CVSS: 4.4EPSS: 0%CPEs: 23EXPL: 0CVE-2023-32878
https://notcve.org/view.php?id=CVE-2023-32878
02 Jan 2024 — In battery, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08307992. En battery, existe una posible divulgación de información debido a una verificación de los límites faltantes. • https://corp.mediatek.com/product-security-bulletin/January-2024 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 23EXPL: 0CVE-2023-32877
https://notcve.org/view.php?id=CVE-2023-32877
02 Jan 2024 — In battery, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308070; Issue ID: ALPS08308070. En battery, existe una posible escritura fuera de los límites debido a una verificación de los límites faltantes. • https://corp.mediatek.com/product-security-bulletin/January-2024 • CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 60EXPL: 0CVE-2023-32876
https://notcve.org/view.php?id=CVE-2023-32876
02 Jan 2024 — In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308612; Issue ID: ALPS08308612. En keyInstall, existe una posible divulgación de información debido a una verificación de los límites faltantes. • https://corp.mediatek.com/product-security-bulletin/January-2024 • CWE-125: Out-of-bounds Read •
CVSS: 4.4EPSS: 0%CPEs: 60EXPL: 0CVE-2023-32875
https://notcve.org/view.php?id=CVE-2023-32875
02 Jan 2024 — In keyInstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08304217. En keyInstall, existe una posible divulgación de información debido a una verificación de los límites faltantes. • https://corp.mediatek.com/product-security-bulletin/January-2024 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 60EXPL: 0CVE-2023-32872
https://notcve.org/view.php?id=CVE-2023-32872
02 Jan 2024 — In keyInstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08308607; Issue ID: ALPS08308607. En keyInstall, existe una posible escritura fuera de los límites debido a una verificación de los límites faltantes. • https://corp.mediatek.com/product-security-bulletin/January-2024 • CWE-787: Out-of-bounds Write •
CVSS: 5.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-6870 – Gentoo Linux Security Advisory 202401-10
https://notcve.org/view.php?id=CVE-2023-6870
19 Dec 2023 — Applications which spawn a Toast notification in a background thread may have obscured fullscreen notifications displayed by Firefox. *This issue only affects Android versions of Firefox and Firefox Focus.* This vulnerability affects Firefox < 121. Las aplicaciones que generan una notificación Toast en un hilo en segundo plano pueden haber oscurecido las notificaciones en pantalla completa mostradas por Firefox. *Este problema solo afecta a las versiones Firefox y Firefox Focus de Android.* Esta vulnerabili... • https://bugzilla.mozilla.org/show_bug.cgi?id=1823316 •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2023-6868 – Gentoo Linux Security Advisory 202401-10
https://notcve.org/view.php?id=CVE-2023-6868
19 Dec 2023 — In some instances, the user-agent would allow push requests which lacked a valid VAPID even though the push manager subscription defined one. This could allow empty messages to be sent from unauthorized parties. *This bug only affects Firefox on Android.* This vulnerability affects Firefox < 121. En algunos casos, el agente de usuario permitiría solicitudes de inserción que carecían de un VAPID válido aunque la suscripción del administrador de inserción definiera uno. Esto podría permitir que se envíen mens... • https://bugzilla.mozilla.org/show_bug.cgi?id=1865488 •
CVSS: 6.1EPSS: 0%CPEs: 9EXPL: 0CVE-2023-6857 – Mozilla: Symlinks may resolve to smaller than expected buffers
https://notcve.org/view.php?id=CVE-2023-6857
19 Dec 2023 — When resolving a symlink, a race may occur where the buffer passed to `readlink` may actually be smaller than necessary. *This bug only affects Firefox on Unix-based operating systems (Android, Linux, MacOS). Windows is unaffected.* This vulnerability affects Firefox ESR < 115.6, Thunderbird < 115.6, and Firefox < 121. Al resolver un enlace simbólico, puede ocurrir una ejecución en la que el búfer pase a "readlink" en realidad puede ser más pequeño de lo necesario. *Este error sólo afecta a Firefox en siste... • https://bugzilla.mozilla.org/show_bug.cgi?id=1796023 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') CWE-363: Race Condition Enabling Link Following •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48423
https://notcve.org/view.php?id=CVE-2023-48423
08 Dec 2023 — In dhcp4_SetPDNAddress of dhcp4_Main.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. En dhcp4_SetPDNAddress de dhcp4_Main.c, hay una posible escritura fuera de los límites debido a una comprobación de los límites faltante. Esto podría conducir a la ejecución remota de código sin necesidad de privilegios de ejecución adicionales. • https://source.android.com/security/bulletin/pixel/2023-12-01 • CWE-787: Out-of-bounds Write •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48422
https://notcve.org/view.php?id=CVE-2023-48422
08 Dec 2023 — In Init of protocolnetadapter.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. En Init de protocolnetadapter.cpp, existe una posible lectura fuera de los límites debido a una verificación de los límites faltantes. Esto podría dar lugar a la divulgación de información local sin necesidad de privilegios de ejecución adicionales. • https://source.android.com/security/bulletin/pixel/2023-12-01 • CWE-125: Out-of-bounds Read •