Total
74 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-0467 | 2025-04-21 | N/A | 8.2 HIGH | ||
| Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. | |||||
| CVE-2016-2161 | 1 Apache | 1 Http Server | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| In Apache HTTP Server versions 2.4.0 to 2.4.23, malicious input to mod_auth_digest can cause the server to crash, and each instance continues to crash even for subsequently valid requests. | |||||
| CVE-2024-45557 | 2025-04-07 | N/A | 7.8 HIGH | ||
| Memory corruption can occur when TME processes addresses from TZ and MPSS requests without proper validation. | |||||
| CVE-2024-6603 | 1 Mozilla | 2 Firefox, Thunderbird | 2025-04-04 | N/A | 7.4 HIGH |
| In an out-of-memory scenario an allocation could fail but free would have been called on the pointer afterwards leading to memory corruption. This vulnerability affects Firefox < 128, Firefox ESR < 115.13, Thunderbird < 115.13, and Thunderbird < 128. | |||||
| CVE-2024-1013 | 1 Unixodbc | 1 Unixodbc | 2025-03-26 | N/A | 7.8 HIGH |
| An out-of-bounds stack write flaw was found in unixODBC on 64-bit architectures where the caller has 4 bytes and callee writes 8 bytes. This issue may go unnoticed on little-endian architectures, while big-endian architectures can be broken. | |||||
| CVE-2024-12577 | 2025-03-18 | N/A | 7.3 HIGH | ||
| Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. | |||||
| CVE-2024-47900 | 2025-03-14 | N/A | 7.8 HIGH | ||
| Software installed and run as a non-privileged user may conduct improper GPU system calls to access OOB kernel memory. | |||||
| CVE-2024-47896 | 2025-03-05 | N/A | 3.3 LOW | ||
| Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. | |||||
| CVE-2024-43060 | 2025-03-03 | N/A | 7.8 HIGH | ||
| Memory corruption during voice activation, when sound model parameters are loaded from HLOS to ADSP. | |||||
| CVE-2024-52939 | 2025-02-24 | N/A | 7.8 HIGH | ||
| Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to trigger a write data outside the Guest's virtualised GPU memory. | |||||
| CVE-2023-46724 | 1 Squid-cache | 1 Squid | 2025-02-13 | N/A | 8.6 HIGH |
| Squid is a caching proxy for the Web. Due to an Improper Validation of Specified Index bug, Squid versions 3.3.0.1 through 5.9 and 6.0 prior to 6.4 compiled using `--with-openssl` are vulnerable to a Denial of Service attack against SSL Certificate validation. This problem allows a remote server to perform Denial of Service against Squid Proxy by initiating a TLS Handshake with a specially crafted SSL Certificate in a server certificate chain. This attack is limited to HTTPS and SSL-Bump. This bug is fixed in Squid version 6.4. In addition, patches addressing this problem for the stable releases can be found in Squid's patch archives. Those who you use a prepackaged version of Squid should refer to the package vendor for availability information on updated packages. | |||||
| CVE-2024-49840 | 1 Qualcomm | 20 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 17 more | 2025-02-05 | N/A | 7.8 HIGH |
| Memory corruption while Invoking IOCTL calls from user-space to validate FIPS encryption or decryption functionality. | |||||
| CVE-2024-45573 | 1 Qualcomm | 48 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 45 more | 2025-02-05 | N/A | 7.8 HIGH |
| Memory corruption may occour while generating test pattern due to negative indexing of display ID. | |||||
| CVE-2024-52936 | 2025-01-31 | N/A | 4.4 MEDIUM | ||
| Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to write data outside the Guest's virtualised GPU memory. | |||||
| CVE-2023-33106 | 1 Qualcomm | 306 Ar8035, Ar8035 Firmware, Csra6620 and 303 more | 2025-01-27 | N/A | 8.4 HIGH |
| Memory corruption while submitting a large list of sync points in an AUX command to the IOCTL_KGSL_GPU_AUX_COMMAND. | |||||
| CVE-2024-21475 | 1 Qualcomm | 472 215 Mobile, 215 Mobile Firmware, 315 5g Iot Modem and 469 more | 2025-01-15 | N/A | 7.8 HIGH |
| Memory corruption when the payload received from firmware is not as per the expected protocol size. | |||||
| CVE-2024-52935 | 2025-01-13 | N/A | 4.1 MEDIUM | ||
| Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. | |||||
| CVE-2024-47895 | 2025-01-13 | N/A | 7.1 HIGH | ||
| Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory. | |||||
| CVE-2024-47894 | 2025-01-13 | N/A | 7.1 HIGH | ||
| Kernel software installed and running inside a Guest VM may post improper commands to the GPU Firmware to read data outside the Guest's virtualised GPU memory. | |||||
| CVE-2024-52937 | 2025-01-13 | N/A | 6.7 MEDIUM | ||
| Kernel software installed and running inside a Guest VM may exploit memory shared with the GPU Firmware to write data outside the Guest's virtualised GPU memory. | |||||