288 matches found
CVE-2025-38329
In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Fix OOB memory read access in KUnit test wmfw info KASAN reported out of bounds access - csdspmockwmfwaddinfo, because the source string length was rounded up to the allocation size...
CVE-2025-38329 firmware: cs_dsp: Fix OOB memory read access in KUnit test (wmfw info)
In the Linux kernel, the following vulnerability has been resolved: firmware: csdsp: Fix OOB memory read access in KUnit test wmfw info KASAN reported out of bounds access - csdspmockwmfwaddinfo, because the source string length was rounded up to the allocation size...
CVE-2022-49955
In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Fix RTAS MSRHV handling for Cell The semi-recent changes to MSR handling when entering RTAS firmware cause crashes on IBM Cell machines. An example trace: kernel tried to execute user page 2fff01a8 - exploit attempt...
CVE-2025-49133 Libtpms contains a possible out-of-bound access and abort due to HMAC signing issue
Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds OOB read vulnerability. The...
CVE-2025-49133
Libtpms is a library that targets the integration of TPM functionality into hypervisors, primarily into Qemu. Libtpms, which is derived from the TPM 2.0 reference implementation code published by the Trusted Computing Group, is prone to a potential out of bounds OOB read vulnerability. The...
CVE-2020-28005
httpd on TP-Link TL-WPA4220 devices hardware versions 2 through 4 allows remote authenticated users to trigger a buffer overflow causing a denial of service by sending a POST request to the /admin/syslog endpoint. Fixed version: TL-WPA4220EUV4201023...
CVE-2024-57852
In the Linux kernel, the following vulnerability has been resolved: firmware: qcom: scm: smc: Handle missing SCM device Commit ca61d6836e6f "firmware: qcom: scm: fix a NULL-pointer dereference" makes it explicit that qcomscmgettzmempool can return NULL, therefore its users should handle this...
CVE-2025-26411
An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a valid user account on the Wattsense web interface...
CVE-2025-26411 Authenticated Arbitrary Python File Upload via Plugin Manager
An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a valid user account on the Wattsense web...
CVE-2025-26411 Authenticated Arbitrary Python File Upload via Plugin Manager
An authenticated attacker is able to use the Plugin Manager of the web interface of the Wattsense Bridge devices to upload malicious Python files to the device. This enables an attacker to gain remote root access to the device. An attacker needs a valid user account on the Wattsense web...
CVE-2025-26411
Wattsense Bridge devices are affected by CVE-2025-26411 through the web interface Plugin Manager. An authenticated attacker with a valid Wattsense web account can upload malicious Python files to the device, enabling remote root access. The vulnerability is tied to the Plugin Manager functionalit...
CVE-2025-26409
Wattsense Bridge devices are affected. A serial interface accessible with physical access to the PCB can grant bootloader access and a Linux login prompt, enabling a root shell via the bootloader. This stems from exposed serial/bootloader interfaces on the device when physically tampered. The iss...
AZL-54948 CVE-2024-53157 affecting package kernel for versions less than 5.15.176.3-1
In the Linux kernel, the following vulnerability has been resolved: firmware: armscpi: Check the DVFS OPP count returned by the firmware Fix a kernel crash with the below call trace when the SCPI firmware returns OPP count of zero. dvfsinfo.oppcount may be zero on some platforms during the reboot...
UBUNTU-CVE-2024-53157
In the Linux kernel, the following vulnerability has been resolved: firmware: armscpi: Check the DVFS OPP count returned by the firmware Fix a kernel crash with the below call trace when the SCPI firmware returns OPP count of zero. dvfsinfo.oppcount may be zero on some platforms during the reboot...
CVE-2024-37044
A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow remote attackers who have gained administrator access to execute code. We have already fixed the vulnerability in the followin...
UBUNTU-CVE-2024-49853
In the Linux kernel, the following vulnerability has been resolved: firmware: armscmi: Fix double free in OPTEE transport Channels can be shared between protocols, avoid freeing the same channel descriptors twice when unloading the stack...
CVE-2024-46827
The CVE-2024-46827 entry describes a Linux kernel fix for ath12k Wi‑Fi: when an association request contains an Extended HE Capabilities Element with an invalid MCS-NSS, the driver passes a zero peer_nss to firmware, potentially crashing it. The remediation implements validation of peer_nss and f...
clk: qcom: gcc-ipq8074: fix terminating of frequency table arrays
...
CVE-2024-21903
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722...
CVE-2024-21898
An OS command injection vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated users to execute commands via a network. We have already fixed the vulnerability in the following versions: QTS 5.1.6.2722 build...