CVSS: 8.4EPSS: 0%CPEs: 75EXPL: 0CVE-2023-42536
https://notcve.org/view.php?id=CVE-2023-42536
07 Nov 2023 — An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write. Una validación de entrada incorrecta en saped_dec en libsaped antes de SMR Nov-2023 Release 1 permite que un atacante provoque lecturas y escrituras fuera de los límites. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=11 • CWE-125: Out-of-bounds Read CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 75EXPL: 0CVE-2023-42532
https://notcve.org/view.php?id=CVE-2023-42532
07 Nov 2023 — Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information. La validación de certificado incorrecta en FotaAgent antes de SMR Nov-2023 Release 1, permite a un atacante remoto interceptar el tráfico de la red, incluida la información del Firmware. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=11 • CWE-295: Improper Certificate Validation •
CVSS: 7.1EPSS: 0%CPEs: 75EXPL: 0CVE-2023-42531
https://notcve.org/view.php?id=CVE-2023-42531
07 Nov 2023 — Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows local attackers to bypass restrictions on starting activities from the background. Una vulnerabilidad de control de acceso inadecuado en SmsController anterior a SMR Nov-2023 Release 1, permite al atacante omitir las restricciones para iniciar actividades en segundo plano. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=11 • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 75EXPL: 0CVE-2023-42530
https://notcve.org/view.php?id=CVE-2023-42530
07 Nov 2023 — Improper access control vulnerability in SecSettings prior to SMR Nov-2023 Release 1 allows attackers to enable Wi-Fi and Wi-Fi Direct without User Interaction. Una vulnerabilidad de control de acceso inadecuado en SecSettings anterior a SMR Nov-2023 Release 1 permite a los atacantes habilitar Wi-Fi y Wi-Fi Direct sin Interacción del Usuario. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=11 •
CVSS: 7.8EPSS: 0%CPEs: 75EXPL: 0CVE-2023-42529
https://notcve.org/view.php?id=CVE-2023-42529
07 Nov 2023 — Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to execute arbitrary code. Vulnerabilidad de escritura fuera de los límites en libsec-ril anterior a SMR Nov-2023 Release 1 permite a atacantes locales ejecutar código arbitrario. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=11 • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 75EXPL: 0CVE-2023-42528
https://notcve.org/view.php?id=CVE-2023-42528
07 Nov 2023 — Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. Vulnerabilidad de validación de entrada incorrecta en ProcessNvBuffering de libsec-ril anterior a SMR Nov-2023 Release 1 permite a un atacante local ejecutar código arbitrario. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=11 • CWE-787: Out-of-bounds Write •
CVSS: 5.6EPSS: 0%CPEs: 75EXPL: 0CVE-2023-42527
https://notcve.org/view.php?id=CVE-2023-42527
07 Nov 2023 — Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information. Vulnerabilidad de validación de entrada incorrecta en ProcessWriteFile de libsec-ril anterior a SMR Nov-2023 Release 1 permite a atacantes locales exponer información confidencial. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=11 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 78EXPL: 0CVE-2023-30739
https://notcve.org/view.php?id=CVE-2023-30739
07 Nov 2023 — Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. Vulnerabilidad de escritura de descriptor de archivo arbitrario en libsec-ril anterior a SMR Nov-2023 Release 1 permite a un atacante local ejecutar código arbitrario. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=11 •
CVSS: 6.7EPSS: 0%CPEs: 9EXPL: 0CVE-2023-32839
https://notcve.org/view.php?id=CVE-2023-32839
06 Nov 2023 — In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07262576; Issue ID: ALPS07262576. En dpe, existe una posible escritura fuera de los límites debido a que falta una verificación de rango válido. • https://corp.mediatek.com/product-security-bulletin/November-2023 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 11EXPL: 0CVE-2023-32838
https://notcve.org/view.php?id=CVE-2023-32838
06 Nov 2023 — In dpe, there is a possible out of bounds write due to a missing valid range checking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07310805; Issue ID: ALPS07310805. En dpe, existe una posible escritura fuera de los límites debido a que falta una verificación de rango válido. • https://corp.mediatek.com/product-security-bulletin/November-2023 • CWE-787: Out-of-bounds Write •