Total
12297 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-20784 | 2 Google, Mediatek | 56 Android, Mt6580, Mt6731 and 53 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826989; Issue ID: ALPS07826989. | |||||
| CVE-2023-20783 | 2 Google, Mediatek | 56 Android, Mt6580, Mt6731 and 53 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In keyinstall, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07826905; Issue ID: ALPS07826905. | |||||
| CVE-2023-20781 | 2 Google, Mediatek | 56 Android, Mt6580, Mt6731 and 53 more | 2024-11-21 | N/A | 4.4 MEDIUM |
| In keyinstall, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS07905323. | |||||
| CVE-2023-20775 | 3 Google, Mediatek, Openwrt | 38 Android, Mt6739, Mt6757 and 35 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In display, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07978760; Issue ID: ALPS07363410. | |||||
| CVE-2023-20771 | 2 Google, Mediatek | 11 Android, Mt6580, Mt6739 and 8 more | 2024-11-21 | N/A | 6.4 MEDIUM |
| In display, there is a possible memory corruption due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07671046; Issue ID: ALPS07671046. | |||||
| CVE-2023-20767 | 2 Google, Mediatek | 10 Android, Mt6879, Mt6886 and 7 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In pqframework, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629585; Issue ID: ALPS07629584. | |||||
| CVE-2023-20766 | 2 Google, Mediatek | 53 Android, Mt6580, Mt6735 and 50 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In gps, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07573237; Issue ID: ALPS07573202. | |||||
| CVE-2023-20761 | 2 Google, Mediatek | 42 Android, Mt6739, Mt6761 and 39 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628604; Issue ID: ALPS07628582. | |||||
| CVE-2023-20760 | 2 Google, Mediatek | 5 Android, Mt6879, Mt6895 and 2 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In apu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629578; Issue ID: ALPS07629578. | |||||
| CVE-2023-20759 | 2 Google, Mediatek | 18 Android, Mt6739, Mt6768 and 15 more | 2024-11-21 | N/A | 4.4 MEDIUM |
| In cmdq, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07636133; Issue ID: ALPS07634601. | |||||
| CVE-2023-20758 | 2 Google, Mediatek | 18 Android, Mt6739, Mt6768 and 15 more | 2024-11-21 | N/A | 4.4 MEDIUM |
| In cmdq, there is a possible memory corruption due to a missing bounds check. This could lead to local denial of service with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07636133; Issue ID: ALPS07636130. | |||||
| CVE-2023-20757 | 2 Google, Mediatek | 17 Android, Mt6739, Mt6768 and 14 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In cmdq, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07636133; Issue ID: ALPS07636133. | |||||
| CVE-2023-20754 | 2 Google, Mediatek | 55 Android, Mt6580, Mt6731 and 52 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In keyinstall, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07563028; Issue ID: ALPS07588343. | |||||
| CVE-2023-20753 | 2 Google, Mediatek | 55 Android, Mt6580, Mt6731 and 52 more | 2024-11-21 | N/A | 6.7 MEDIUM |
| In rpmb, there is a possible out of bounds write due to a logic error. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07460390; Issue ID: ALPS07588667. | |||||
| CVE-2023-20555 | 1 Amd | 238 Athlon 3015ce, Athlon 3015ce Firmware, Athlon 3015e and 235 more | 2024-11-21 | N/A | 7.8 HIGH |
| Insufficient input validation in CpmDisplayFeatureSmm may allow an attacker to corrupt SMM memory by overwriting an arbitrary bit in an attacker-controlled pointer potentially leading to arbitrary code execution in SMM. | |||||
| CVE-2023-20250 | 1 Cisco | 8 Rv110w, Rv110w Firmware, Rv130 and 5 more | 2024-11-21 | N/A | 6.5 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This vulnerability is due to improper validation of requests that are sent to the web-based management interface. An attacker could exploit this vulnerability by sending a crafted request to the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code with root privileges on an affected device. To exploit this vulnerability, the attacker must have valid Administrator credentials on the affected device. | |||||
| CVE-2023-20213 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | N/A | 4.3 MEDIUM |
| A vulnerability in the CDP processing feature of Cisco ISE could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition of the CDP process on an affected device. This vulnerability is due to insufficient bounds checking when an affected device processes CDP traffic. An attacker could exploit this vulnerability by sending crafted CDP traffic to the device. A successful exploit could cause the CDP process to crash, impacting neighbor discovery and the ability of Cisco ISE to determine the reachability of remote devices. After a crash, the CDP process must be manually restarted using the cdp enable command in interface configuration mode. | |||||
| CVE-2023-20081 | 1 Cisco | 304 1100-4g Integrated Services Router, 1100-4p Integrated Services Router, 1100-6g Integrated Services Router and 301 more | 2024-11-21 | N/A | 6.8 MEDIUM |
| A vulnerability in the IPv6 DHCP (DHCPv6) client module of Cisco Adaptive Security Appliance (ASA) Software, Cisco Firepower Threat Defense (FTD) Software, Cisco IOS Software, and Cisco IOS XE Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to insufficient validation of DHCPv6 messages. An attacker could exploit this vulnerability by sending crafted DHCPv6 messages to an affected device. A successful exploit could allow the attacker to cause the device to reload, resulting in a DoS condition. Note: To successfully exploit this vulnerability, the attacker would need to either control the DHCPv6 server or be in a man-in-the-middle position. | |||||
| CVE-2023-20079 | 1 Cisco | 42 Ip Phone 6825, Ip Phone 6825 Firmware, Ip Phone 6841 and 39 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2023-20078 | 1 Cisco | 34 Ip Phone 6825, Ip Phone 6825 Firmware, Ip Phone 6841 and 31 more | 2024-11-21 | N/A | 9.8 CRITICAL |
| Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | |||||