VYPR

Vendor CVEs

Mediatek

All CVEs

447 total · sorted by risk
  • CVE-2022-21761Jun 6, 2022
    risk 0.00cvss epss 0.00

    In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479532; Issue ID: ALPS06479532.

  • CVE-2022-21760Jun 6, 2022
    risk 0.00cvss epss 0.00

    In apusys driver, there is a possible system crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479562; Issue ID: ALPS06479562.

  • CVE-2022-21758Jun 6, 2022
    risk 0.00cvss epss 0.00

    In ccu, there is a possible memory corruption due to a double free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06439600; Issue ID: ALPS06439600.

  • CVE-2022-21757Jun 6, 2022
    risk 0.00cvss epss 0.01

    In WIFI Firmware, there is a possible system crash due to a missing count check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06468894; Issue ID: ALPS06468894.

  • CVE-2022-21746Jun 6, 2022
    risk 0.00cvss epss 0.00

    In imgsensor, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479698; Issue ID: ALPS06479698.

  • CVE-2022-21745Jun 6, 2022
    risk 0.00cvss epss 0.00

    In WIFI Firmware, there is a possible memory corruption due to a use after free. This could lead to remote escalation of privilege, when devices are connecting to the attacker-controllable Wi-Fi hotspot, with no additional execution privileges needed. User interaction is not…

  • CVE-2022-21743May 3, 2022
    risk 0.00cvss epss 0.00

    In ion, there is a possible use after free due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06371108; Issue ID: ALPS06371108.

  • CVE-2022-20108May 3, 2022
    risk 0.00cvss epss 0.00

    In voice service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330702; Issue ID: DTV03330702.

  • CVE-2022-20107May 3, 2022
    risk 0.00cvss epss 0.00

    In subtitle service, there is a possible application crash due to an integer overflow. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330673; Issue ID: DTV03330673.

  • CVE-2022-20105May 3, 2022
    risk 0.00cvss epss 0.00

    In MM service, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03330460; Issue ID: DTV03330460.

  • CVE-2022-20104May 3, 2022
    risk 0.00cvss epss 0.00

    In aee daemon, there is a possible information disclosure due to improper access control. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID:…

  • CVE-2022-20103May 3, 2022
    risk 0.00cvss epss 0.00

    In aee daemon, there is a possible information disclosure due to symbolic link following. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06282684.

  • CVE-2022-20102May 3, 2022
    risk 0.00cvss epss 0.00

    In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06296442; Issue ID: ALPS06296405.

  • CVE-2022-20100May 3, 2022
    risk 0.00cvss epss 0.00

    In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06270804.

  • CVE-2022-20099May 3, 2022
    risk 0.00cvss epss 0.00

    In aee daemon, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06296442; Issue ID: ALPS06296442.

  • CVE-2022-20098May 3, 2022
    risk 0.00cvss epss 0.00

    In aee daemon, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06419017; Issue ID: ALPS06419017.

  • CVE-2022-20097May 3, 2022
    risk 0.00cvss epss 0.00

    In aee daemon, there is a possible information disclosure due to a race condition. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06383944; Issue ID: ALPS06383944.

  • CVE-2022-20095May 3, 2022
    risk 0.00cvss epss 0.00

    In imgsensor, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479763; Issue ID: ALPS06479763.

  • CVE-2022-20094May 3, 2022
    risk 0.00cvss epss 0.00

    In imgsensor, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06479763; Issue ID: ALPS06479734.

  • CVE-2022-20091May 3, 2022
    risk 0.00cvss epss 0.00

    In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209201; Issue ID: ALPS06226345.

  • CVE-2022-20090May 3, 2022
    risk 0.00cvss epss 0.00

    In aee driver, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209197; Issue ID: ALPS06209197.

  • CVE-2022-20089May 3, 2022
    risk 0.00cvss epss 0.00

    In aee driver, there is a possible memory corruption due to active debug code. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06240397; Issue ID: ALPS06240397.

  • CVE-2022-20088May 3, 2022
    risk 0.00cvss epss 0.00

    In aee driver, there is a possible reference count mistake due to incorrect error handling. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06209201; Issue ID: ALPS06209201.

  • CVE-2022-20087May 3, 2022
    risk 0.00cvss epss 0.00

    In ccu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06477970; Issue ID: ALPS06477970.

  • CVE-2022-20085May 3, 2022
    risk 0.00cvss epss 0.00

    In netdiag, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308877; Issue ID: ALPS06308877.

  • CVE-2022-20080Apr 11, 2022
    risk 0.00cvss epss 0.00

    In SUB2AF, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05881290; Issue ID: ALPS05881290.

  • CVE-2022-20079Apr 11, 2022
    risk 0.00cvss epss 0.00

    In vow, there is a possible read of uninitialized data due to a improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05857289.

  • CVE-2022-20077Apr 11, 2022
    risk 0.00cvss epss 0.00

    In vow, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05837742; Issue ID: ALPS05852812.

  • CVE-2022-20076Apr 11, 2022
    risk 0.00cvss epss 0.00

    In ged, there is a possible memory corruption due to an incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05838808; Issue ID: ALPS05839556.

  • CVE-2022-20075Apr 11, 2022
    risk 0.00cvss epss 0.00

    In ged, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05838808; Issue ID: ALPS05838808.

  • CVE-2022-20074Apr 11, 2022
    risk 0.00cvss epss 0.00

    In preloader (partition), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed…

  • CVE-2022-20071Apr 11, 2022
    risk 0.00cvss epss 0.00

    In ccu, there is a possible escalation of privilege due to a missing certificate validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS06183315; Issue ID: ALPS06183315.

  • CVE-2022-20068Apr 11, 2022
    risk 0.00cvss epss 0.00

    In mobile_log_d, there is a possible symbolic link following due to an improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06308907; Issue ID:…

  • CVE-2022-20052Apr 11, 2022
    risk 0.00cvss epss 0.00

    In mdp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS05836642; Issue ID: ALPS05836642.

  • CVE-2022-20067Apr 11, 2022
    risk 0.00cvss epss 0.00

    In mdp, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is no needed for exploitation. Patch ID: ALPS05836585; Issue ID: ALPS05836585.

  • CVE-2022-20066Apr 11, 2022
    risk 0.00cvss epss 0.00

    In atf (hwfde), there is a possible leak of sensitive information due to incorrect error handling. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171729; Issue ID:…

  • CVE-2022-20065Apr 11, 2022
    risk 0.00cvss epss 0.00

    In ccci, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06108658; Issue ID: ALPS06108658.

  • CVE-2022-20063Apr 11, 2022
    risk 0.00cvss epss 0.00

    In atf (spm), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS06171715; Issue ID: ALPS06171715.

  • CVE-2022-20081Apr 11, 2022
    risk 0.00cvss epss 0.01

    In A-GPS, there is a possible man in the middle attack due to improper certificate validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06461919; Issue ID:…

  • CVE-2022-20059Mar 9, 2022
    risk 0.00cvss epss 0.00

    In preloader (usb), there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege, for an attacker who has physical access to the device, with no additional execution privileges needed. User interaction is needed for…

  • CVE-2022-20050Mar 9, 2022
    risk 0.00cvss epss 0.00

    In connsyslogger, there is a possible symbolic link following due to improper link resolution. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06335038; Issue ID:…

  • CVE-2022-20047Mar 9, 2022
    risk 0.00cvss epss 0.00

    In video decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917489; Issue ID:…

  • CVE-2022-20035Feb 9, 2022
    risk 0.00cvss epss 0.00

    In vcu driver, there is a possible information disclosure due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171675; Issue ID: ALPS06171675.

  • CVE-2022-20034Feb 9, 2022
    risk 0.00cvss epss 0.00

    In Preloader XFLASH, there is a possible escalation of privilege due to an improper certificate validation. This could lead to local escalation of privilege for an attacker who has physical access to the device with no additional execution privileges needed. User interaction is…

  • CVE-2022-20032Feb 9, 2022
    risk 0.00cvss epss 0.00

    In vow driver, there is a possible memory corruption due to a race condition. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05852822; Issue ID: ALPS05852822.

  • CVE-2022-20029Feb 9, 2022
    risk 0.00cvss epss 0.00

    In cmdq driver, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05747150; Issue ID: ALPS05747150.

  • CVE-2022-20030Feb 9, 2022
    risk 0.00cvss epss 0.00

    In vow driver, there is a possible out of bounds write due to a stack-based buffer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05837793; Issue ID: ALPS05837793.

  • CVE-2021-30636Jan 24, 2022
    risk 0.00cvss epss 0.01

    In MediaTek LinkIt SDK before 4.6.1, there is a possible memory corruption due to an integer overflow during mishandled memory allocation by pvPortCalloc and pvPortRealloc.

  • CVE-2022-20019Jan 4, 2022
    risk 0.00cvss epss 0.00

    In libMtkOmxGsmDec, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05917620; Issue ID:…

  • CVE-2022-20018Jan 4, 2022
    risk 0.00cvss epss 0.00

    In seninf driver, there is a possible information disclosure due to uninitialized data. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05863018; Issue ID: ALPS05863018.

Page 7 of 9