CVSS: 5.6EPSS: 0%CPEs: 75EXPL: 0CVE-2023-42527
https://notcve.org/view.php?id=CVE-2023-42527
Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information. Vulnerabilidad de validación de entrada incorrecta en ProcessWriteFile de libsec-ril anterior a SMR Nov-2023 Release 1 permite a atacantes locales exponer información confidencial. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=11 • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 78EXPL: 0CVE-2023-30739
https://notcve.org/view.php?id=CVE-2023-30739
Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. Vulnerabilidad de escritura de descriptor de archivo arbitrario en libsec-ril anterior a SMR Nov-2023 Release 1 permite a un atacante local ejecutar código arbitrario. • https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=11 •
CVSS: 5.5EPSS: 0%CPEs: 45EXPL: 0CVE-2023-32825
https://notcve.org/view.php?id=CVE-2023-32825
In bluethooth service, there is a possible out of bounds reads due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07884130; Issue ID: ALPS07884130. En el servicio Bluetooth, existe una posible lectura fuera de los límites debido a una validación de entrada incorrecta. • https://corp.mediatek.com/product-security-bulletin/November-2023 • CWE-125: Out-of-bounds Read •
CVSS: 6.7EPSS: 0%CPEs: 9EXPL: 0CVE-2023-32836
https://notcve.org/view.php?id=CVE-2023-32836
In display, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08126725; Issue ID: ALPS08126725. En la pantalla, hay una posible escritura fuera de los límites debido a un desbordamiento de enteros. • https://corp.mediatek.com/product-security-bulletin/November-2023 • CWE-787: Out-of-bounds Write •
CVSS: 6.7EPSS: 0%CPEs: 60EXPL: 0CVE-2023-32835
https://notcve.org/view.php?id=CVE-2023-32835
In keyinstall, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08157918; Issue ID: ALPS08157918. En keyinstall, existe una posible corrupción de memoria debido a confusión de tipos. • https://corp.mediatek.com/product-security-bulletin/November-2023 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •