VYPR

Vendor CVEs

Mediatek

All CVEs

447 total · sorted by risk
  • CVE-2023-20697May 15, 2023
    risk 0.00cvss epss 0.00

    In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07589148; Issue ID: ALPS07589148.

  • CVE-2023-20708May 15, 2023
    risk 0.00cvss epss 0.00

    In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07581655; Issue ID: ALPS07581655.

  • CVE-2023-20698May 15, 2023
    risk 0.00cvss epss 0.00

    In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07589144; Issue ID: ALPS07589144.

  • CVE-2023-20722May 15, 2023
    risk 0.00cvss epss 0.00

    In m4u, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07771518; Issue ID: ALPS07680084.

  • CVE-2023-20709May 15, 2023
    risk 0.00cvss epss 0.00

    In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07576951; Issue ID: ALPS07576951.

  • CVE-2023-20710May 15, 2023
    risk 0.00cvss epss 0.00

    In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07576935; Issue ID: ALPS07576935.

  • CVE-2022-40505May 2, 2023
    risk 0.00cvss epss 0.00

    Information disclosure due to buffer over-read in Modem while parsing DNS hostname.

  • CVE-2022-33304May 2, 2023
    risk 0.00cvss epss 0.00

    Transient DOS due to NULL pointer dereference in Modem while performing pullup for received TCP/UDP packet.

  • CVE-2023-20654Apr 6, 2023
    risk 0.00cvss epss 0.00

    In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589148.

  • CVE-2023-20685Apr 6, 2023
    risk 0.00cvss epss 0.00

    In vdec, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07608575; Issue ID: ALPS07608575.

  • CVE-2023-20657Apr 6, 2023
    risk 0.00cvss epss 0.00

    In mtee, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07571485; Issue ID: ALPS07571485.

  • CVE-2023-20676Apr 6, 2023
    risk 0.00cvss epss 0.00

    In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588569; Issue ID: ALPS07628518.

  • CVE-2023-20677Apr 6, 2023
    risk 0.00cvss epss 0.00

    In wlan, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07588413; Issue ID: ALPS07588436.

  • CVE-2023-20684Apr 6, 2023
    risk 0.00cvss epss 0.00

    In vdec, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07671069; Issue ID: ALPS07671069.

  • CVE-2023-20658Apr 6, 2023
    risk 0.00cvss epss 0.00

    In isp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07537393; Issue ID: ALPS07180396.

  • CVE-2023-20687Apr 6, 2023
    risk 0.00cvss epss 0.00

    In display drm, there is a possible double free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570772; Issue ID: ALPS07570772.

  • CVE-2023-20681Apr 6, 2023
    risk 0.00cvss epss 0.00

    In adsp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07696134; Issue ID: ALPS07696134.

  • CVE-2023-20680Apr 6, 2023
    risk 0.00cvss epss 0.00

    In adsp, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664785; Issue ID: ALPS07664785.

  • CVE-2023-20655Apr 6, 2023
    risk 0.00cvss epss 0.00

    In mmsdk, there is a possible escalation of privilege due to a parcel format mismatch. This could lead to local code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07203022; Issue ID: ALPS07203022.

  • CVE-2023-20653Apr 6, 2023
    risk 0.00cvss epss 0.00

    In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628168; Issue ID: ALPS07589144.

  • CVE-2022-33298Apr 4, 2023
    risk 0.00cvss epss 0.00

    Memory corruption due to use after free in Modem while modem initialization.

  • CVE-2022-33294Apr 4, 2023
    risk 0.00cvss epss 0.00

    Transient DOS in Modem due to NULL pointer dereference while receiving response of lwm2m registration/update/bootstrap request message.

  • CVE-2022-33287Apr 4, 2023
    risk 0.00cvss epss 0.00

    Information disclosure in Modem due to buffer over-read while getting length of Unfragmented headers in an IPv6 packet.

  • CVE-2022-33259Apr 4, 2023
    risk 0.00cvss epss 0.00

    Memory corruption due to buffer copy without checking the size of input in modem while decoding raw SMS received.

  • CVE-2022-33258Apr 4, 2023
    risk 0.00cvss epss 0.00

    Information disclosure due to buffer over-read in modem while reading configuration parameters.

  • CVE-2022-33211Apr 4, 2023
    risk 0.00cvss epss 0.00

    memory corruption in modem due to improper check while calculating size of serialized CoAP message

  • CVE-2022-25747Apr 4, 2023
    risk 0.00cvss epss 0.00

    Information disclosure in modem due to improper input validation during parsing of upcoming CoAP message

  • CVE-2022-25740Apr 4, 2023
    risk 0.00cvss epss 0.00

    Memory corruption in modem due to buffer overwrite while building an IPv6 multicast address based on the MAC address of the iface

  • CVE-2022-25731Apr 4, 2023
    risk 0.00cvss epss 0.00

    Information disclosure in modem due to buffer over-read while processing packets from DNS server

  • CVE-2022-40531Mar 7, 2023
    risk 0.00cvss epss 0.00

    Memory corruption in WLAN due to incorrect type cast while sending WMI_SCAN_SCH_PRIO_TBL_CMDID message.

  • CVE-2022-33254Mar 7, 2023
    risk 0.00cvss epss 0.00

    Transient DOS due to reachable assertion in Modem while processing SIB1 Message.

  • CVE-2022-25709Mar 7, 2023
    risk 0.00cvss epss 0.00

    Memory corruption in modem due to use of out of range pointer offset while processing qmi msg

  • CVE-2022-25694Mar 7, 2023
    risk 0.00cvss epss 0.00

    Memory corruption in Modem due to usage of Out-of-range pointer offset in UIM

  • CVE-2023-20626Mar 7, 2023
    risk 0.00cvss epss 0.00

    In msdc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405223; Issue ID: ALPS07405223.

  • CVE-2023-20620Mar 7, 2023
    risk 0.00cvss epss 0.00

    In adsp, there is a possible escalation of privilege due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07554558; Issue ID: ALPS07554558.

  • CVE-2023-20651Mar 7, 2023
    risk 0.00cvss epss 0.00

    In apu, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629576; Issue ID: ALPS07629576.

  • CVE-2023-20621Mar 7, 2023
    risk 0.00cvss epss 0.00

    In tinysys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664755; Issue ID: ALPS07664755.

  • CVE-2023-20627Mar 7, 2023
    risk 0.00cvss epss 0.00

    In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629585; Issue ID: ALPS07629585.

  • CVE-2023-20623Mar 7, 2023
    risk 0.00cvss epss 0.00

    In ion, there is a possible escalation of privilege due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07559778; Issue ID: ALPS07559778.

  • CVE-2023-20628Mar 7, 2023
    risk 0.00cvss epss 0.00

    In thermal, there is a possible memory corruption due to an uncaught exception. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494460; Issue ID: ALPS07494460.

  • CVE-2022-25735Feb 9, 2023
    risk 0.00cvss epss 0.00

    Denial of service in modem due to missing null check while processing TCP or UDP packets from server

  • CVE-2023-20602Feb 6, 2023
    risk 0.00cvss epss 0.00

    In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494107; Issue ID: ALPS07494107.

  • CVE-2023-20605Feb 6, 2023
    risk 0.00cvss epss 0.00

    In keyinstall, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07550104; Issue ID: ALPS07550104.

  • CVE-2023-20606Feb 6, 2023
    risk 0.00cvss epss 0.00

    In apusys, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07571104; Issue ID: ALPS07571104.

  • CVE-2023-20609Feb 6, 2023
    risk 0.00cvss epss 0.00

    In ccu, there is a possible out of bounds read due to a logic error. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07570864; Issue ID: ALPS07570864.

  • CVE-2023-20608Feb 6, 2023
    risk 0.00cvss epss 0.00

    In display drm, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07363599; Issue ID: ALPS07363599.

  • CVE-2023-20607Feb 6, 2023
    risk 0.00cvss epss 0.00

    In ccu, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07512839; Issue ID: ALPS07512839.

  • CVE-2023-20616Feb 6, 2023
    risk 0.00cvss epss 0.00

    In ion, there is a possible out of bounds read due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07560720; Issue ID: ALPS07560720.

  • CVE-2022-32639Jan 3, 2023
    risk 0.00cvss epss 0.00

    In watchdog, there is a possible out of bounds read due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07494487; Issue ID: ALPS07494487.

  • CVE-2022-32650Jan 3, 2023
    risk 0.00cvss epss 0.00

    In mtk-isp, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07225853; Issue ID: ALPS07225853.

Page 5 of 9