Vulnerabilities (CVE)

Filtered by CWE-20
Total 11612 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-20640 2 Google, Mediatek 7 Android, Mt6879, Mt6895 and 4 more 2026-06-17 N/A 6.7 MEDIUM
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629573; Issue ID: ALPS07629573.
CVE-2023-20639 2 Google, Mediatek 14 Android, Mt6879, Mt6895 and 11 more 2026-06-17 N/A 6.7 MEDIUM
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628587; Issue ID: ALPS07628587.
CVE-2023-20638 2 Google, Mediatek 38 Android, Mt6739, Mt6753 and 35 more 2026-06-17 N/A 6.7 MEDIUM
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628537; Issue ID: ALPS07628537.
CVE-2023-20637 2 Google, Mediatek 14 Android, Mt6879, Mt6895 and 11 more 2026-06-17 N/A 6.7 MEDIUM
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628588; Issue ID: ALPS07628588.
CVE-2023-20636 2 Google, Mediatek 5 Android, Mt6895, Mt6985 and 2 more 2026-06-17 N/A 6.7 MEDIUM
In display drm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07292593; Issue ID: ALPS07292593.
CVE-2023-20634 2 Google, Mediatek 27 Android, Mt6762, Mt6765 and 24 more 2026-06-17 N/A 6.7 MEDIUM
In widevine, there is a possible out of bounds write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07635697; Issue ID: ALPS07635697.
CVE-2023-20626 2 Google, Mediatek 27 Android, Mt6739, Mt6761 and 24 more 2026-06-17 N/A 6.7 MEDIUM
In msdc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07405223; Issue ID: ALPS07405223.
CVE-2023-20621 2 Google, Mediatek 13 Android, Mt6739, Mt6761 and 10 more 2026-06-17 N/A 6.7 MEDIUM
In tinysys, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07664755; Issue ID: ALPS07664755.
CVE-2023-20613 2 Google, Mediatek 37 Android, Mt6739, Mt6761 and 34 more 2026-06-17 N/A 6.7 MEDIUM
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628614; Issue ID: ALPS07628614.
CVE-2023-20612 2 Google, Mediatek 37 Android, Mt6739, Mt6761 and 34 more 2026-06-17 N/A 6.7 MEDIUM
In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07629571; Issue ID: ALPS07629571.
CVE-2023-20606 2 Google, Mediatek 4 Android, Mt6879, Mt6895 and 1 more 2026-06-17 N/A 4.4 MEDIUM
In apusys, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07571104; Issue ID: ALPS07571104.
CVE-2023-20564 2 Amd, Microsoft 4 Ryzen Master, Ryzen Master Monitoring Sdk, Windows 10 and 1 more 2026-06-17 N/A 6.7 MEDIUM
Insufficient validation in the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may permit a privileged attacker to perform memory reads/writes potentially leading to a loss of confidentiality or arbitrary kernel execution.
CVE-2023-20560 2 Amd, Microsoft 4 Ryzen Master, Ryzen Master Monitoring Sdk, Windows 10 and 1 more 2026-06-17 N/A 4.4 MEDIUM
Insufficient validation of the IOCTL (Input Output Control) input buffer in AMD Ryzen™ Master may allow a privileged attacker to provide a null value potentially resulting in a Windows crash leading to denial of service.
CVE-2023-20532 1 Amd 100 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 97 more 2026-06-17 N/A 5.3 MEDIUM
Insufficient input validation in the SMU may allow an attacker to improperly lock resources, potentially resulting in a denial of service.
CVE-2023-20530 1 Amd 48 Epyc 7003, Epyc 7003 Firmware, Epyc 72f3 and 45 more 2026-06-17 N/A 7.5 HIGH
Insufficient input validation of BIOS mailbox messages in SMU may result in out-of-bounds memory reads potentially resulting in a denial of service.
CVE-2023-20528 1 Amd 100 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 97 more 2026-06-17 N/A 2.4 LOW
Insufficient input validation in the SMU may allow a physical attacker to exfiltrate SMU memory contents over the I2C bus potentially leading to a loss of confidentiality.
CVE-2023-20527 1 Amd 128 Epyc 7001, Epyc 7001 Firmware, Epyc 7002 and 125 more 2026-06-17 N/A 6.5 MEDIUM
Improper syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory out-of-bounds, potentially leading to a denial-of-service.
CVE-2023-20525 1 Amd 100 Epyc 7002, Epyc 7002 Firmware, Epyc 7003 and 97 more 2026-06-17 N/A 6.5 MEDIUM
Insufficient syscall input validation in the ASP Bootloader may allow a privileged attacker to read memory outside the bounds of a mapped register potentially leading to a denial of service.
CVE-2023-20522 1 Amd 4 Milanpi, Milanpi Firmware, Romepi and 1 more 2026-06-17 N/A 7.5 HIGH
Insufficient input validation in ASP may allow an attacker with a malicious BIOS to potentially cause a denial of service.
CVE-2023-20232 1 Cisco 1 Unified Contact Center Express 2026-06-17 N/A 5.3 MEDIUM
A vulnerability in the Tomcat implementation for Cisco Unified Contact Center Express (Unified CCX) could allow an unauthenticated, remote attacker to cause a web cache poisoning attack on an affected device. This vulnerability is due to improper input validation of HTTP requests. An attacker could exploit this vulnerability by sending crafted HTTP requests to a specific API endpoint on the Unified CCX Finesse Portal. A successful exploit could allow the attacker to cause the internal WebProxy to redirect users to an attacker-controlled host.