Vendor CVEs
Mediatek
All CVEs
447 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-45185 | 0.00 | — | 0.00 | Nov 4, 2024 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, Modem 5300. There is an out-of-bounds write due to a heap overflow in the GPRS… | |||
| CVE-2024-47754 | 0.00 | — | 0.00 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning Fix a smatch static checker warning on vdec_h264_req_multi_if.c. Which leads to a kernel crash when fb is NULL. | |||
| CVE-2024-20095 | 0.00 | — | 0.00 | Oct 7, 2024 | In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996894; Issue ID: MSV-1636. | |||
| CVE-2024-20077 | 0.00 | — | 0.01 | Jul 1, 2024 | In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01297807; Issue ID: MSV-1482. | |||
| CVE-2023-52858 | 0.00 | — | 0.00 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference. | |||
| CVE-2024-20058 | 0.00 | — | 0.00 | May 6, 2024 | In keyInstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580204; Issue ID: ALPS08580204. | |||
| CVE-2023-33090 | 0.00 | — | 0.00 | Mar 4, 2024 | Transient DOS while processing channel information for speaker protection v2 module in ADSP. | |||
| CVE-2024-20037 | 0.00 | — | 0.00 | Mar 4, 2024 | In pq, there is a possible write-what-where condition due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495937; Issue ID: ALPS08495937. | |||
| CVE-2024-20024 | 0.00 | — | 0.00 | Mar 4, 2024 | In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541635; Issue ID: ALPS08541635. | |||
| CVE-2024-20005 | 0.00 | — | 0.00 | Mar 4, 2024 | In da, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355599; Issue ID: ALPS08355599. | |||
| CVE-2024-20004 | 0.00 | — | 0.01 | Feb 5, 2024 | In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation.… | |||
| CVE-2024-20001 | 0.00 | — | 0.00 | Feb 5, 2024 | In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961601; Issue ID: DTV03961601. | |||
| CVE-2024-20013 | 0.00 | — | 0.00 | Feb 5, 2024 | In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08471742; Issue ID: ALPS08308608. | |||
| CVE-2024-20012 | 0.00 | — | 0.00 | Feb 5, 2024 | In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358566; Issue ID: ALPS08358566. | |||
| CVE-2024-20003 | 0.00 | — | 0.01 | Feb 5, 2024 | In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation.… | |||
| CVE-2024-20011 | 0.00 | — | 0.00 | Feb 5, 2024 | In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146. | |||
| CVE-2024-20009 | 0.00 | — | 0.00 | Feb 5, 2024 | In alac decoder, there is a possible out of bounds write due to an incorrect error handling. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441150; Issue ID:… | |||
| CVE-2024-20007 | 0.00 | — | 0.00 | Feb 5, 2024 | In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441369; Issue ID: ALPS08441369. | |||
| CVE-2023-32889 | 0.00 | — | 0.00 | Jan 2, 2024 | In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161825; Issue ID:… | |||
| CVE-2023-32888 | 0.00 | — | 0.01 | Jan 2, 2024 | In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161830; Issue ID:… | |||
| CVE-2023-32887 | 0.00 | — | 0.01 | Jan 2, 2024 | In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161837; Issue ID: MOLY01161837… | |||
| CVE-2023-32886 | 0.00 | — | 0.01 | Jan 2, 2024 | In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00730807; Issue ID: MOLY00730807. | |||
| CVE-2023-32884 | 0.00 | — | 0.00 | Jan 2, 2024 | In netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944011; Issue ID: ALPS07944011. | |||
| CVE-2023-32878 | 0.00 | — | 0.00 | Jan 2, 2024 | In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08307992. | |||
| CVE-2023-32876 | 0.00 | — | 0.00 | Jan 2, 2024 | In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308612; Issue ID: ALPS08308612. | |||
| CVE-2023-32874 | 0.00 | — | 0.01 | Jan 2, 2024 | In Modem IMS Stack, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161803; Issue ID: MOLY01161803… | |||
| CVE-2023-33089 | 0.00 | — | 0.00 | Dec 5, 2023 | Transient DOS when processing a NULL buffer while parsing WLAN vdev. | |||
| CVE-2023-32867 | 0.00 | — | 0.00 | Dec 4, 2023 | In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560793; Issue ID: ALPS07560793. | |||
| CVE-2023-32846 | 0.00 | — | 0.01 | Dec 4, 2023 | In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:… | |||
| CVE-2023-32845 | 0.00 | — | 0.01 | Dec 4, 2023 | In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:… | |||
| CVE-2023-32843 | 0.00 | — | 0.01 | Dec 4, 2023 | In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:… | |||
| CVE-2023-32842 | 0.00 | — | 0.01 | Dec 4, 2023 | In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:… | |||
| CVE-2023-32853 | 0.00 | — | 0.00 | Dec 4, 2023 | In rpmb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648764; Issue ID: ALPS07648764. | |||
| CVE-2023-32852 | 0.00 | — | 0.00 | Dec 4, 2023 | In cameraisp, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07670971; Issue ID: ALPS07670971. | |||
| CVE-2023-32849 | 0.00 | — | 0.00 | Dec 4, 2023 | In cmdq, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161758; Issue ID: ALPS08161758. | |||
| CVE-2023-20702 | 0.00 | — | 0.01 | Nov 6, 2023 | In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:… | |||
| CVE-2023-32835 | 0.00 | — | 0.00 | Nov 6, 2023 | In keyinstall, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08157918; Issue ID: ALPS08157918. | |||
| CVE-2023-32818 | 0.00 | — | 0.00 | Nov 6, 2023 | In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896 & ALPS08013430; Issue ID: ALPS07867715. | |||
| CVE-2023-43697 | 0.00 | — | 0.01 | Oct 9, 2023 | Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests. | |||
| CVE-2023-43700 | 0.00 | — | 0.01 | Oct 9, 2023 | Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication. | |||
| CVE-2023-43696 | 0.00 | — | 0.01 | Oct 9, 2023 | Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server. | |||
| CVE-2023-24855 | 0.00 | — | 0.01 | Oct 3, 2023 | Memory corruption in Modem while processing security related configuration before AS Security Exchange. | |||
| CVE-2023-24843 | 0.00 | — | 0.00 | Oct 3, 2023 | Transient DOS in Modem while triggering a camping on an 5G cell. | |||
| CVE-2023-32830 | 0.00 | — | 0.00 | Oct 2, 2023 | In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03802522; Issue ID: DTV03802522. | |||
| CVE-2023-32822 | 0.00 | — | 0.00 | Oct 2, 2023 | In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07994229; Issue ID: ALPS07994229. | |||
| CVE-2023-20819 | 0.00 | — | 0.01 | Oct 2, 2023 | In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: MOLY01068234; Issue ID:… | |||
| CVE-2023-21653 | 0.00 | — | 0.00 | Sep 5, 2023 | Transient DOS in Modem while processing RRC reconfiguration message. | |||
| CVE-2023-21646 | 0.00 | — | 0.00 | Sep 5, 2023 | Transient DOS in Modem while processing invalid System Information Block 1. | |||
| CVE-2023-32817 | 0.00 | — | 0.00 | Sep 4, 2023 | In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044035. | |||
| CVE-2023-32815 | 0.00 | — | 0.00 | Sep 4, 2023 | In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08037801; Issue ID: ALPS08037801. |
- CVE-2024-45185Nov 4, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, Modem 5300. There is an out-of-bounds write due to a heap overflow in the GPRS…
- CVE-2024-47754Oct 21, 2024risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Fix H264 multi stateless decoder smatch warning Fix a smatch static checker warning on vdec_h264_req_multi_if.c. Which leads to a kernel crash when fb is NULL.
- CVE-2024-20095Oct 7, 2024risk 0.00cvss —epss 0.00
In m4u, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08996894; Issue ID: MSV-1636.
- CVE-2024-20077Jul 1, 2024risk 0.00cvss —epss 0.01
In Modem, there is a possible system crash due to incorrect error handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01297807; Issue ID: MSV-1482.
- CVE-2023-52858May 21, 2024risk 0.00cvss —epss 0.00
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference.
- CVE-2024-20058May 6, 2024risk 0.00cvss —epss 0.00
In keyInstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08580204; Issue ID: ALPS08580204.
- CVE-2023-33090Mar 4, 2024risk 0.00cvss —epss 0.00
Transient DOS while processing channel information for speaker protection v2 module in ADSP.
- CVE-2024-20037Mar 4, 2024risk 0.00cvss —epss 0.00
In pq, there is a possible write-what-where condition due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08495937; Issue ID: ALPS08495937.
- CVE-2024-20024Mar 4, 2024risk 0.00cvss —epss 0.00
In flashc, there is a possible out of bounds write due to lack of valudation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08541635; Issue ID: ALPS08541635.
- CVE-2024-20005Mar 4, 2024risk 0.00cvss —epss 0.00
In da, there is a possible permission bypass due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08355599; Issue ID: ALPS08355599.
- CVE-2024-20004Feb 5, 2024risk 0.00cvss —epss 0.01
In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation.…
- CVE-2024-20001Feb 5, 2024risk 0.00cvss —epss 0.00
In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03961601; Issue ID: DTV03961601.
- CVE-2024-20013Feb 5, 2024risk 0.00cvss —epss 0.00
In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08471742; Issue ID: ALPS08308608.
- CVE-2024-20012Feb 5, 2024risk 0.00cvss —epss 0.00
In keyInstall, there is a possible escalation of privilege due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08358566; Issue ID: ALPS08358566.
- CVE-2024-20003Feb 5, 2024risk 0.00cvss —epss 0.01
In Modem NL1, there is a possible system crash due to an improper input validation. This could lead to remote denial of service, if NW sent invalid NR RRC Connection Setup message, with no additional execution privileges needed. User interaction is not needed for exploitation.…
- CVE-2024-20011Feb 5, 2024risk 0.00cvss —epss 0.00
In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146.
- CVE-2024-20009Feb 5, 2024risk 0.00cvss —epss 0.00
In alac decoder, there is a possible out of bounds write due to an incorrect error handling. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441150; Issue ID:…
- CVE-2024-20007Feb 5, 2024risk 0.00cvss —epss 0.00
In mp3 decoder, there is a possible out of bounds write due to a race condition. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08441369; Issue ID: ALPS08441369.
- CVE-2023-32889Jan 2, 2024risk 0.00cvss —epss 0.00
In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161825; Issue ID:…
- CVE-2023-32888Jan 2, 2024risk 0.00cvss —epss 0.01
In Modem IMS Call UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161830; Issue ID:…
- CVE-2023-32887Jan 2, 2024risk 0.00cvss —epss 0.01
In Modem IMS Stack, there is a possible system crash due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161837; Issue ID: MOLY01161837…
- CVE-2023-32886Jan 2, 2024risk 0.00cvss —epss 0.01
In Modem IMS SMS UA, there is a possible out of bounds write due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00730807; Issue ID: MOLY00730807.
- CVE-2023-32884Jan 2, 2024risk 0.00cvss —epss 0.00
In netdagent, there is a possible information disclosure due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07944011; Issue ID: ALPS07944011.
- CVE-2023-32878Jan 2, 2024risk 0.00cvss —epss 0.00
In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08307992.
- CVE-2023-32876Jan 2, 2024risk 0.00cvss —epss 0.00
In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308612; Issue ID: ALPS08308612.
- CVE-2023-32874Jan 2, 2024risk 0.00cvss —epss 0.01
In Modem IMS Stack, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01161803; Issue ID: MOLY01161803…
- CVE-2023-33089Dec 5, 2023risk 0.00cvss —epss 0.00
Transient DOS when processing a NULL buffer while parsing WLAN vdev.
- CVE-2023-32867Dec 4, 2023risk 0.00cvss —epss 0.00
In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560793; Issue ID: ALPS07560793.
- CVE-2023-32846Dec 4, 2023risk 0.00cvss —epss 0.01
In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:…
- CVE-2023-32845Dec 4, 2023risk 0.00cvss —epss 0.01
In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:…
- CVE-2023-32843Dec 4, 2023risk 0.00cvss —epss 0.01
In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:…
- CVE-2023-32842Dec 4, 2023risk 0.00cvss —epss 0.01
In 5G Modem, there is a possible system crash due to improper error handling. This could lead to remote denial of service when receiving malformed RRC messages, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:…
- CVE-2023-32853Dec 4, 2023risk 0.00cvss —epss 0.00
In rpmb, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07648764; Issue ID: ALPS07648764.
- CVE-2023-32852Dec 4, 2023risk 0.00cvss —epss 0.00
In cameraisp, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07670971; Issue ID: ALPS07670971.
- CVE-2023-32849Dec 4, 2023risk 0.00cvss —epss 0.00
In cmdq, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161758; Issue ID: ALPS08161758.
- CVE-2023-20702Nov 6, 2023risk 0.00cvss —epss 0.01
In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID:…
- CVE-2023-32835Nov 6, 2023risk 0.00cvss —epss 0.00
In keyinstall, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08157918; Issue ID: ALPS08157918.
- CVE-2023-32818Nov 6, 2023risk 0.00cvss —epss 0.00
In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896 & ALPS08013430; Issue ID: ALPS07867715.
- CVE-2023-43697Oct 9, 2023risk 0.00cvss —epss 0.01
Modification of Assumed-Immutable Data (MAID) in RDT400 in SICK APU allows an unprivileged remote attacker to make the site unable to load necessary strings via changing file paths using HTTP requests.
- CVE-2023-43700Oct 9, 2023risk 0.00cvss —epss 0.01
Missing Authorization in RDT400 in SICK APU allows an unprivileged remote attacker to modify data via HTTP requests that no not require authentication.
- CVE-2023-43696Oct 9, 2023risk 0.00cvss —epss 0.01
Improper Access Control in SICK APU allows an unprivileged remote attacker to download as well as upload arbitrary files via anonymous access to the FTP server.
- CVE-2023-24855Oct 3, 2023risk 0.00cvss —epss 0.01
Memory corruption in Modem while processing security related configuration before AS Security Exchange.
- CVE-2023-24843Oct 3, 2023risk 0.00cvss —epss 0.00
Transient DOS in Modem while triggering a camping on an 5G cell.
- CVE-2023-32830Oct 2, 2023risk 0.00cvss —epss 0.00
In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03802522; Issue ID: DTV03802522.
- CVE-2023-32822Oct 2, 2023risk 0.00cvss —epss 0.00
In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07994229; Issue ID: ALPS07994229.
- CVE-2023-20819Oct 2, 2023risk 0.00cvss —epss 0.01
In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: MOLY01068234; Issue ID:…
- CVE-2023-21653Sep 5, 2023risk 0.00cvss —epss 0.00
Transient DOS in Modem while processing RRC reconfiguration message.
- CVE-2023-21646Sep 5, 2023risk 0.00cvss —epss 0.00
Transient DOS in Modem while processing invalid System Information Block 1.
- CVE-2023-32817Sep 4, 2023risk 0.00cvss —epss 0.00
In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08044040; Issue ID: ALPS08044035.
- CVE-2023-32815Sep 4, 2023risk 0.00cvss —epss 0.00
In gnss service, there is a possible out of bounds read due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08037801; Issue ID: ALPS08037801.
Page 3 of 9