Page 113 of 2505 results (0.013 seconds)

CVSS: 6.7EPSS: 0%CPEs: 46EXPL: 0

In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07994229; Issue ID: ALPS07994229. En ftm, existe una posible escritura fuera de límites debido a una verificación de límites faltantes. • https://corp.mediatek.com/product-security-bulletin/October-2023 • CWE-787: Out-of-bounds Write •

CVSS: 6.7EPSS: 0%CPEs: 12EXPL: 0

In video, there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08013430; Issue ID: ALPS08013433. En vídeo, hay una posible escritura fuera de límites debido a una omisión de permisos. • https://corp.mediatek.com/product-security-bulletin/October-2023 • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 46EXPL: 0

In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07932637; Issue ID: ALPS07932637. En wlan firmware, existe una posible afirmación del firmware debido a un manejo inadecuado de la entrada. • https://corp.mediatek.com/product-security-bulletin/October-2023 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •

CVSS: 4.4EPSS: 0%CPEs: 16EXPL: 0

In display, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue ID: ALPS08014138. En el display, hay una posible divulgación de información debido a una ausencia de la verificación de los límites. • https://corp.mediatek.com/product-security-bulletin/October-2023 •

CVSS: 3.6EPSS: 0%CPEs: 2EXPL: 0

The vulnerability is that the Messaging ("com.android.mms") app patched by LG forwards attacker-controlled intents back to the attacker in the exported "com.android.mms.ui.QClipIntentReceiverActivity" activity. The attacker can abuse this functionality by launching this activity and then sending a broadcast with the "com.lge.message.action.QCLIP" action. The attacker can send, e.g., their own data/clipdata and set Intent.FLAG_GRANT_* flags. After the attacker received that intent in the "onActivityResult()" method, they would have access to arbitrary content providers that have the `android:grantUriPermissions="true"` flag set. La vulnerabilidad es que la aplicación de mensajería ("com.android.mms") parcheada por LG reenvía intentos controlados por el atacante en la actividad "com.android.mms.ui.QClipIntentReceiverActivity" exportada. • https://lgsecurity.lge.com/bulletins/mobile#updateDetails • CWE-926: Improper Export of Android Application Components •