Total
79 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-25180 | 2025-07-15 | N/A | 7.8 HIGH | ||
| Software installed and run as a non-privileged user may conduct improper GPU system calls to subvert GPU HW to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel and drivers running on the platform altering their behaviour. | |||||
| CVE-2025-0467 | 1 Imaginationtech | 1 Ddk | 2025-07-11 | N/A | 8.2 HIGH |
| Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. | |||||
| CVE-2024-53017 | 2025-06-04 | N/A | 6.6 MEDIUM | ||
| Memory corruption while handling test pattern generator IOCTL command. | |||||
| CVE-2025-46806 | 2025-06-02 | N/A | N/A | ||
| A Use of Out-of-range Pointer Offset vulnerability in sslh leads to denial of service on some architectures.This issue affects sslh before 2.2.4. | |||||
| CVE-2024-47893 | 2025-05-19 | N/A | 6.5 MEDIUM | ||
| Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to read and/or write data outside the Guest's virtualised GPU memory. | |||||
| CVE-2024-45570 | 1 Qualcomm | 116 C-v2x 9150, C-v2x 9150 Firmware, Fastconnect 6800 and 113 more | 2025-05-09 | N/A | 6.6 MEDIUM |
| Memory corruption may occur during IO configuration processing when the IO port count is invalid. | |||||
| CVE-2016-2161 | 1 Apache | 1 Http Server | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests. | |||||
| CVE-2024-45557 | 2025-04-07 | N/A | 7.8 HIGH | ||
| Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation. | |||||
| CVE-2024-6603 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 7.4 HIGH |
| In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | |||||
| CVE-2024-1013 | 1 Unixodbc | 1 Unixodbc | 2025-03-26 | N/A | 7.8 HIGH |
| An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken. | |||||
| CVE-2024-12577 | 2025-03-18 | N/A | 7.3 HIGH | ||
| Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. | |||||
| CVE-2024-47900 | 2025-03-14 | N/A | 7.8 HIGH | ||
| Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory. | |||||
| CVE-2024-47896 | 2025-03-05 | N/A | 3.3 LOW | ||
| Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. | |||||
| CVE-2024-43060 | 2025-03-03 | N/A | 7.8 HIGH | ||
| Memory corruption during voice activation, when sound model parameters are loaded from HLOS to ADSP. | |||||
| CVE-2024-52939 | 2025-02-24 | N/A | 7.8 HIGH | ||
| Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to trigger a write data outside the Guest's virtualised GPU memory. | |||||
| CVE-2023-46724 | 1 Squid-cache | 1 Squid | 2025-02-13 | N/A | 8.6 HIGH |
| Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages. | |||||
| CVE-2024-49840 | 1 Qualcomm | 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more | 2025-02-05 | N/A | 7.8 HIGH |
| Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality. | |||||
| CVE-2024-45573 | 1 Qualcomm | 48 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 45 more | 2025-02-05 | N/A | 7.8 HIGH |
| Memory corruption may occour while generating test pattern due to negative indexing of display ID. | |||||
| CVE-2024-52936 | 2025-01-31 | N/A | 4.4 MEDIUM | ||
| Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to write data outside the Guest's virtualised GPU memory. | |||||
| CVE-2023-33106 | 1 Qualcomm | 306 Ar8035, Ar8035 Firmware, Csra6620 and 303 more | 2025-01-27 | N/A | 8.4 HIGH |
| Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. | |||||