CVSS: 6.7EPSS: 0%CPEs: 40EXPL: 0CVE-2023-32855
https://notcve.org/view.php?id=CVE-2023-32855
04 Dec 2023 — In aee, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07909204; Issue ID: ALPS07909204. En aee, existe una posible escalada de privilegios debido a la falta de una verificación de permisos. • https://corp.mediatek.com/product-security-bulletin/December-2023 • CWE-862: Missing Authorization •
CVSS: 6.7EPSS: 0%CPEs: 21EXPL: 0CVE-2023-32849
https://notcve.org/view.php?id=CVE-2023-32849
04 Dec 2023 — In cmdq, there is a possible out of bounds write due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161758; Issue ID: ALPS08161758. En cmdq, existe una posible escritura fuera de los límites debido a una confusión de tipos. • https://corp.mediatek.com/product-security-bulletin/December-2023 • CWE-787: Out-of-bounds Write •
CVSS: 8.4EPSS: 0%CPEs: 68EXPL: 0CVE-2023-32840
https://notcve.org/view.php?id=CVE-2023-32840
06 Nov 2023 — In modem CCCI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction may be also needed for exploitation Patch ID: MOLY01138425; Issue ID: MOLY01138425 (MSV-862). En modem CCCI, existe una posible escritura fuera de los límites debido a una verificación de los límites faltantes. Esto podría conducir a una escalada local de privilegios con permisos de ejecución de System necesarios. • https://corp.mediatek.com/product-security-bulletin/November-2023 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 22EXPL: 0CVE-2023-20702
https://notcve.org/view.php?id=CVE-2023-20702
06 Nov 2023 — In 5G NRLC, there is a possible invalid memory access due to lack of error handling. This could lead to remote denial of service, if UE received invalid 1-byte rlc sdu, with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00921261; Issue ID: MOLY01128895. En 5G NRLC, existe un posible acceso no válido a la memoria debido a la falta de manejo de errores. • https://corp.mediatek.com/product-security-bulletin/November-2023 •
CVSS: 6.7EPSS: 0%CPEs: 60EXPL: 0CVE-2023-32835
https://notcve.org/view.php?id=CVE-2023-32835
06 Nov 2023 — In keyinstall, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08157918; Issue ID: ALPS08157918. En keyinstall, existe una posible corrupción de memoria debido a confusión de tipos. • https://corp.mediatek.com/product-security-bulletin/November-2023 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.7EPSS: 0%CPEs: 50EXPL: 0CVE-2023-32834
https://notcve.org/view.php?id=CVE-2023-32834
06 Nov 2023 — In secmem, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08161762; Issue ID: ALPS08161762. En secmem, existe una posible corrupción de la memoria debido a una confusión de tipos. • https://corp.mediatek.com/product-security-bulletin/November-2023 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.7EPSS: 0%CPEs: 36EXPL: 0CVE-2023-32827
https://notcve.org/view.php?id=CVE-2023-32827
02 Oct 2023 — In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993539. En camera middleware, existe una posible escritura fuera de límites debido a una validación de entrada faltante. • https://corp.mediatek.com/product-security-bulletin/October-2023 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 36EXPL: 0CVE-2023-32826
https://notcve.org/view.php?id=CVE-2023-32826
02 Oct 2023 — In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993539; Issue ID: ALPS07993544. En camera middleware, existe una posible escritura fuera de límites debido a una validación de entrada faltante. • https://corp.mediatek.com/product-security-bulletin/October-2023 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 46EXPL: 0CVE-2023-32822
https://notcve.org/view.php?id=CVE-2023-32822
02 Oct 2023 — In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07994229; Issue ID: ALPS07994229. En ftm, existe una posible escritura fuera de límites debido a una verificación de límites faltantes. • https://corp.mediatek.com/product-security-bulletin/October-2023 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 46EXPL: 0CVE-2023-32820
https://notcve.org/view.php?id=CVE-2023-32820
02 Oct 2023 — In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07932637; Issue ID: ALPS07932637. En wlan firmware, existe una posible afirmación del firmware debido a un manejo inadecuado de la entrada. • https://corp.mediatek.com/product-security-bulletin/October-2023 • CWE-20: Improper Input Validation CWE-617: Reachable Assertion •