CVSS: 6.5EPSS: 0%CPEs: 10EXPL: 0CVE-2023-20800
https://notcve.org/view.php?id=CVE-2023-20800
07 Aug 2023 — In imgsys, there is a possible system crash due to a mssing ptr check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is needed for exploitation. Patch ID: ALPS07420968; Issue ID: ALPS07420955. • https://corp.mediatek.com/product-security-bulletin/August-2023 • CWE-863: Incorrect Authorization •
CVSS: 4.4EPSS: 0%CPEs: 31EXPL: 0CVE-2023-20796
https://notcve.org/view.php?id=CVE-2023-20796
07 Aug 2023 — In power, there is a possible memory corruption due to an incorrect bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07929790; Issue ID: ALPS07929790. • https://corp.mediatek.com/product-security-bulletin/August-2023 • CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 71EXPL: 0CVE-2023-20790
https://notcve.org/view.php?id=CVE-2023-20790
07 Aug 2023 — In nvram, there is a possible out of bounds write due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07740194; Issue ID: ALPS07740194. • https://corp.mediatek.com/product-security-bulletin/August-2023 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 1CVE-2023-37918 – API token authentication bypass in HTTP endpoints in Dapr
https://notcve.org/view.php?id=CVE-2023-37918
21 Jul 2023 — Dapr is a portable, event-driven, runtime for building distributed applications across cloud and edge. A vulnerability has been found in Dapr that allows bypassing API token authentication, which is used by the Dapr sidecar to authenticate calls coming from the application, with a well-crafted HTTP request. Users who leverage API token authentication are encouraged to upgrade Dapr to 1.10.9 or to 1.11.2. This vulnerability impacts Dapr users who have configured API token authentication. An attacker could cr... • https://docs.dapr.io/operations/security/api-token • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-37264 – Pipelines do not validate child UIDs
https://notcve.org/view.php?id=CVE-2023-37264
07 Jul 2023 — Tekton Pipelines project provides k8s-style resources for declaring CI/CD-style pipelines. Starting in version 0.35.0, pipelines do not validate child UIDs, which means that a user that has access to create TaskRuns can create their own Tasks that the Pipelines controller will accept as the child Task. While the software stores and validates the PipelineRun's (api version, kind, name, uid) in the child Run's OwnerReference, it only store (api version, kind, name) in the ChildStatusReference. This means that... • https://github.com/tektoncd/pipeline/blob/2d38f5fa840291395178422d34b36b1bc739e2a2/pkg/reconciler/pipelinerun/pipelinerun.go#L1358-L1372 • CWE-345: Insufficient Verification of Data Authenticity •
CVSS: 7.8EPSS: 1%CPEs: 33EXPL: 0CVE-2022-32666
https://notcve.org/view.php?id=CVE-2022-32666
04 Jul 2023 — In Wi-Fi, there is a possible low throughput due to misrepresentation of critical information. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: GN20220829014; Issue ID: GN20220829014. • https://corp.mediatek.com/product-security-bulletin/July-2023 •
CVSS: 7.8EPSS: 1%CPEs: 16EXPL: 0CVE-2023-20693
https://notcve.org/view.php?id=CVE-2023-20693
04 Jul 2023 — In wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664711; Issue ID: ALPS07664711. • https://corp.mediatek.com/product-security-bulletin/July-2023 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 1%CPEs: 11EXPL: 0CVE-2023-20692
https://notcve.org/view.php?id=CVE-2023-20692
04 Jul 2023 — In wlan firmware, there is possible system crash due to an uncaught exception. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664720; Issue ID: ALPS07664720. • https://corp.mediatek.com/product-security-bulletin/July-2023 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 7.8EPSS: 1%CPEs: 11EXPL: 0CVE-2023-20691
https://notcve.org/view.php?id=CVE-2023-20691
04 Jul 2023 — In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664731; Issue ID: ALPS07664731. • https://corp.mediatek.com/product-security-bulletin/July-2023 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.8EPSS: 1%CPEs: 12EXPL: 0CVE-2023-20690
https://notcve.org/view.php?id=CVE-2023-20690
04 Jul 2023 — In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664735; Issue ID: ALPS07664735. • https://corp.mediatek.com/product-security-bulletin/July-2023 • CWE-190: Integer Overflow or Wraparound •