Total
13156 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-47355 | 1 Qualcomm | 55 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 52 more | 2025-11-05 | 7.8 High |
| Memory corruption while invoking remote procedure IOCTL calls. | ||||
| CVE-2025-23158 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-11-05 | 7.8 High |
| In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add check to handle incorrect queue size qsize represents size of shared queued between driver and video firmware. Firmware can modify this value to an invalid large value. In such situation, empty_space will be bigger than the space actually available. Since new_wr_idx is not checked, so the following code will result in an OOB write. ... qsize = qhdr->q_size if (wr_idx >= rd_idx) empty_space = qsize - (wr_idx - rd_idx) .... if (new_wr_idx < qsize) { memcpy(wr_ptr, packet, dwords << 2) --> OOB write Add check to ensure qsize is within the allocated size while reading and writing packets into the queue. | ||||
| CVE-2025-23159 | 2 Debian, Linux | 2 Debian Linux, Linux Kernel | 2025-11-05 | 5.5 Medium |
| In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: add a check to handle OOB in sfr region sfr->buf_size is in shared memory and can be modified by malicious user. OOB write is possible when the size is made higher than actual sfr data buffer. Cap the size to allocated size for such cases. | ||||
| CVE-2025-27070 | 1 Qualcomm | 351 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 348 more | 2025-11-05 | 7.8 High |
| Memory corruption while performing encryption and decryption commands. | ||||
| CVE-2025-47367 | 1 Qualcomm | 63 Fastconnect 6700, Fastconnect 6700 Firmware, Fastconnect 6900 and 60 more | 2025-11-05 | 7.8 High |
| Memory corruption while accessing a buffer during IOCTL processing. | ||||
| CVE-2025-20725 | 2 Mediatek, Mediatk | 141 Lr12a, Mt2735, Mt2737 and 138 more | 2025-11-05 | 7.5 High |
| In ims service, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01671924; Issue ID: MSV-4620. | ||||
| CVE-2025-20726 | 1 Mediatek | 90 Lr12a, Modem, Mt2735 and 87 more | 2025-11-05 | 7.5 High |
| In Modem, there is a possible out of bounds write due to an incorrect bounds check. This could lead to remote escalation of privilege, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01672598; Issue ID: MSV-4622. | ||||
| CVE-2025-54574 | 1 Squid-cache | 1 Squid | 2025-11-05 | 9.3 Critical |
| Squid is a caching proxy for the Web. In versions 6.3 and below, Squid is vulnerable to a heap buffer overflow and possible remote code execution attack when processing URN due to incorrect buffer management. This has been fixed in version 6.4. To work around this issue, disable URN access permissions. | ||||
| CVE-2025-20728 | 1 Mediatek | 7 Mt7902, Mt7920, Mt7921 and 4 more | 2025-11-05 | 7.8 High |
| In wlan STA driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00447115; Issue ID: MSV-4276. | ||||
| CVE-2025-20729 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7615, Mt7622 and 7 more | 2025-11-05 | 4.2 Medium |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00441512; Issue ID: MSV-4153. | ||||
| CVE-2025-20731 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7615, Mt7622 and 7 more | 2025-11-05 | 5.3 Medium |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege (when OceReducedNeighborReport is disabled). User interaction is not needed for exploitation. Patch ID: WCNCR00441511; Issue ID: MSV-4140. | ||||
| CVE-2025-20732 | 3 Mediatek, Mediatk, Openwrt | 18 Mt6890, Mt7615, Mt7622 and 15 more | 2025-11-05 | 5.3 Medium |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege (when OceReducedNeighborReport is disabled). User interaction is not needed for exploitation. Patch ID: WCNCR00441510; Issue ID: MSV-4139. | ||||
| CVE-2025-20733 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7615, Mt7622 and 7 more | 2025-11-05 | 7.8 High |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00441509; Issue ID: MSV-4138. | ||||
| CVE-2025-20734 | 3 Mediatek, Mediatk, Openwrt | 18 Mt6890, Mt7615, Mt7622 and 15 more | 2025-11-05 | 5.3 Medium |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00441507; Issue ID: MSV-4112. | ||||
| CVE-2025-20735 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7615, Mt7622 and 7 more | 2025-11-05 | 7.8 High |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00435349; Issue ID: MSV-4051. | ||||
| CVE-2025-20736 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7615, Mt7622 and 7 more | 2025-11-05 | 6.7 Medium |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00435347; Issue ID: MSV-4049. | ||||
| CVE-2025-20737 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7615, Mt7622 and 7 more | 2025-11-05 | 7.8 High |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00435343; Issue ID: MSV-4040. | ||||
| CVE-2025-20738 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7615, Mt7622 and 7 more | 2025-11-05 | 6.7 Medium |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00435342; Issue ID: MSV-4039. | ||||
| CVE-2025-20739 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7615, Mt7622 and 7 more | 2025-11-05 | 6.7 Medium |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00435340; Issue ID: MSV-4038. | ||||
| CVE-2025-20741 | 2 Mediatek, Openwrt | 10 Mt6890, Mt7615, Mt7622 and 7 more | 2025-11-05 | 6.7 Medium |
| In wlan AP driver, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: WCNCR00434422; Issue ID: MSV-3958. | ||||