CVSS: 7.8EPSS: 1%CPEs: 10EXPL: 0CVE-2023-20689
https://notcve.org/view.php?id=CVE-2023-20689
04 Jul 2023 — In wlan firmware, there is possible system crash due to an integer overflow. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664741; Issue ID: ALPS07664741. • https://corp.mediatek.com/product-security-bulletin/July-2023 • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.9EPSS: 2%CPEs: 1EXPL: 0CVE-2023-35926 – Insecure sandbox in Backstage Scaffolder plugin
https://notcve.org/view.php?id=CVE-2023-35926
22 Jun 2023 — Backstage is an open platform for building developer portals. The Backstage scaffolder-backend plugin uses a templating library that requires sandbox, as it by design allows for code injection. The library used for this sandbox so far has been `vm2`, but in light of several past vulnerabilities and existing vulnerabilities that may not have a fix, the plugin has switched to using a different sandbox library. A malicious actor with write access to a registered scaffolder template could manipulate the templat... • https://github.com/backstage/backstage/commit/fb7375507d56faedcb7bb3665480070593c8949a • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.7EPSS: 0%CPEs: 37EXPL: 0CVE-2023-20716
https://notcve.org/view.php?id=CVE-2023-20716
06 Jun 2023 — In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796883; Issue ID: ALPS07796883. • https://corp.mediatek.com/product-security-bulletin/June-2023 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 36EXPL: 0CVE-2023-20715
https://notcve.org/view.php?id=CVE-2023-20715
06 Jun 2023 — In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796900; Issue ID: ALPS07796900. • https://corp.mediatek.com/product-security-bulletin/June-2023 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 37EXPL: 0CVE-2023-20712
https://notcve.org/view.php?id=CVE-2023-20712
06 Jun 2023 — In wlan, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07796914; Issue ID: ALPS07796914. • https://corp.mediatek.com/product-security-bulletin/June-2023 • CWE-787: Out-of-bounds Write •
CVSS: 4.4EPSS: 0%CPEs: 49EXPL: 0CVE-2023-20747
https://notcve.org/view.php?id=CVE-2023-20747
06 Jun 2023 — In vcu, there is a possible memory corruption due to type confusion. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519103; Issue ID: ALPS07519121. • https://corp.mediatek.com/product-security-bulletin/June-2023 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.7EPSS: 0%CPEs: 24EXPL: 0CVE-2023-20746
https://notcve.org/view.php?id=CVE-2023-20746
06 Jun 2023 — In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519217. • https://corp.mediatek.com/product-security-bulletin/June-2023 • CWE-667: Improper Locking •
CVSS: 6.7EPSS: 0%CPEs: 15EXPL: 0CVE-2023-20745
https://notcve.org/view.php?id=CVE-2023-20745
06 Jun 2023 — In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07560694. • https://corp.mediatek.com/product-security-bulletin/June-2023 • CWE-667: Improper Locking •
CVSS: 6.7EPSS: 0%CPEs: 15EXPL: 0CVE-2023-20744
https://notcve.org/view.php?id=CVE-2023-20744
06 Jun 2023 — In vcu, there is a possible use after free due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519200. • https://corp.mediatek.com/product-security-bulletin/June-2023 • CWE-416: Use After Free •
CVSS: 6.7EPSS: 0%CPEs: 15EXPL: 0CVE-2023-20743
https://notcve.org/view.php?id=CVE-2023-20743
06 Jun 2023 — In vcu, there is a possible out of bounds write due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07519142; Issue ID: ALPS07519142. • https://corp.mediatek.com/product-security-bulletin/June-2023 • CWE-667: Improper Locking •