot Modem Firmware, 9205 Lte Modem and 455 more | 2025-02-05 | 9.8 Critical |
| Memory Corruption in Multi-mode Call Processor while processing bit mask API. | ||||
| CVE-2024-49840 | 1 Qualcomm | 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more | 2025-02-05 | 7.8 High |
| Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality. | ||||
| CVE-2024-52936 | 2025-01-31 | 4.4 Medium | ||
| Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to write data outside the Guest's virtualised GPU memory. | ||||
| CVE-2023-33106 | 1 Qualcomm | 306 Ar8035, Ar8035 Firmware, Csra6620 and 303 more | 2025-01-27 | 8.4 High |
| Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. | ||||
| CVE-2022-46378 | 1 Weston-embedded | 1 Uc-ftps | 2025-01-24 | 6.5 Medium |
| An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no port argument is provided to the `PORT` command. | ||||
| CVE-2022-46377 | 1 Weston-embedded | 1 Uc-ftps | 2025-01-24 | 6.5 Medium |
| An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no IP address argument is provided to the `PORT` command. | ||||
| CVE-2024-21475 | 1 Qualcomm | 472 215 Mobile, 215 Mobile Firmware, 315 5g Iot Modem and 469 more | 2025-01-15 | 7.8 High |
| Memory corruption when the payload received from firmware is not as per the expected protocol size. | ||||
| CVE-2024-52935 | 2025-01-13 | 4.1 Medium | ||
| Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. | ||||
| CVE-2024-47895 | 2025-01-13 | 7.1 High | ||
| Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory. | ||||
| CVE-2024-47894 | 2025-01-13 | 7.1 High | ||
| Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory. | ||||