CVE-2024-20134

CVE-2024-20134

Título es
CVE-2024-20134

Lun, 02/12/2024 – 04:15

Tipo
CWE-787

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-20134

Descripción en
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09154589; Issue ID: MSV-1866.

02/12/2024
02/12/2024
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • https://corp.mediatek.com/product-security-bulletin/December-2024

    • Enviar en el boletín
    Off

    CVE-2024-20133

    CVE-2024-20133

    Título es
    CVE-2024-20133

    Lun, 02/12/2024 – 04:15

    Tipo
    CWE-787

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20133

    Descripción en
    In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01395886; Issue ID: MSV-1871.

    02/12/2024
    02/12/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://corp.mediatek.com/product-security-bulletin/December-2024

    • Enviar en el boletín
    Off

    CVE-2024-20132

    CVE-2024-20132

    Título es
    CVE-2024-20132

    Lun, 02/12/2024 – 04:15

    Tipo
    CWE-787

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20132

    Descripción en
    In Modem, there is a possible out of bonds write due to a mission bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY00957388; Issue ID: MSV-1872.

    02/12/2024
    02/12/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://corp.mediatek.com/product-security-bulletin/December-2024

    • Enviar en el boletín
    Off

    CVE-2024-20131

    CVE-2024-20131

    Título es
    CVE-2024-20131

    Lun, 02/12/2024 – 04:15

    Tipo
    CWE-787

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20131

    Descripción en
    In Modem, there is a possible escalation of privilege due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: MOLY01395886; Issue ID: MSV-1873.

    02/12/2024
    02/12/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://corp.mediatek.com/product-security-bulletin/December-2024

    • Enviar en el boletín
    Off

    CVE-2024-20130

    CVE-2024-20130

    Título es
    CVE-2024-20130

    Lun, 02/12/2024 – 04:15

    Tipo
    CWE-121

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20130

    Descripción en
    In power, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09193374; Issue ID: MSV-1982.

    02/12/2024
    02/12/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://corp.mediatek.com/product-security-bulletin/December-2024

    • Enviar en el boletín
    Off

    CVE-2024-20139

    CVE-2024-20139

    Título es
    CVE-2024-20139

    Lun, 02/12/2024 – 04:15

    Tipo
    CWE-617

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20139

    Descripción en
    In Bluetooth firmware, there is a possible firmware asssert due to improper handling of exceptional conditions. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS09001270; Issue ID: MSV-1600.

    02/12/2024
    02/12/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://corp.mediatek.com/product-security-bulletin/December-2024

    • Enviar en el boletín
    Off

    CVE-2024-20138

    CVE-2024-20138

    Título es
    CVE-2024-20138

    Lun, 02/12/2024 – 04:15

    Tipo
    CWE-125

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20138

    Descripción en
    In wlan driver, there is a possible out of bound read due to improper input validation. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08998291; Issue ID: MSV-1604.

    02/12/2024
    02/12/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://corp.mediatek.com/product-security-bulletin/December-2024

    • Enviar en el boletín
    Off

    CVE-2024-20137

    CVE-2024-20137

    Título es
    CVE-2024-20137

    Lun, 02/12/2024 – 04:15

    Tipo
    CWE-248

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-20137

    Descripción en
    In wlan driver, there is a possible client disconnection due to improper handling of exceptional conditions. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: WCNCR00384543; Issue ID: MSV-1727.

    02/12/2024
    02/12/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://corp.mediatek.com/product-security-bulletin/December-2024

    • Enviar en el boletín
    Off

    CVE-2024-53605

    CVE-2024-53605

    Título es
    CVE-2024-53605

    Lun, 02/12/2024 – 01:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-53605

    Descripción en
    Incorrect access control in the component content://com.handcent.messaging.provider.MessageProvider/ of Handcent NextSMS v10.9.9.7 allows attackers to access sensitive data.

    02/12/2024
    02/12/2024
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://cidy.notion.site/Improper-Access-Control-to-content-Provider-in-NextSMS-13cafb72d1d3807dbc2cebcb8574ccf9?pvs=74

    • Enviar en el boletín
    Off

    CVE-2024-53748

    CVE-2024-53748

    Título es
    CVE-2024-53748

    Dom, 01/12/2024 – 22:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-53748

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Terry Lin WP Mermaid allows Stored XSS.This issue affects WP Mermaid: from n/a through 1.0.2.

    01/12/2024
    01/12/2024
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/wordpress/plugin/wp-mermaid/vulnerability/wordpress-wp-mermaid-plugin-1-0-2-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off