Export limit exceeded: 355093 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (355093 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-29937 | 1 Amd | 5 Ryzen 6000 Series Processors With Radeon Graphics, Ryzen 7035 Series Processors With Radeon Graphics, Ryzen 7040 Series Mobile Processors With Radeon Graphics and 2 more | 2026-06-02 | N/A |
| An out of bounds read within the AMD Platform Management Framework (PMF) could allow an attacker to trigger a read of an arbitrary memory location potentially resulting in loss of availability or confidentiality. | ||||
| CVE-2025-29944 | 1 Amd | 14 Athlon 3000 Series Mobile Processors With Radeon Graphics, Ryzen 3000 Series Mobile Processors With Radeon Graphics, Ryzen 4000 Series Mobile Processors With Radeon Graphics and 11 more | 2026-06-02 | N/A |
| A buffer overflow vulnerability within AMD Sensor Fusion Hub Driver can allow a local attacker to write out of bounds, potentially resulting in denial of service or crash | ||||
| CVE-2025-29935 | 1 Amd | 5 Ryzen 6000 Series Processors With Radeon Graphics, Ryzen 7035 Series Processors With Radeon Graphics, Ryzen 7040 Series Mobile Processors With Radeon Graphics and 2 more | 2026-06-02 | N/A |
| An out of bounds write within the AMD Platform Management Framework (PMF) could allow an attacker to execute arbitrary code at an elevated privilege level potentially leading to loss of confidentiality integrity, or availability. | ||||
| CVE-2024-21962 | 1 Amd | 26 Athlon 3000 Series Mobile Processors With Radeon Graphics, Epyc 4004 Series Processors, Epyc 4005 Series Processors and 23 more | 2026-06-02 | N/A |
| Improper Input Validation in the AMD RAID driver could allow an attacker to point to an arbitrary memory location potentially resulting in privilege escalation and arbitrary code execution. | ||||
| CVE-2021-26380 | 1 Amd | 27 Athlon 3000 Series Mobile Processors With Radeon Graphics, Radeon Instinct Mi25, Radeon Pro V520 and 24 more | 2026-06-02 | N/A |
| A compromised Trusted OS (TOS) driver could issue a malformed call that could potentially allow memory access outside the intended range resulting in loss of integrity. | ||||
| CVE-2022-23826 | 1 Amd | 19 Athlon 3000 Series Mobile Processors With Radeon Graphics, Instinct Mi210, Instinct Mi250 and 16 more | 2026-06-02 | N/A |
| A TOCTOU (Time-Of-Check to Time-Of-Use) in the graphics interface may allow an attacker to load registers repeatedly creating a race condition potentially leading to a loss of integrity. | ||||
| CVE-2023-31316 | 1 Amd | 18 Instinct Mi210, Instinct Mi250, Radeon Pro V620 and 15 more | 2026-06-02 | N/A |
| Improperly preserved integrity of hardware configuration state during a power save/restore operation in the AMD Secure Processor (ASP) could allow an attacker with the ability to write outside the trusted memory range (TMR) to change the execution flow of the Video Core Next (VCN) firmware potentially impacting confidentiality, integrity, or availability. | ||||
| CVE-2025-48516 | 1 Amd | 31 Amd Ryzen Ai 300 Series Processors, Athlon 3000 Series Mobile Processors With Radeon Graphics, Ryzen 3000 Series Desktop Processors and 28 more | 2026-06-02 | N/A |
| Insecure default configuration state of DDR5 memory module by AGESA Bootloader Firmware could allow an attacker with local user privilege to abuse the unprotected PMIC interface to create a permanent denial of service condition or affect the integrity of the memory module. | ||||
| CVE-2026-37220 | 1 Mosaic5g | 1 Flexric | 2026-06-02 | 7.5 High |
| FlexRIC v2.0.0 crashes when an SCTP association is closed before an E2_SETUP_REQUEST is sent. The near-RT RIC assumes a mapping between SCTP association and E2 node always exists in the cleanup path and enforces this via assert(). A remote unauthenticated attacker can crash the near-RT RIC (port 36421) by simply completing an SCTP handshake and immediately disconnecting, without sending any E2AP message. | ||||
| CVE-2026-37221 | 1 Mosaic5g | 1 Flexric | 2026-06-02 | 7.5 High |
| FlexRIC v2.0.0 crashes when receiving a RIC_SUBSCRIPTION_RESPONSE with an unknown ric_id that has no corresponding pending event. The near-RT RIC uses assert() to enforce the existence of a pending event during response processing. A remote unauthenticated attacker can send a forged RIC_SUBSCRIPTION_RESPONSE to the near-RT RIC (port 36421) to cause SIGABRT in Debug builds or NULL pointer dereference (SIGSEGV) in Release builds. | ||||
| CVE-2026-37222 | 1 Mosaic5g | 1 Flexric | 2026-06-02 | 7.5 High |
| FlexRIC v2.0.0 uses hardcoded assertions to validate Information Element (IE) counts in decoded E2AP messages. A remote unauthenticated attacker can send a valid E2AP PDU containing an unexpected number of IEs (e.g., an E2setupRequest with extra optional fields) to crash the near-RT RIC (port 36421) or iApp (port 36422) via SIGABRT. The code asserts exact IE counts rather than validating against protocol-specified ranges. | ||||
| CVE-2026-37223 | 1 Mosaic5g | 1 Flexric | 2026-06-02 | 7.5 High |
| FlexRIC v2.0.0 contains a reachable assertion in the iApp message dispatcher. The dispatcher validates incoming E2AP messages against a 9-entry whitelist using assert(). A remote unauthenticated attacker can send any decodable E2AP PDU with a message type not in the whitelist to crash the iApp process (port 36422) via SIGABRT. Since iApp and the near-RT RIC share one process, this terminates the entire RIC service and disconnects all E2 Nodes and xApps. | ||||
| CVE-2026-37224 | 1 Mosaic5g | 1 Flexric | 2026-06-02 | 7.5 High |
| FlexRIC v2.0.0 crashes when receiving a duplicate E2_SETUP_REQUEST from the same or spoofed E2 Node. The iApp registry enforces node ID uniqueness via assert() rather than graceful rejection. A remote unauthenticated attacker can crash the iApp process (port 36421) by sending two E2_SETUP_REQUESTs with the same E2 node configuration, triggering SIGABRT. | ||||
| CVE-2026-37225 | 1 Mosaic5g | 1 Flexric | 2026-06-02 | 7.5 High |
| FlexRIC v2.0.0 crashes when the iApp receives an E42_RIC_SUBSCRIPTION_REQUEST with an empty ricEventTriggerDefinition field. The E42 layer decoder accepts this as valid, but the E2AP encoder asserts a non-empty constraint when forwarding the request. A remote unauthenticated attacker can crash the iApp process (port 36422) via SIGABRT by exploiting this cross-layer validation mismatch. | ||||
| CVE-2026-37227 | 1 Mosaic5g | 1 Flexric | 2026-06-02 | 7.5 High |
| FlexRIC v2.0.0 contains reachable assert(0) calls in stub message handlers for whitelisted but unimplemented E2AP message types in the near-RT RIC. A remote unauthenticated attacker can send a decodable E2AP PDU of such a type (e.g., E2nodeConfigurationUpdate) to crash the near-RT RIC process (port 36421) via SIGABRT. The message passes whitelist validation but triggers an unconditional assertion in the handler. | ||||
| CVE-2026-38950 | 1 Esa | 1 Anomaly Match | 2026-06-02 | 7.8 High |
| An issue in ESA AnomalyMatch before 1.3.1 allow attackers to execute arbitrary code via crafted model checkpoint files. The affected components load model files from session directories using torch.load() with unrestricted deserialization. | ||||
| CVE-2026-37226 | 1 Mosaic5g | 1 Flexric | 2026-06-02 | 7.5 High |
| FlexRIC v2.0.0 crashes when the iApp receives an E42_RIC_SUBSCRIPTION_REQUEST referencing a non-existent E2 Node. The lookup function returns NULL, which is enforced by assert() in Debug builds (SIGABRT) and dereferenced in Release builds (SIGSEGV). A remote unauthenticated attacker can crash the iApp process (port 36422) by sending a subscription request with an arbitrary global_e2_node_id. | ||||
| CVE-2026-37228 | 1 Mosaic5g | 1 Flexric | 2026-06-02 | 7.5 High |
| FlexRIC v2.0.0 contains a reachable assertion in e2ap_recv_sctp_msg() (src/lib/ep/e2ap_ep.c). The function allocates a fixed 32KB receive buffer and enforces assert(rc < len) on the sctp_recvmsg() return value. A remote unauthenticated attacker can send a single SCTP message with payload >= 32,768 bytes to crash the near-RT RIC, iApp, E2 Agent, or xApp process via SIGABRT. No valid E2AP PDU is required. All four SCTP endpoint types (ports 36421 and 36422) share this vulnerable code path. In Release builds (NDEBUG), the stripped assertion leads to a signed-to-unsigned integer overflow and potential out-of-bounds read. | ||||
| CVE-2026-37229 | 1 Mosaic5g | 1 Flexric | 2026-06-02 | 7.5 High |
| FlexRIC v2.0.0 contains a reachable assertion in e2ap_create_pdu() triggered when ASN.1 PER decoding fails. A remote unauthenticated attacker can send any non-PER byte sequence (e.g., a single 0x00 byte) over SCTP to the near-RT RIC (port 36421) or iApp (port 36422) to crash the process via SIGABRT. The assertion is reached before any protocol-level validation occurs. All three E2AP protocol versions (v1.01, v2.03, v3.01) are affected. | ||||
| CVE-2026-37230 | 1 Mosaic5g | 1 Flexric | 2026-06-02 | 7.5 High |
| FlexRIC v2.0.0 crashes when the near-RT RIC receives a RIC_INDICATION message with a ran_func_id that does not exist in its registry. The lookup returns NULL, triggering assert() in Debug builds (SIGABRT) or NULL pointer dereference in Release builds (SIGSEGV). A remote unauthenticated attacker can crash the near-RT RIC (port 36421) by sending a crafted RIC_INDICATION with an arbitrary ran_func_id value. | ||||