VYPR

Vendor CVEs

Mediatek

All CVEs

447 total · sorted by risk
  • CVE-2024-45185Nov 4, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, Modem 5300. There is an out-of-bounds write due to a heap overflow in the GPRS…

  • CVE-2024-47754Oct 21, 2024
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning Fix a smatch static checker warning on vdec_h264_req_multi_if.c. Which leads to a kernel crash when fb is NULL.

  • CVE-2024-20095Oct 7, 2024
    risk 0.00cvss epss 0.00

    In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996894; Issue ID: MSV-1636.

  • CVE-2024-20077Jul 1, 2024
    risk 0.00cvss epss 0.01

    In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01297807; Issue ID: MSV-1482.

  • CVE-2023-52858May 21, 2024
    risk 0.00cvss epss 0.00

    In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference.

  • CVE-2024-20058May 6, 2024
    risk 0.00cvss epss 0.00

    In keyInstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580204; Issue ID: ALPS08580204.

  • CVE-2023-33090Mar 4, 2024
    risk 0.00cvss epss 0.00

    Transient DOS while processing channel information for speaker protection v2 module in ADSP.

  • CVE-2024-20037Mar 4, 2024
    risk 0.00cvss epss 0.00

    In pq, there is a possible write-what-where condition due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495937; Issue ID: ALPS08495937.

  • CVE-2024-20024Mar 4, 2024
    risk 0.00cvss epss 0.00

    In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541635; Issue ID: ALPS08541635.

  • CVE-2024-20005Mar 4, 2024
    risk 0.00cvss epss 0.00

    In da, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355599; Issue ID: ALPS08355599.

  • CVE-2024-20004Feb 5, 2024
    risk 0.00cvss epss 0.01

    In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation.…

  • CVE-2024-20001Feb 5, 2024
    risk 0.00cvss epss 0.00

    In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961601; Issue ID: DTV03961601.

  • CVE-2024-20013Feb 5, 2024
    risk 0.00cvss epss 0.00

    In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08471742; Issue ID: ALPS08308608.

  • CVE-2024-20012Feb 5, 2024
    risk 0.00cvss epss 0.00

    In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358566; Issue ID: ALPS08358566.

  • CVE-2024-20003Feb 5, 2024
    risk 0.00cvss epss 0.01

    In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation.…

  • CVE-2024-20011Feb 5, 2024
    risk 0.00cvss epss 0.00

    In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146.

  • CVE-2024-20009Feb 5, 2024
    risk 0.00cvss epss 0.00

    In alac decoder, there is a possible out of bounds write due to an incorrect error handling. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441150; Issue ID:…

  • CVE-2024-20007Feb 5, 2024
    risk 0.00cvss epss 0.00

    In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441369; Issue ID: ALPS08441369.

  • CVE-2023-32889Jan 2, 2024
    risk 0.00cvss epss 0.00

    In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161825; Issue ID:…

  • CVE-2023-32888Jan 2, 2024
    risk 0.00cvss epss 0.01

    In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161830; Issue ID:…

  • CVE-2023-32887Jan 2, 2024
    risk 0.00cvss epss 0.01

    In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161837; Issue ID: MOLY01161837…

  • CVE-2023-32886Jan 2, 2024
    risk 0.00cvss epss 0.01

    In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00730807; Issue ID: MOLY00730807.

  • CVE-2023-32884Jan 2, 2024
    risk 0.00cvss epss 0.00

    In netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944011; Issue ID: ALPS07944011.

  • CVE-2023-32878Jan 2, 2024
    risk 0.00cvss epss 0.00

    In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08307992.

  • CVE-2023-32876Jan 2, 2024
    risk 0.00cvss epss 0.00

    In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308612; Issue ID: ALPS08308612.

  • CVE-2023-32874Jan 2, 2024
    risk 0.00cvss epss 0.01

    In Modem IMS Stack, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161803; Issue ID: MOLY01161803…

  • CVE-2023-33089Dec 5, 2023
    risk 0.00cvss epss 0.00

    Transient DOS when processing a NULL buffer while parsing WLAN vdev.

  • CVE-2023-32867Dec 4, 2023
    risk 0.00cvss epss 0.00

    In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560793; Issue ID: ALPS07560793.

  • CVE-2023-32846Dec 4, 2023
    risk 0.00cvss epss 0.01

    In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:…

  • CVE-2023-32845Dec 4, 2023
    risk 0.00cvss epss 0.01

    In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:…

  • CVE-2023-32843Dec 4, 2023
    risk 0.00cvss epss 0.01

    In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:…

  • CVE-2023-32842Dec 4, 2023
    risk 0.00cvss epss 0.01

    In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:…

  • CVE-2023-32853Dec 4, 2023
    risk 0.00cvss epss 0.00

    In rpmb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648764; Issue ID: ALPS07648764.

  • CVE-2023-32852Dec 4, 2023
    risk 0.00cvss epss 0.00

    In cameraisp, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07670971; Issue ID: ALPS07670971.

  • CVE-2023-32849Dec 4, 2023
    risk 0.00cvss epss 0.00

    In cmdq, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161758; Issue ID: ALPS08161758.

  • CVE-2023-20702Nov 6, 2023
    risk 0.00cvss epss 0.01

    In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:…

  • CVE-2023-32835Nov 6, 2023
    risk 0.00cvss epss 0.00

    In keyinstall, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08157918; Issue ID: ALPS08157918.

  • CVE-2023-32818Nov 6, 2023
    risk 0.00cvss epss 0.00

    In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896 & ALPS08013430; Issue ID: ALPS07867715.

  • CVE-2023-43697Oct 9, 2023
    risk 0.00cvss epss 0.01

    Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests.

  • CVE-2023-43700Oct 9, 2023
    risk 0.00cvss epss 0.01

    Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication.

  • CVE-2023-43696Oct 9, 2023
    risk 0.00cvss epss 0.01

    Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server.

  • CVE-2023-24855Oct 3, 2023
    risk 0.00cvss epss 0.01

    Memory corruption in Modem while processing security related configuration before AS Security Exchange.

  • CVE-2023-24843Oct 3, 2023
    risk 0.00cvss epss 0.00

    Transient DOS in Modem while triggering a camping on an 5G cell.

  • CVE-2023-32830Oct 2, 2023
    risk 0.00cvss epss 0.00

    In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03802522; Issue ID: DTV03802522.

  • CVE-2023-32822Oct 2, 2023
    risk 0.00cvss epss 0.00

    In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07994229; Issue ID: ALPS07994229.

  • CVE-2023-20819Oct 2, 2023
    risk 0.00cvss epss 0.01

    In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: MOLY01068234; Issue ID:…

  • CVE-2023-21653Sep 5, 2023
    risk 0.00cvss epss 0.00

    Transient DOS in Modem while processing RRC reconfiguration message.

  • CVE-2023-21646Sep 5, 2023
    risk 0.00cvss epss 0.00

    Transient DOS in Modem while processing invalid System Information Block 1.

  • CVE-2023-32817Sep 4, 2023
    risk 0.00cvss epss 0.00

    In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044035.

  • CVE-2023-32815Sep 4, 2023
    risk 0.00cvss epss 0.00

    In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08037801; Issue ID: ALPS08037801.

Page 3 of 9