Security Vulnerabilities - CVEs Published In 2024
In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
6.7
EPSS Score
0.0
Published
2024-12-04
An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-12-04
Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-12-04
Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to access some reporting endpoints.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-12-04
Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requested.
CVSS Score
8.1
EPSS Score
0.001
Published
2024-12-04
Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets.
CVSS Score
5.0
EPSS Score
0.001
Published
2024-12-04
In mtk_p2p_wext_set_key of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_p2p.c, there is a possible OOB write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
6.7
EPSS Score
0.0
Published
2024-12-04
In mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_vendor.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
6.7
EPSS Score
0.0
Published
2024-12-04
In procfile_write of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_proc.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
6.7
EPSS Score
0.0
Published
2024-12-04
In get_binary of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
6.7
EPSS Score
0.0
Published
2024-12-04