Total
84 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-52939 | 2025-02-24 | 7.8 High | ||
| Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to trigger a write data outside the Guest's virtualised GPU memory. | ||||
| CVE-2023-46724 | 2 Redhat, Squid-cache | 6 Enterprise Linux, Rhel Aus, Rhel E4s and 3 more | 2025-02-13 | 8.6 High |
| Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages. | ||||
| CVE-2024-45573 | 1 Qualcomm | 48 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 45 more | 2025-02-12 | 7.8 High |
| Memory corruption may occour while generating test pattern due to negative indexing of display ID. | ||||
| CVE-2024-49840 | 1 Qualcomm | 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more | 2025-02-05 | 7.8 High |
| Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality. | ||||
| CVE-2024-52936 | 2025-01-31 | 4.4 Medium | ||
| Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to write data outside the Guest's virtualised GPU memory. | ||||
| CVE-2022-46378 | 1 Weston-embedded | 1 Uc-ftps | 2025-01-24 | 6.5 Medium |
| An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no port argument is provided to the `PORT` command. | ||||
| CVE-2022-46377 | 1 Weston-embedded | 1 Uc-ftps | 2025-01-24 | 6.5 Medium |
| An out-of-bounds read vulnerability exists in the PORT command parameter extraction functionality of Weston Embedded uC-FTPs v 1.98.00. A specially-crafted set of network packets can lead to denial of service. An attacker can send packets to trigger this vulnerability.This vulnerability occurs when no IP address argument is provided to the `PORT` command. | ||||
| CVE-2024-52935 | 2025-01-13 | 4.1 Medium | ||
| Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. | ||||
| CVE-2024-47895 | 2025-01-13 | 7.1 High | ||
| Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory. | ||||
| CVE-2024-47894 | 2025-01-13 | 7.1 High | ||
| Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory. | ||||
| CVE-2024-52937 | 2025-01-13 | 6.7 Medium | ||
| Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. | ||||
| CVE-2024-52938 | 2025-01-13 | 7.8 High | ||
| Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to subvert reconstruction activities to trigger a write of data outside the Guest's virtualised GPU memory. | ||||
| CVE-2017-11076 | 1 Qualcomm | 54 Msm8909w, Msm8909w Firmware, Msm8996au and 51 more | 2025-01-09 | 8.8 High |
| On some hardware revisions where VP9 decoding is hardware-accelerated, the frame size is not programmed correctly into the decoder hardware which can lead to an invalid memory access by the decoder. | ||||
| CVE-2023-43553 | 1 Qualcomm | 262 Ar8035, Ar8035 Firmware, Csr8811 and 259 more | 2025-01-09 | 9.8 Critical |
| Memory corruption while parsing beacon/probe response frame when AP sends more supported links in MLIE. | ||||
| CVE-2024-33036 | 1 Qualcomm | 106 C-v2x 9150, C-v2x 9150 Firmware, Fastconnect 6800 and 103 more | 2024-12-11 | 6.7 Medium |
| Memory corruption while parsing sensor packets in camera driver, user-space variable is used while allocating memory in kernel and parsing which can lead to huge allocation or invalid memory access. | ||||
| CVE-2023-6560 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2024-11-21 | 5.5 Medium |
| An out-of-bounds memory access flaw was found in the io_uring SQ/CQ rings functionality in the Linux kernel. This issue could allow a local user to crash the system. | ||||
| CVE-2023-2426 | 1 Vim | 1 Vim | 2024-11-21 | 5.5 Medium |
| Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. | ||||
| CVE-2023-28575 | 1 Qualcomm | 120 205, 205 Firmware, 215 and 117 more | 2024-11-21 | 6.7 Medium |
| The cam_get_device_priv function does not check the type of handle being returned (device/session/link). This would lead to invalid type usage if a wrong handle is passed to it. | ||||
| CVE-2023-20187 | 1 Cisco | 8 Asr1000-esp100, Asr1000-esp200, Asr1000-esp40 and 5 more | 2024-11-21 | 8.6 High |
| A vulnerability in the Multicast Leaf Recycle Elimination (mLRE) feature of Cisco IOS XE Software for Cisco ASR 1000 Series Aggregation Services Routers could allow an unauthenticated, remote attacker to cause the affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to incorrect handling of certain IPv6 multicast packets when they are fanned out more than seven times on an affected device. An attacker could exploit this vulnerability by sending a specific IPv6 multicast or IPv6 multicast VPN (MVPNv6) packet through the affected device. A successful exploit could allow the attacker to cause a reload of the affected device, resulting in a DoS condition. | ||||
| CVE-2022-33246 | 1 Qualcomm | 84 Apq8096au, Apq8096au Firmware, Aqt1000 and 81 more | 2024-11-21 | 6.7 Medium |
| Memory corruption in Audio due to use of out-of-range pointer offset while Initiating a voice call session from user space with invalid session id. | ||||