Samsung Android vulnerabilities

CVE-2023-30721 [MEDIUM] CWE-532 CVE-2023-30721: Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Rele Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log.

CVE-2023-30709 [MEDIUM] CVE-2023-30709: Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers lau Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers launch activity with system privilege.

CVE-2023-30714 [MEDIUM] CVE-2023-30714: Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep- Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock.

CVE-2023-30720 [MEDIUM] CVE-2023-30720: PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attack PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access.

CVE-2023-30706 [MEDIUM] CVE-2023-30706: Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read a Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege.

CVE-2023-30713 [MEDIUM] CWE-269 CVE-2023-30713: Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-20 Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock.

CVE-2023-30716 [MEDIUM] CVE-2023-30716: Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers t Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands.

CVE-2023-30715 [LOW] CVE-2023-30715: Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission.

CVE-2023-30717 [LOW] CVE-2023-30717: Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows atta Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers.

CVE-2023-30711 [LOW] CVE-2023-30711: Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to ins Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider.

CVE-2023-30718 [LOW] CVE-2023-30718: Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting.

CVE-2023-30719 [LOW] CVE-2023-30719: Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data.

CVE-2023-30699 [CRITICAL] CWE-787 CVE-2023-30699: Out-of-bounds write vulnerability in parser_hvcC function of libsimba library prior to SMR Aug-2023 Out-of-bounds write vulnerability in parser_hvcC function of libsimba library prior to SMR Aug-2023 Release 1 allows code execution by remote attackers.

CVE-2023-30693 [HIGH] CWE-787 CVE-2023-30693: Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec-ril prior to SMR Aug-2023 Rele Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

CVE-2023-30680 [HIGH] CWE-269 CVE-2023-30680: Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1 allows code Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1 allows code execution with privilege.

CVE-2023-30696 [HIGH] CWE-787 CVE-2023-30696: An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior to SMR Aug-2023 Release 1 all An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.

CVE-2023-30689 [HIGH] CWE-787 CVE-2023-30689: Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-ril prior to SMR Aug-2023 Relea Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

CVE-2023-30694 [HIGH] CWE-787 CVE-2023-30694: Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows lo Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

CVE-2023-30691 [HIGH] CWE-266 CVE-2023-30691: Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1 allows local attacker to pri Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1 allows local attacker to privilege escalation.

CVE-2023-30687 [HIGH] CWE-787 CVE-2023-30687: Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacke Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.