Latest CVE Feed
-
7.8
HIGHCVE-2024-45547
Memory corruption while processing IOCTL call invoked from user-space to verify non extension FIPS encryption and decryption functionality.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware fastconnect_6900_firmware fastconnect_7800_firmware qcc2073_firmware qcc2076_firmware wsa8840_firmware wsa8845_firmware wsa8845h_firmware wcd9380 +10 more products- Published: Jan. 06, 2025
- Modified: Jan. 13, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2024-45546
Memory corruption while processing FIPS encryption or decryption IOCTL call invoked from user-space.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware fastconnect_6900_firmware fastconnect_7800_firmware qcc2073_firmware qcc2076_firmware wsa8840_firmware wsa8845_firmware wsa8845h_firmware wcd9380 +10 more products- Published: Jan. 06, 2025
- Modified: Jan. 13, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2024-45542
Memory corruption when IOCTL call is invoked from user-space to write board data to WLAN driver.... Read more
Affected Products : aqt1000_firmware qca6391_firmware qca6420_firmware qca6430_firmware qca6595au_firmware wcd9341_firmware wcd9380_firmware wcd9385_firmware wsa8810_firmware wsa8815_firmware +94 more products- Published: Jan. 06, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2024-45541
Memory corruption when IOCTL call is invoked from user-space to read board data.... Read more
Affected Products : aqt1000_firmware qca6391_firmware qca6420_firmware qca6430_firmware qca6595au_firmware wcd9341_firmware wcd9380_firmware wcd9385_firmware wsa8810_firmware wsa8815_firmware +94 more products- Published: Jan. 06, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2024-43064
Uncontrolled resource consumption when a driver, an application or a SMMU client tries to access the global registers through SMMU.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa8295p_firmware qca6595_firmware qca6698aq_firmware wcn3660b_firmware sa8540p_firmware sa9000p_firmware +50 more products- Published: Jan. 06, 2025
- Modified: Jan. 13, 2025
- Vuln Type: Denial of Service
-
6.1
MEDIUMCVE-2024-43063
information disclosure while invoking the mailbox read API.... Read more
Affected Products : qam8295p_firmware qca6595au_firmware qca6696_firmware sa8295p_firmware qca6595_firmware qca6698aq_firmware sa8540p_firmware sa9000p_firmware qam8255p_firmware sa8255p_firmware +24 more products- Published: Jan. 06, 2025
- Modified: Jan. 10, 2025
- Vuln Type: Information Disclosure
-
6.1
MEDIUMCVE-2024-33067
Information disclosure while invoking callback function of sound model driver from ADSP for every valid opcode received from sound model driver.... Read more
Affected Products : qam8295p_firmware qca6391_firmware qca6426_firmware qca6436_firmware qca6574au_firmware qca6595au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware +148 more products- Published: Jan. 06, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Information Disclosure
-
6.8
MEDIUMCVE-2024-33061
Information disclosure while processing IOCTL call made for releasing a trusted VM process release or opening a channel without initializing the process.... Read more
Affected Products : sw5100_firmware sw5100p_firmware wcn3980_firmware wcn3988_firmware wsa8830_firmware wsa8835_firmware wcn3660b_firmware wcn3680b_firmware qcs8550_firmware wcn3660b +8 more products- Published: Jan. 06, 2025
- Modified: Jan. 10, 2025
- Vuln Type: Information Disclosure
-
7.8
HIGHCVE-2024-33059
Memory corruption while processing frame command IOCTL calls.... Read more
Affected Products : wcd9380_firmware wcd9385_firmware fastconnect_6900_firmware fastconnect_7800_firmware qcs8550_firmware qcm8550_firmware sm8550p_firmware wcd9390_firmware wcd9395_firmware wsa8840_firmware +22 more products- Published: Jan. 06, 2025
- Modified: Jan. 10, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2024-33055
Memory corruption while invoking IOCTL calls to unmap the DMA buffers.... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware sa8195p_firmware +70 more products- Published: Jan. 06, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Memory Corruption
-
7.8
HIGHCVE-2024-33041
Memory corruption when input parameter validation for number of fences is missing for fence frame IOCTL calls,... Read more
Affected Products : qam8295p_firmware qca6574au_firmware qca6696_firmware sa6145p_firmware sa6150p_firmware sa6155p_firmware sa8145p_firmware sa8150p_firmware sa8155p_firmware sa8195p_firmware +62 more products- Published: Jan. 06, 2025
- Modified: Aug. 11, 2025
- Vuln Type: Memory Corruption
-
6.6
MEDIUMCVE-2024-23366
Information Disclosure while invoking the mailbox write API when message received from user is larger than mailbox size.... Read more
Affected Products : qam8295p_firmware qca6595au_firmware qca6696_firmware sa8295p_firmware qca6595_firmware qca6698aq_firmware sa8540p_firmware sa9000p_firmware qam8255p_firmware sa8255p_firmware +24 more products- Published: Jan. 06, 2025
- Modified: Jan. 10, 2025
- Vuln Type: Information Disclosure
-
8.4
HIGHCVE-2024-21464
Memory corruption while processing IPA statistics, when there are no active clients registered.... Read more
Affected Products : wsa8810_firmware wsa8815_firmware wsa8830_firmware wsa8835_firmware qcm4490_firmware qcs4490_firmware wcd9370_firmware wcn3950_firmware wcn6740_firmware wsa8832_firmware +32 more products- Published: Jan. 06, 2025
- Modified: Jan. 10, 2025
- Vuln Type: Memory Corruption
-
6.5
MEDIUMCVE-2024-12311
The Email Subscribers by Icegram Express WordPress plugin before 5.7.44 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks... Read more
Affected Products : email_subscribers_\&_newsletters- Published: Jan. 06, 2025
- Modified: May. 14, 2025
- Vuln Type: Injection
-
6.1
MEDIUMCVE-2024-12302
The Icegram Engage WordPress plugin before 3.1.32 does not sanitise and escape some of its Campaign settings, which could allow authors and above to perform Stored Cross-Site Scripting attacks... Read more
Affected Products : icegram_engage- Published: Jan. 06, 2025
- Modified: May. 14, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2024-11849
The Pods WordPress plugin before 3.2.8.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for ex... Read more
Affected Products : pods- Published: Jan. 06, 2025
- Modified: May. 14, 2025
- Vuln Type: Cross-Site Scripting
-
6.1
MEDIUMCVE-2024-11356
The tourmaster WordPress plugin before 5.3.4 does not sanitise and escape some parameters when outputting them in the page, which could allow unauthenticated users to perform Cross-Site Scripting attacks.... Read more
Affected Products : tour_master- Published: Jan. 06, 2025
- Modified: Jun. 05, 2025
- Vuln Type: Cross-Site Scripting
-
8.1
HIGHCVE-2024-20154
In Modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User inter... Read more
Affected Products :- Published: Jan. 06, 2025
- Modified: Jan. 06, 2025
- Vuln Type: Memory Corruption
-
7.5
HIGHCVE-2024-20153
In wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS0... Read more
Affected Products :- Published: Jan. 06, 2025
- Modified: Jan. 06, 2025
- Vuln Type: Information Disclosure
-
4.4
MEDIUMCVE-2024-20152
In wlan STA driver, there is a possible reachable assertion due to improper exception handling. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Pat... Read more
- Published: Jan. 06, 2025
- Modified: Apr. 21, 2025
- Vuln Type: Denial of Service