Vulnerabilities > Samsung

DATE CVE VULNERABILITY TITLE RISK
2023-11-07 CVE-2023-42534 Files or Directories Accessible to External Parties vulnerability in Samsung Android 12.0/13.0
Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege.
local
low complexity
samsung CWE-552
5.5
2023-11-07 CVE-2023-42535 Out-of-bounds Write vulnerability in Samsung Android 12.0/13.0
Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.
local
low complexity
samsung CWE-787
7.8
2023-11-07 CVE-2023-42536 Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0
An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.
local
low complexity
samsung CWE-787
7.8
2023-11-07 CVE-2023-42537 Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0
An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.
local
low complexity
samsung CWE-787
7.8
2023-11-07 CVE-2023-42538 Out-of-bounds Write vulnerability in Samsung Android 11.0/12.0
An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.
local
low complexity
samsung CWE-787
7.8
2023-11-07 CVE-2023-42539 Unspecified vulnerability in Samsung Health
PendingIntent hijacking vulnerability in ChallengeNotificationManager in Samsung Health prior to version 6.25 allows local attackers to access data.
local
low complexity
samsung
5.5
2023-11-07 CVE-2023-42540 Unspecified vulnerability in Samsung Account
Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive information via implicit intent.
local
low complexity
samsung
5.5
2023-11-07 CVE-2023-42541 Incorrect Authorization vulnerability in Samsung Push Service
Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10 allows attacker to access unique id.
network
low complexity
samsung CWE-863
5.3
2023-11-07 CVE-2023-42542 Unspecified vulnerability in Samsung Push Service
Improper access control vulnerability in Samsung Push Service prior to 3.4.10 allows local attackers to get register ID to identify the device.
local
low complexity
samsung
3.3
2023-11-07 CVE-2023-42543 Unspecified vulnerability in Samsung Bixby Voice 3.0.52.14/3.1.12
Improper verification of intent by broadcast receiver vulnerability in Bixby Voice prior to version 3.3.35.12 allows attackers to access arbitrary data with Bixby Voice privilege.
network
low complexity
samsung
7.5