21 matches found
CVE-2023-42536
An improper input validation in sapeddec in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write...
CVE-2023-42537
An improper input validation in getheadcrc in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write...
CVE-2023-42533
Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel...
Input validation
An improper input validation in getheadcrc in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write...
Cross site scripting
Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to execute arbitrary code...
Input validation
Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code...
Input validation
Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel...
CVE-2023-42537
The CVE-2023-42537 issue affects/libsaped, specifically the function get_head_crc. The vulnerability stems from improper input validation, enabling a local attacker to cause out-of-bounds reads and writes before the SMR Nov-2023 Release 1. The affected component is the get_head_crc routine in lib...
CVE-2023-42536
The CVE-2023-42536 issue affects libsaped’s saped_dec component in Samsung Libsaped, with versions prior to the SMR Nov-2023 Release 1 being vulnerable. The root cause is improper input validation in saped_dec, enabling local attackers to trigger an out-of-bounds read and write, potentially compr...
CVE-2023-42536
An improper input validation in sapeddec in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write...
CVE-2023-42535
Out-of-bounds Write in readblock of vold prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code...
CVE-2023-42535
CVE-2023-42535 affects Samsung Mobile devices via an out-of-bounds write in the vold module’s read_block function, enabling a local attacker to execute arbitrary code. The issue is tied to Samsung’s pre-SMR Nov-2023 Release 1 patch level, with multiple sources confirming a local-exploit scenario ...
CVE-2023-42534
Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege...
CVE-2023-42534
CVE-2023-42534 affects Samsung Mobile devices via the ChooserActivity module, where improper input validation allows a local attacker to read arbitrary files with system privileges. The issue is documented as present prior to SMR Nov-2023 Release 1. The vulnerability is addressed by Samsung’s sec...
CVE-2023-42530
CVE-2023-42530 affects Samsung Mobile SecSettings prior to SMR Nov-2023 Release 1. The vulnerability is an improper access control that allows enabling Wi‑Fi and Wi‑Fi Direct without user interaction. Reported impact includes potential high integrity impact (I:H) and high confidentiality/availabi...
CVE-2023-42528
CVE-2023-42528 affects Samsung devices via the libsec-ril component, specifically the ProcessNvBuffering path. The root cause is improper input validation, enabling a local attacker to execute arbitrary code. The vulnerability is tied to Samsung’s SMR November 2023 Release 1 remediation; affected...
CVE-2023-42527
Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information...
CVE-2023-42527
CVE-2023-42527 affects libsec-ril, specifically ProcessWriteFile, with improper input validation prior to Samsung SMR Nov-2023 Release 1. A local attacker could expose sensitive information by exploiting this vulnerability. The issue impacts Samsung mobile devices using libsec-ril and is fixed by...
CVE-2023-30739
Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code...
CVE-2023-30739
Summary (CVE-2023-30739): The issue is an Arbitrary File Descriptor Write vulnerability in the libsec-ril module. The initial description and corroborating sources indicate the root cause is a write to a file descriptor that can be manipulated by a local attacker, enabling arbitrary code executio...