CVSS: 5.5EPSS: 0%CPEs: 5EXPL: 0CVE-2023-40073
https://notcve.org/view.php?id=CVE-2023-40073
04 Dec 2023 — In visitUris of Notification.java, there is a possible cross-user media read due to Confused Deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. En visitUris de Notification.java, existe una posible lectura de medios entre usuarios debido a Confused Deputy. Esto podría dar lugar a la divulgación de información local sin necesidad de privilegios de ejecución adicionales. • https://android.googlesource.com/platform/frameworks/base/+/fe6fef4f9c1f75c12bffa4a1d16d9990cc3fbc35 •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0CVE-2023-35668
https://notcve.org/view.php?id=CVE-2023-35668
04 Dec 2023 — In visitUris of Notification.java, there is a possible way to display images from another user due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. En visitUris de Notification.java, existe una forma posible de mostrar imágenes de otro usuario debido a un diputado confundido. Esto podría dar lugar a la divulgación de información local sin necesidad de privilegios de ejecución adicionales. • https://android.googlesource.com/platform/frameworks/base/+/b7bd7df91740da680a5c3a84d8dd91b4ca6956dd •
CVSS: 6.7EPSS: 0%CPEs: 28EXPL: 0CVE-2023-32866
https://notcve.org/view.php?id=CVE-2023-32866
04 Dec 2023 — In mmp, there is a possible memory corruption due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07342152; Issue ID: ALPS07342152. En mmp, existe una posible corrupción de la memoria debido a una verificación de los límites incorrecta. • https://corp.mediatek.com/product-security-bulletin/December-2023 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 21EXPL: 0CVE-2023-32854
https://notcve.org/view.php?id=CVE-2023-32854
04 Dec 2023 — In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08240132; Issue ID: ALPS08240132. En ril, existe una posible escritura fuera de los límites debido a una verificación de los límites faltantes. • https://corp.mediatek.com/product-security-bulletin/December-2023 • CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 4EXPL: 0CVE-2023-32852
https://notcve.org/view.php?id=CVE-2023-32852
04 Dec 2023 — In cameraisp, there is a possible information disclosure due to improper input validation. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07670971; Issue ID: ALPS07670971. En cameraisp, existe una posible divulgación de información debido a una validación inadecuada del ingreso. • https://corp.mediatek.com/product-security-bulletin/December-2023 •
CVSS: 6.7EPSS: 0%CPEs: 21EXPL: 0CVE-2023-32849
https://notcve.org/view.php?id=CVE-2023-32849
04 Dec 2023 — In cmdq, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161758; Issue ID: ALPS08161758. En cmdq, existe una posible escritura fuera de los límites debido a una confusión de tipos. • https://corp.mediatek.com/product-security-bulletin/December-2023 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 38EXPL: 0CVE-2023-32851
https://notcve.org/view.php?id=CVE-2023-32851
04 Dec 2023 — In decoder, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08016652; Issue ID: ALPS08016652. En decoder, existe una posible escritura fuera de los límites debido a una verificación de los límites faltantes. • https://corp.mediatek.com/product-security-bulletin/December-2023 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 38EXPL: 0CVE-2023-32850
https://notcve.org/view.php?id=CVE-2023-32850
04 Dec 2023 — In decoder, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS08016659; Issue ID: ALPS08016659. En decoder, existe una posible escritura fuera de los límites debido a un desbordamiento de enteros. • https://corp.mediatek.com/product-security-bulletin/December-2023 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 13EXPL: 0CVE-2023-32848
https://notcve.org/view.php?id=CVE-2023-32848
04 Dec 2023 — In vdec, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08163896; Issue ID: ALPS08163896. En vdec, existe una posible escritura fuera de los límites debido a confusión de tipos. • https://corp.mediatek.com/product-security-bulletin/December-2023 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2023-42749
https://notcve.org/view.php?id=CVE-2023-42749
04 Dec 2023 — In enginnermode service, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed En enginnermode service, existe una forma posible de escribir registros de uso de permisos de una aplicación debido a que falta una verificación de permisos. Esto podría conducir a la divulgación de información local sin necesidad de privilegios de ejecución adicionales. • https://www.unisoc.com/en_us/secy/announcementDetail/https://www.unisoc.com/en_us/secy/announcementDetail/1731138365803266049 • CWE-862: Missing Authorization •