Skip to main content

Yocto

138 CVEs product

Monthly

CVE-2025-61611 HIGH This Week

In modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.. [CVSS 7.5 HIGH]

Denial Of Service Yocto
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-20435 MEDIUM This Month

Device unique identifiers in the preloader of Openwrt, Android, Yocto, RDK-B, and Zephyr can be read by attackers with physical access due to a logic error, leading to local information disclosure without requiring additional privileges or user interaction. This vulnerability affects multiple embedded and IoT platforms where the preloader executes before operating system initialization. No patch is currently available for this issue.

Information Disclosure Openwrt Android Yocto Rdk B +2
NVD
CVSS 3.1
4.6
EPSS
0.0%
CVE-2025-20765 MEDIUM This Month

In aee daemon, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10190802; Issue ID: MSV-4833.

Denial Of Service Race Condition Openwrt Android Yocto +1
NVD
CVSS 3.1
4.7
EPSS
0.0%
CVE-2025-20747 MEDIUM This Month

In gnss service, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Yocto Rdk B +4
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20746 MEDIUM This Month

In gnss service, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation Yocto Rdk B +4
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20730 MEDIUM This Month

In preloader, there is a possible escalation of privilege due to an insecure default value. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Yocto Rdk B Android +2
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2025-20705 HIGH This Month

In monitor_hang, there is a possible memory corruption due to use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free Denial Of Service Privilege Escalation +4
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2025-20696 MEDIUM This Month

In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +4
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-20693 MEDIUM This Month

In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09812521; Issue ID: MSV-3421.

Information Disclosure Buffer Overflow Yocto Openwrt Software Development Kit +2
NVD
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-20656 MEDIUM This Month

In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +19
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-20651 MEDIUM This Month

In da, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Yocto Rdk B Android +2
NVD
CVSS 3.1
4.1
EPSS
0.0%
CVE-2025-20650 MEDIUM This Month

In da, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +3
NVD
CVSS 3.1
6.8
EPSS
0.0%
CVE-2025-20635 MEDIUM This Month

In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +3
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2024-20147 MEDIUM This Month

In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yocto Software Development Kit Android Openwrt +1
NVD
CVSS 3.1
5.3
EPSS
2.2%
CVE-2024-20153 HIGH This Month

In wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Yocto Software Development Kit Android Google
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2024-20152 MEDIUM Monitor

In wlan STA driver, there is a possible reachable assertion due to improper exception handling. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Yocto Software Development Kit Android Openwrt +1
NVD
CVSS 3.1
4.4
EPSS
0.0%
CVE-2024-20148 CRITICAL This Week

In wlan STA FW, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow Yocto Software Development Kit +2
NVD
CVSS 3.1
9.8
EPSS
0.1%
CVE-2024-20146 HIGH This Month

In wlan STA driver, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow Yocto Software Development Kit +3
NVD
CVSS 3.1
8.1
EPSS
0.1%
CVE-2024-20145 MEDIUM This Month

In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +3
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-20144 MEDIUM This Month

In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +3
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-20143 MEDIUM This Month

In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +3
NVD
CVSS 3.1
6.6
EPSS
0.1%
CVE-2024-20140 MEDIUM This Month

In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Android +1
NVD
CVSS 3.1
6.7
EPSS
0.0%
CVE-2024-20139 MEDIUM This Month

In Bluetooth firmware, there is a possible firmware asssert due to improper handling of exceptional conditions. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yocto Software Development Kit Android Openwrt
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2024-20107 MEDIUM This Month

In da, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto Rdk B Android +1
NVD
CVSS 3.1
6.2
EPSS
0.1%
CVE-2024-20104 HIGH This Week

In da, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Yocto Rdk B +2
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-20099 MEDIUM This Month

In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Yocto Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20098 MEDIUM This Month

In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Yocto Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20089 HIGH This Week

In wlan, there is a possible denial of service due to incorrect error handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yocto Rdk B Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-20085 MEDIUM This Month

In power, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto Rdk B Android +1
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20084 MEDIUM This Month

In power, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto Rdk B Android +1
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20081 MEDIUM This Month

In gnss service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Yocto Rdk B +2
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-20080 CRITICAL Act Now

In gnss service, there is a possible escalation of privilege due to improper certificate validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Yocto Rdk B Android
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-20055 MEDIUM This Month

In imgsys, there is a possible information disclosure due to a missing bounds check. Rated medium severity (CVSS 6.3). No vendor patch available.

Buffer Overflow Information Disclosure Yocto Iot Yocto Android
NVD
CVSS 3.1
6.3
EPSS
0.1%
CVE-2024-20054 MEDIUM This Month

In gnss, there is a possible escalation of privilege due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Yocto Rdk B +2
NVD
CVSS 3.1
6.6
EPSS
0.3%
CVE-2024-20053 HIGH This Week

In flashc, there is a possible out of bounds write due to an uncaught exception. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Yocto Rdk B +2
NVD
CVSS 3.1
8.4
EPSS
0.1%
CVE-2024-20052 MEDIUM This Month

In flashc, there is a possible information disclosure due to an uncaught exception. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Yocto Rdk B Android Openwrt
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20051 LOW Monitor

In flashc, there is a possible system crash due to an uncaught exception. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Yocto Rdk B Android Openwrt
NVD
CVSS 3.1
2.3
EPSS
0.1%
CVE-2024-20050 MEDIUM This Month

In flashc, there is a possible information disclosure due to an uncaught exception. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Yocto Rdk B Android Openwrt
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20049 MEDIUM This Month

In flashc, there is a possible information disclosure due to an uncaught exception. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Yocto Rdk B Android Openwrt
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2024-20040 HIGH This Week

In wlan firmware, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Yocto Rdk B +3
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2024-20023 MEDIUM This Month

In flashc, there is a possible out of bounds write due to lack of valudation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption Yocto Rdk B +2
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-20022 MEDIUM This Month

In lk, there is a possible escalation of privilege due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Information Disclosure Yocto Rdkb +2
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-25626 CRITICAL Act Now

Yocto Project is an open source collaboration project that helps developers create custom Linux-based systems regardless of the hardware architecture. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Yocto
NVD GitHub
CVSS 3.1
9.8
EPSS
1.2%
CVE-2023-32855 MEDIUM This Month

In aee, there is a possible escalation of privilege due to a missing permission check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Yocto Rdk B Android +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32829 MEDIUM This Month

In apusys, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation Yocto Iot Yocto +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32820 HIGH This Week

In wlan firmware, there is a possible firmware assertion due to improper input handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yocto Iot Yocto Android Linux Kernel
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-32815 MEDIUM This Month

In gnss service, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto Android Openwrt
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-32813 MEDIUM This Month

In gnss service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Information Disclosure Yocto Android +1
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-32812 MEDIUM This Month

In gnss service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Yocto Android Openwrt
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32811 MEDIUM This Month

In connectivity system driver, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Iot Yocto +1
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-32810 MEDIUM This Month

In bluetooth driver, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto Android Linux Kernel
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-32807 MEDIUM This Month

In wlan service, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto Iot Yocto Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-32806 MEDIUM This Month

In wlan driver, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Iot Yocto +2
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20850 MEDIUM This Month

In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Iot Yocto +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-20849 MEDIUM This Month

In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Denial Of Service Memory Corruption Yocto +3
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-20848 MEDIUM This Month

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Information Disclosure Yocto Iot Yocto +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-20847 MEDIUM This Month

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service Yocto Iot Yocto +2
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2023-20846 MEDIUM This Month

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto Iot Yocto Android +1
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2023-20845 MEDIUM This Month

In imgsys, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto Iot Yocto Android +1
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2023-20844 MEDIUM This Month

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto Iot Yocto Android +1
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2023-20843 MEDIUM This Month

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto Iot Yocto Android +1
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2023-20842 MEDIUM This Month

In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Iot Yocto +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-20841 MEDIUM This Month

In imgsys, there is a possible out of bounds write due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Iot Yocto +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-20840 MEDIUM This Month

In imgsys, there is a possible out of bounds read and write due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Information Disclosure Yocto Iot Yocto +2
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-20839 MEDIUM This Month

In imgsys, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto Iot Yocto Android +1
NVD
CVSS 3.1
4.2
EPSS
0.1%
CVE-2023-20838 MEDIUM This Month

In imgsys, there is a possible out of bounds read due to a race condition. Rated medium severity (CVSS 4.0). No vendor patch available.

Buffer Overflow Information Disclosure Yocto Android Linux Kernel
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2023-20835 MEDIUM This Month

In camsys, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Denial Of Service Privilege Escalation Yocto Iot Yocto +1
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20832 MEDIUM This Month

In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +2
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20831 MEDIUM This Month

In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +2
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20830 MEDIUM This Month

In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +2
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20829 MEDIUM This Month

In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +2
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20828 MEDIUM This Month

In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +2
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20821 MEDIUM This Month

In nvram, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Rdk B +2
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20805 MEDIUM This Month

In imgsys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20804 MEDIUM This Month

In imgsys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20803 MEDIUM This Month

In imgsys, there is a possible memory corruption due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Android
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-20802 MEDIUM This Month

In imgsys, there is a possible memory corruption due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation Yocto Android
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-20801 MEDIUM This Month

In imgsys, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Denial Of Service Privilege Escalation Yocto Android
NVD
CVSS 3.1
6.4
EPSS
0.1%
CVE-2023-20800 MEDIUM This Month

In imgsys, there is a possible system crash due to a mssing ptr check. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Yocto Android
NVD
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-20796 MEDIUM This Month

In power, there is a possible memory corruption due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Yocto Rdk B +2
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-20790 MEDIUM This Month

In nvram, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Information Disclosure Yocto Rdk B +2
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-20693 HIGH This Week

In wlan firmware, there is possible system crash due to an uncaught exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Yocto Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-20692 HIGH This Week

In wlan firmware, there is possible system crash due to an uncaught exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yocto Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-20691 HIGH This Week

In wlan firmware, there is possible system crash due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Yocto Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-20690 HIGH This Week

In wlan firmware, there is possible system crash due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Yocto Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-20689 HIGH This Week

In wlan firmware, there is possible system crash due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Yocto Android
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2023-20747 MEDIUM This Month

In vcu, there is a possible memory corruption due to type confusion. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service Iot Yocto Yocto +1
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2023-20746 MEDIUM This Month

In vcu, there is a possible out of bounds write due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Iot Yocto Yocto Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20745 MEDIUM This Month

In vcu, there is a possible out of bounds write due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Iot Yocto Yocto Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2023-20744 MEDIUM This Month

In vcu, there is a possible use after free due to a logic error. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Denial Of Service Memory Corruption Iot Yocto +2
NVD
CVSS 3.1
6.7
EPSS
0.1%
EPSS 0% CVSS 7.5
HIGH This Week

In modem, there is a possible improper input validation. This could lead to remote denial of service with no additional execution privileges needed.. [CVSS 7.5 HIGH]

Denial Of Service Yocto
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Device unique identifiers in the preloader of Openwrt, Android, Yocto, RDK-B, and Zephyr can be read by attackers with physical access due to a logic error, leading to local information disclosure without requiring additional privileges or user interaction. This vulnerability affects multiple embedded and IoT platforms where the preloader executes before operating system initialization. No patch is currently available for this issue.

Information Disclosure Openwrt Android +4
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

In aee daemon, there is a possible system crash due to a race condition. This could lead to local denial of service if a malicious actor has already obtained the System privilege. User interaction is not needed for exploitation. Patch ID: ALPS10190802; Issue ID: MSV-4833.

Denial Of Service Race Condition Openwrt +3
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In gnss service, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation +6
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In gnss service, there is a possible out of bounds write due to an incorrect bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Stack Overflow Buffer Overflow Privilege Escalation +6
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In preloader, there is a possible escalation of privilege due to an insecure default value. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Privilege Escalation Yocto +4
NVD
EPSS 0% CVSS 7.8
HIGH This Month

In monitor_hang, there is a possible memory corruption due to use after free. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Use After Free +6
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +6
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In wlan STA driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote (proximal/adjacent) information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09812521; Issue ID: MSV-3421.

Information Disclosure Buffer Overflow Yocto +4
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

In DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +21
NVD
EPSS 0% CVSS 4.1
MEDIUM This Month

In da, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Buffer Overflow Yocto +4
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

In da, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +5
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +5
NVD
EPSS 2% CVSS 5.3
MEDIUM This Month

In Bluetooth FW, there is a possible reachable assertion due to improper exception handling. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yocto Software Development Kit +3
NVD
EPSS 1% CVSS 7.5
HIGH This Month

In wlan STA, there is a possible way to trick a client to connect to an AP with spoofed SSID. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Yocto Software Development Kit +2
NVD
EPSS 0% CVSS 4.4
MEDIUM Monitor

In wlan STA driver, there is a possible reachable assertion due to improper exception handling. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Yocto Software Development Kit +3
NVD
EPSS 0% CVSS 9.8
CRITICAL This Week

In wlan STA FW, there is a possible out of bounds write due to improper input validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow +4
NVD
EPSS 0% CVSS 8.1
HIGH This Month

In wlan STA driver, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 8.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Memory Corruption Buffer Overflow +5
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +5
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +5
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

In V6 DA, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +5
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +3
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In Bluetooth firmware, there is a possible firmware asssert due to improper handling of exceptional conditions. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yocto Software Development Kit +2
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

In da, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto +3
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In da, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +4
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In power, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In wlan, there is a possible denial of service due to incorrect error handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yocto Rdk B +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In power, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto +3
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In power, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto +3
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In gnss service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +4
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

In gnss service, there is a possible escalation of privilege due to improper certificate validation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Yocto Rdk B +1
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

In imgsys, there is a possible information disclosure due to a missing bounds check. Rated medium severity (CVSS 6.3). No vendor patch available.

Buffer Overflow Information Disclosure Yocto +2
NVD
EPSS 0% CVSS 6.6
MEDIUM This Month

In gnss, there is a possible escalation of privilege due to a missing bounds check. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +4
NVD
EPSS 0% CVSS 8.4
HIGH This Week

In flashc, there is a possible out of bounds write due to an uncaught exception. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +4
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In flashc, there is a possible information disclosure due to an uncaught exception. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Yocto Rdk B +2
NVD
EPSS 0% CVSS 2.3
LOW Monitor

In flashc, there is a possible system crash due to an uncaught exception. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Yocto Rdk B +2
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In flashc, there is a possible information disclosure due to an uncaught exception. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Yocto Rdk B +2
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In flashc, there is a possible information disclosure due to an uncaught exception. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Yocto Rdk B +2
NVD
EPSS 0% CVSS 8.8
HIGH This Week

In wlan firmware, there is a possible out of bounds write due to improper input validation. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +5
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In flashc, there is a possible out of bounds write due to lack of valudation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Memory Corruption +4
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In lk, there is a possible escalation of privilege due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Information Disclosure +4
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Yocto Project is an open source collaboration project that helps developers create custom Linux-based systems regardless of the hardware architecture. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Command Injection Yocto
NVD GitHub
EPSS 0% CVSS 6.7
MEDIUM This Month

In aee, there is a possible escalation of privilege due to a missing permission check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Yocto +3
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In apusys, there is a possible out of bounds write due to an integer overflow. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Buffer Overflow Privilege Escalation +3
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In wlan firmware, there is a possible firmware assertion due to improper input handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yocto Iot Yocto +2
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In gnss service, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto +2
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In gnss service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Information Disclosure +3
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In gnss service, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Yocto +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In connectivity system driver, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +3
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In bluetooth driver, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto +2
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In wlan service, there is a possible out of bounds read due to improper input validation. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In wlan driver, there is a possible out of bounds write due to improper input validation. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +4
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +4
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In imgsys_cmdq, there is a possible use after free due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Denial Of Service +5
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Information Disclosure +4
NVD
EPSS 0% CVSS 4.2
MEDIUM This Month

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Denial Of Service +4
NVD
EPSS 0% CVSS 4.2
MEDIUM This Month

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto +3
NVD
EPSS 0% CVSS 4.2
MEDIUM This Month

In imgsys, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto +3
NVD
EPSS 0% CVSS 4.2
MEDIUM This Month

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto +3
NVD
EPSS 0% CVSS 4.2
MEDIUM This Month

In imgsys_cmdq, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto +3
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In imgsys_cmdq, there is a possible out of bounds write due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +4
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In imgsys, there is a possible out of bounds write due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +4
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In imgsys, there is a possible out of bounds read and write due to a missing valid range checking. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Information Disclosure +4
NVD
EPSS 0% CVSS 4.2
MEDIUM This Month

In imgsys, there is a possible out of bounds read due to a missing valid range checking. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Yocto +3
NVD
EPSS 0% CVSS 4.0
MEDIUM This Month

In imgsys, there is a possible out of bounds read due to a race condition. Rated medium severity (CVSS 4.0). No vendor patch available.

Buffer Overflow Information Disclosure Yocto +2
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In camsys, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Denial Of Service Privilege Escalation +3
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +4
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +4
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +4
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +4
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In gps, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +4
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In nvram, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +4
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In imgsys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In imgsys, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In imgsys, there is a possible memory corruption due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In imgsys, there is a possible memory corruption due to improper input validation. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Privilege Escalation +2
NVD
EPSS 0% CVSS 6.4
MEDIUM This Month

In imgsys, there is a possible use after free due to a race condition. Rated medium severity (CVSS 6.4). No vendor patch available.

Race Condition Denial Of Service Privilege Escalation +2
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

In imgsys, there is a possible system crash due to a mssing ptr check. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Yocto +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In power, there is a possible memory corruption due to an incorrect bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +4
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In nvram, there is a possible out of bounds write due to a missing bounds check. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Information Disclosure +4
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In wlan firmware, there is possible system crash due to an uncaught exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Yocto +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In wlan firmware, there is possible system crash due to an uncaught exception. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Yocto Android
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In wlan firmware, there is possible system crash due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Yocto +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In wlan firmware, there is possible system crash due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Yocto +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

In wlan firmware, there is possible system crash due to an integer overflow. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Yocto +1
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

In vcu, there is a possible memory corruption due to type confusion. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Denial Of Service +3
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In vcu, there is a possible out of bounds write due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Iot Yocto +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In vcu, there is a possible out of bounds write due to improper locking. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Buffer Overflow Iot Yocto +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

In vcu, there is a possible use after free due to a logic error. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Use After Free Privilege Escalation Denial Of Service +4
NVD
Page 1 of 2 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy