Total
3404 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-33092 | 1 Qualcomm | 190 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 187 more | 2025-08-11 | N/A | 8.4 HIGH |
| Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size. | |||||
| CVE-2023-33113 | 1 Qualcomm | 254 Ar8035, Ar8035 Firmware, Csra6620 and 251 more | 2025-08-11 | N/A | 8.4 HIGH |
| Memory corruption when resource manager sends the host kernel a reply message with multiple fragments. | |||||
| CVE-2023-22386 | 1 Qualcomm | 402 215, 215 Firmware, Ar8035 and 399 more | 2025-08-11 | N/A | 7.8 HIGH |
| Memory Corruption in WLAN HOST while processing WLAN FW request to allocate memory. | |||||
| CVE-2023-43519 | 1 Qualcomm | 268 Aqt1000, Aqt1000 Firmware, Fastconnect 6200 and 265 more | 2025-08-11 | N/A | 7.3 HIGH |
| Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size. | |||||
| CVE-2023-33087 | 1 Qualcomm | 236 Apq5053-aa, Apq5053-aa Firmware, Ar8035 and 233 more | 2025-08-11 | N/A | 7.8 HIGH |
| Memory corruption in Core while processing RX intent request. | |||||
| CVE-2024-33042 | 1 Qualcomm | 406 205, 205 Firmware, 215 and 403 more | 2025-08-11 | N/A | 7.8 HIGH |
| Memory corruption when Alternative Frequency offset value is set to 255. | |||||
| CVE-2025-27052 | 1 Qualcomm | 312 Ar8035, Ar8035 Firmware, Fastconnect 6200 and 309 more | 2025-08-11 | N/A | 7.8 HIGH |
| Memory corruption while processing data packets in diag received from Unix clients. | |||||
| CVE-2023-28539 | 1 Qualcomm | 314 Ar8035, Ar8035 Firmware, Ar9380 and 311 more | 2025-08-11 | N/A | 6.6 MEDIUM |
| Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command. | |||||
| CVE-2023-43556 | 1 Qualcomm | 136 Ar8035, Ar8035 Firmware, Fastconnect 6700 and 133 more | 2025-08-11 | N/A | 9.3 CRITICAL |
| Memory corruption in Hypervisor when platform information mentioned is not aligned. | |||||
| CVE-2024-53027 | 1 Qualcomm | 424 205, 205 Firmware, Apq8017 and 421 more | 2025-08-11 | N/A | 7.5 HIGH |
| Transient DOS may occur while processing the country IE. | |||||
| CVE-2023-33035 | 1 Qualcomm | 288 Apq5053-aa, Apq5053-aa Firmware, Ar8035 and 285 more | 2025-08-11 | N/A | 7.8 HIGH |
| Memory corruption while invoking callback function of AFE from ADSP. | |||||
| CVE-2023-28579 | 1 Qualcomm | 68 Fastconnect 6900, Fastconnect 6900 Firmware, Fastconnect 7800 and 65 more | 2025-08-11 | N/A | 6.7 MEDIUM |
| Memory Corruption in WLAN Host while deserializing the input PMK bytes without checking the input PMK length. | |||||
| CVE-2023-24851 | 1 Qualcomm | 382 Ar8035, Ar8035 Firmware, Csr8811 and 379 more | 2025-08-11 | N/A | 7.8 HIGH |
| Memory Corruption in WLAN HOST while parsing QMI response message from firmware. | |||||
| CVE-2023-28547 | 1 Qualcomm | 604 215 Mobile, 215 Mobile Firmware, 315 5g Iot and 601 more | 2025-08-11 | N/A | 8.4 HIGH |
| Memory corruption in SPS Application while requesting for public key in sorter TA. | |||||
| CVE-2025-8736 | 2025-08-08 | 4.3 MEDIUM | 5.3 MEDIUM | ||
| A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Affected by this issue is the function yylex of the file c.c of the component Lexer. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-2017 | 1 Ashlar | 1 Cobalt | 2025-08-08 | N/A | 7.8 HIGH |
| Ashlar-Vellum Cobalt CO File Parsing Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of CO files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-25240. | |||||
| CVE-2025-5222 | 1 Unicode | 1 International Components For Unicode | 2025-08-08 | N/A | 7.0 HIGH |
| A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution. | |||||
| CVE-2012-10035 | 2025-08-07 | N/A | N/A | ||
| Turbo FTP Server versions 1.30.823 and 1.30.826 contain a buffer overflow vulnerability in the handling of the PORT command. By sending a specially crafted payload, an unauthenticated remote attacker can overwrite memory structures and execute arbitrary code with SYSTEM privileges. | |||||
| CVE-2025-8170 | 1 Totolink | 2 T6, T6 Firmware | 2025-08-07 | 9.0 HIGH | 8.8 HIGH |
| A vulnerability classified as critical was found in TOTOLINK T6 4.1.5cu.748_B20211015. This vulnerability affects the function tcpcheck_net of the file /router/meshSlaveDlfw of the component MQTT Packet Handler. The manipulation of the argument serverIp leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2024-5305 | 1 Tungstenautomation | 1 Power Pdf | 2025-08-06 | N/A | 7.8 HIGH |
| Kofax Power PDF PDF File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of PDF files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-22921. | |||||