Page 4 of 28 results (0.008 seconds)

CVSS: 6.7EPSS: 0%CPEs: 45EXPL: 0

In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07733998 / ALPS07874388 (For MT6880 and MT6890 only). • https://corp.mediatek.com/product-security-bulletin/May-2023 • CWE-787: Out-of-bounds Write •

CVSS: 3.3EPSS: 0%CPEs: 67EXPL: 0

In mnld, there is a possible leak of GPS location due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only); Issue ID: ALPS07735968 / ALPS07884552 (For MT6880, MT6890, MT6980, MT6980D and MT6990 only). • https://corp.mediatek.com/product-security-bulletin/May-2023 • CWE-862: Missing Authorization •

CVSS: 6.7EPSS: 0%CPEs: 27EXPL: 0

In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only); Issue ID: ALPS07856356 / ALPS07874388 (For MT6880 and MT6890 only). • https://corp.mediatek.com/product-security-bulletin/May-2023 • CWE-787: Out-of-bounds Write •

CVSS: 6.7EPSS: 0%CPEs: 32EXPL: 0

In preloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only); Issue ID: ALPS07734012 / ALPS07874363 (For MT6880, MT6890, MT6980 and MT6990 only). • https://corp.mediatek.com/product-security-bulletin/May-2023 • CWE-787: Out-of-bounds Write •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

Openwrt before v21.02.3 and Openwrt v22.03.0-rc6 were discovered to contain two skip loops in the function header_value(). This vulnerability allows attackers to access sensitive information via a crafted HTTP request. Se ha detectado que Openwrt versiones anteriores a v21.02.3 y Openwrt versión v22.03.0-rc6, contienen dos bucles de omisión en la función header_value(). Esta vulnerabilidad permite a atacantes acceder a información confidencial por medio de una petición HTTP diseñada • https://git.openwrt.org/?p=project/cgi-io.git%3Ba=commit%3Bh=901b0f0463c9d16a8cf5b9ed37118d8484bc9176 https://git.openwrt.org/?p=project/cgi-io.git%3Ba=commitdiff%3Bh=901b0f0463c9d16a8cf5b9ed37118d8484bc9176 https://git.openwrt.org/?p=project/cgi-io.git%3Ba=patch%3Bh=901b0f0463c9d16a8cf5b9ed37118d8484bc9176 • CWE-125: Out-of-bounds Read •