Samsung Android 12.0 SMR-DEC-2022-R1

CPE Details

Samsung Android 12.0 SMR-DEC-2022-R1
12.0
2023-02-17
14h40 +00:00
2023-02-17
17h57 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:o:samsung:android:12.0:smr-dec-2022-r1:*:*:*:*:*:*

Informations

Vendor

samsung

Product

android

Version

12.0

Update

smr-dec-2022-r1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-20907 2025-02-04 07h24 +00:00 Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find.
6
Medium
CVE-2025-20905 2025-02-04 07h24 +00:00 Out-of-bounds read and write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to read and write out-of-bounds memory.
6.7
Medium
CVE-2025-20904 2025-02-04 07h24 +00:00 Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to cause memory corruption.
6.7
Medium
CVE-2025-20891 2025-02-04 07h19 +00:00 Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
5.5
Medium
CVE-2025-20890 2025-02-04 07h19 +00:00 Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
7.8
High
CVE-2025-20889 2025-02-04 07h19 +00:00 Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
5.5
Medium
CVE-2025-20888 2025-02-04 07h19 +00:00 Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
7.8
High
CVE-2025-20887 2025-02-04 07h19 +00:00 Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
5.5
Medium
CVE-2025-20886 2025-02-04 07h19 +00:00 Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key.
4.4
Medium
CVE-2025-20885 2025-02-04 07h19 +00:00 Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption.
6.7
Medium
CVE-2025-20884 2025-02-04 07h19 +00:00 Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.
4.6
Medium
CVE-2025-20883 2025-02-04 07h19 +00:00 Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.
4.6
Medium
CVE-2025-20882 2025-02-04 07h19 +00:00 Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
7.8
High
CVE-2025-20881 2025-02-04 07h19 +00:00 Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
7.8
High
CVE-2024-49415 2024-12-03 05h47 +00:00 Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.
9.8
Critical
CVE-2024-49414 2024-12-03 05h47 +00:00 Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list.
2.4
Low
CVE-2024-49411 2024-12-03 05h47 +00:00 Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege.
4.6
Medium
CVE-2024-49410 2024-12-03 05h47 +00:00 Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code.
7.8
High
CVE-2024-34680 2024-11-06 02h17 +00:00 Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information.
5.5
Medium
CVE-2024-34678 2024-11-06 02h17 +00:00 Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption.
7.8
High
CVE-2024-34677 2024-11-06 02h17 +00:00 Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate.
4
Medium
CVE-2024-34676 2024-11-06 02h17 +00:00 Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. User interaction is required for triggering this vulnerability.
7.3
High
CVE-2024-34674 2024-11-06 02h17 +00:00 Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles.
4.6
Medium
CVE-2024-34673 2024-11-06 02h16 +00:00 Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service.
5.5
Medium
CVE-2024-34669 2024-10-08 06h30 +00:00 Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
8.8
High
CVE-2024-34668 2024-10-08 06h30 +00:00 Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
8.8
High
CVE-2024-34667 2024-10-08 06h30 +00:00 Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
8.8
High
CVE-2024-34666 2024-10-08 06h30 +00:00 Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
8.8
High
CVE-2024-34665 2024-10-08 06h30 +00:00 Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
8.8
High
CVE-2024-34662 2024-10-08 06h30 +00:00 Improper access control in ActivityManager prior to SMR Oct-2024 Release 1 in select Android 12, 13 and SMR Sep-2024 Release 1 in select Android 14 allows local attackers to execute privileged behaviors.
7.8
High
CVE-2024-34655 2024-09-04 05h32 +00:00 Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1 allows local attackers to access privileged API related to UniversalCredentialManager.
6.2
Medium
CVE-2024-34653 2024-09-04 05h32 +00:00 Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access directories with My Files' privilege.
4.6
Medium
CVE-2024-34652 2024-09-04 05h32 +00:00 Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to access information related to performance including app usage.
4
Medium
CVE-2024-34651 2024-09-04 05h32 +00:00 Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access restricted data in My Files.
6.2
Medium
CVE-2024-34648 2024-09-04 05h32 +00:00 Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allows local attackers to access sensitive data.
5.5
Medium
CVE-2024-34647 2024-09-04 05h32 +00:00 Incorrect use of privileged API in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to knox without proper license.
5.5
Medium
CVE-2024-34646 2024-09-04 05h32 +00:00 Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to cause local permanent denial of service.
6.6
Medium
CVE-2024-34645 2024-09-04 05h32 +00:00 Improper input validation in ThemeCenter prior to SMR Sep-2024 Release 1 allows physical attackers to install privileged applications.
6.1
Medium
CVE-2024-34642 2024-09-04 05h32 +00:00 Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access sensitive information.
4.6
Medium
CVE-2024-34641 2024-09-04 05h32 +00:00 Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuration.
5.1
Medium
CVE-2024-34640 2024-09-04 05h32 +00:00 Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows local attackers to bypass restriction of process expiration.
3.3
Low
CVE-2024-34639 2024-09-04 05h32 +00:00 Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows physical attackers to bypass proper validation.
4.6
Medium
CVE-2024-34638 2024-09-04 05h32 +00:00 Improper handling of exceptional conditions in ThemeCenter prior to SMR Sep-2024 Release 1 allows local attackers to delete non-preloaded applications.
7.1
High
CVE-2024-34619 2024-08-07 01h30 +00:00 Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
8.8
High
CVE-2024-34618 2024-08-07 01h30 +00:00 Improper access control in System property prior to SMR Aug-2024 Release 1 allows local attackers to access cell related information.
4
Medium
CVE-2024-34616 2024-08-07 01h30 +00:00 Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data.
5.5
Medium
CVE-2024-34615 2024-08-07 01h30 +00:00 Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to cause memory corruption.
7.8
High
CVE-2024-34614 2024-08-07 01h30 +00:00 Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code.
7.8
High
CVE-2024-34612 2024-08-07 01h30 +00:00 Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code.
7.8
High
CVE-2024-34611 2024-08-07 01h30 +00:00 Improper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get sensitive information.
5.5
Medium
CVE-2024-34610 2024-08-07 01h30 +00:00 Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1 allows local attackers to access protected data.
5.5
Medium
CVE-2024-34609 2024-08-07 01h29 +00:00 Improper access control in VoiceNoteService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
6.2
Medium
CVE-2024-34608 2024-08-07 01h29 +00:00 Improper access control in PaymentManagerService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
6.2
Medium
CVE-2024-34607 2024-08-07 01h29 +00:00 Improper access control in SamsungNotesService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
6.2
Medium
CVE-2024-34606 2024-08-07 01h29 +00:00 Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
6.2
Medium
CVE-2024-34605 2024-08-07 01h29 +00:00 Improper access control in SamsungHealthService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
6.2
Medium
CVE-2024-34604 2024-08-07 01h29 +00:00 Improper access control in LedCoverService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
6.2
Medium
CVE-2024-34602 2024-07-08 06h12 +00:00 Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability.
5.5
Medium
CVE-2024-34595 2024-07-02 09h23 +00:00 Improper access control in clickAdapterItem of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.
7.8
High
CVE-2024-34594 2024-07-02 09h23 +00:00 Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local attackers to read kernel memory address.
5.5
Medium
CVE-2024-34593 2024-07-02 09h23 +00:00 Improper input validation in parsing and distributing RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
8.8
High
CVE-2024-34592 2024-07-02 09h23 +00:00 Improper input validation in parsing RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
5.3
Medium
CVE-2024-34591 2024-07-02 09h23 +00:00 Improper input validation in parsing an item data from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
5.3
Medium
CVE-2024-34590 2024-07-02 09h23 +00:00 Improper input validation혻in parsing an item type from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
5.3
Medium
CVE-2024-34589 2024-07-02 09h23 +00:00 Improper input validation in parsing RTCP RR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
6.5
Medium
CVE-2024-34588 2024-07-02 09h23 +00:00 Improper input validation혻in parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
6.5
Medium
CVE-2024-34587 2024-07-02 09h23 +00:00 Improper input validation in parsing application information from RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
7.5
High
CVE-2024-34586 2024-07-02 09h23 +00:00 Improper access control in KnoxCustomManagerService prior to SMR Jul-2024 Release 1 allows local attackers to configure Knox privacy policy.
5.9
Medium
CVE-2024-34585 2024-07-02 09h23 +00:00 Improper access control in launchApp of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.
7.8
High
CVE-2024-34583 2024-07-02 09h23 +00:00 Improper access control in system property prior to SMR Jul-2024 Release 1 allows local attackers to get device identifier.
4
Medium
CVE-2024-20901 2024-07-02 09h20 +00:00 Improper input validation in copying data to buffer cache in libsaped prior to SMR Jul-2024 Release 1 allows local attackers to write out-of-bounds memory.
7.8
High
CVE-2024-20900 2024-07-02 09h20 +00:00 Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to enter MTP mode without proper authentication.
4
Medium
CVE-2024-20899 2024-07-02 09h20 +00:00 Use of implicit intent for sensitive communication in RCS function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
5.5
Medium
CVE-2024-20898 2024-07-02 09h20 +00:00 Use of implicit intent for sensitive communication in SoftphoneClient in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
5.5
Medium
CVE-2024-20897 2024-07-02 09h20 +00:00 Use of implicit intent for sensitive communication in FCM function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
5.5
Medium
CVE-2024-20896 2024-07-02 09h20 +00:00 Use of implicit intent for sensitive communication in Configuration message prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
5.5
Medium
CVE-2024-20895 2024-07-02 09h20 +00:00 Improper access control in Dar service prior to SMR Jul-2024 Release 1 allows local attackers to bypass restriction for calling SDP features.
7.7
High
CVE-2024-20894 2024-07-02 09h20 +00:00 Improper handling of exceptional conditions in Secure Folder prior to SMR Jul-2024 Release 1 allows physical attackers to bypass authentication under certain condition. User interaction is required for triggering this vulnerability.
4.3
Medium
CVE-2024-20893 2024-07-02 09h20 +00:00 Improper input validation in libmediaextractorservice.so prior to SMR Jul-2024 Release 1 allows local attackers to trigger memory corruption.
7.8
High
CVE-2024-20892 2024-07-02 09h20 +00:00 Improper verification of signature in FilterProvider prior to SMR Jul-2024 Release 1 allows local attackers to execute privileged behaviors. User interaction is required for triggering this vulnerability.
7.8
High
CVE-2024-20891 2024-07-02 09h20 +00:00 Improper access control in launchFullscreenIntent of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.
7.8
High
CVE-2024-20890 2024-07-02 09h20 +00:00 Improper input validation in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to trigger abnormal behavior.
8.8
High
CVE-2024-20889 2024-07-02 09h20 +00:00 Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair with devices.
5.9
Medium
CVE-2024-20888 2024-07-02 09h20 +00:00 Improper access control in OneUIHome prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.
7.8
High
CVE-2024-20882 2024-06-04 06h42 +00:00 Out-of-bounds read vulnerability in bootloader prior to SMR June-2024 Release 1 allows physical attackers to arbitrary data access.
4.6
Medium
CVE-2024-20881 2024-06-04 06h42 +00:00 Improper input validation vulnerability in chnactiv TA prior to SMR Jun-2024 Release 1 allows local privileged attackers lead to potential arbitrary code execution.
6.7
Medium
CVE-2024-20880 2024-06-04 06h42 +00:00 Stack-based buffer overflow vulnerability in bootloader prior to SMR Jun-2024 Release 1 allows physical attackers to overwrite memory.
6.8
Medium
CVE-2024-20879 2024-06-04 06h42 +00:00 Improper input validation vulnerability in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers to write out-of-bounds memory.
7.1
High
CVE-2024-20878 2024-06-04 06h42 +00:00 Heap out-of-bound write vulnerability in parsing grid image in libsavscmn.so prior to SMR June-2024 Release 1 allows local attackers to execute arbitrary code.
7.8
High
CVE-2024-20877 2024-06-04 06h42 +00:00 Heap out-of-bound write vulnerability in parsing grid image header in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers to execute arbitrary code.
7.8
High
CVE-2024-20876 2024-06-04 06h42 +00:00 Improper input validation in libsheifdecadapter.so prior to SMR Jun-2024 Release 1 allows local attackers to lead to memory corruption.
7.8
High
CVE-2024-20875 2024-06-04 06h42 +00:00 Improper caller verification vulnerability in SemClipboard prior to SMR June-2024 Release 1 allows local attackers to access arbitrary files.
5.5
Medium
CVE-2024-20866 2024-05-07 04h28 +00:00 Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical attackers to skip activation step.
6.6
Medium
CVE-2024-20865 2024-05-07 04h28 +00:00 Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary images.
6.8
Medium
CVE-2024-20863 2024-05-07 04h28 +00:00 Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code.
6.7
Medium
CVE-2024-20862 2024-05-07 04h28 +00:00 Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code.
6.7
Medium
CVE-2024-20861 2024-05-07 04h28 +00:00 Use after free vulnerability in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to cause memory corruption.
6.7
Medium
CVE-2024-20859 2024-05-07 04h28 +00:00 Improper access control vulnerability in FactoryCamera prior to SMR May-2024 Release 1 allows local attackers to take pictures without privilege.
5.5
Medium
CVE-2024-20858 2024-05-07 04h28 +00:00 Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.
5.5
Medium
CVE-2024-20857 2024-05-07 04h28 +00:00 Improper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.
5.5
Medium
CVE-2024-20849 2024-04-02 02h59 +00:00 Out-of-bound Write vulnerability in chunk parsing implementation of libsdffextractor prior to SMR Apr-2023 Release 1 allows local attackers to execute arbitrary code.
7.8
High
CVE-2024-20848 2024-04-02 02h59 +00:00 Improper Input Validation vulnerability in text parsing implementation of libsdffextractor prior to SMR Apr-2024 Release 1 allows local attackers to write out-of-bounds memory.
7.8
High
CVE-2024-20847 2024-04-02 02h59 +00:00 Improper Access Control vulnerability in StorageManagerService prior to SMR Apr-2024 Release 1 allows local attackers to read sdcard information.
4
Medium
CVE-2024-20846 2024-04-02 02h59 +00:00 Out-of-bounds write vulnerability while decoding hcr of libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code.
7.8
High
CVE-2024-20845 2024-04-02 02h59 +00:00 Out-of-bounds write vulnerability while releasing memory in libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code.
8.4
High
CVE-2024-20844 2024-04-02 02h59 +00:00 Out-of-bounds write vulnerability while parsing remaining codewords in libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code.
8.4
High
CVE-2024-20843 2024-04-02 02h59 +00:00 Out-of-bound write vulnerability in command parsing implementation of libIfaaCa prior to SMR Apr-2024 Release 1 allows local privileged attackers to execute arbitrary code.
6.7
Medium
CVE-2024-20842 2024-04-02 02h59 +00:00 Improper Input Validation vulnerability in handling apdu of libsec-ril prior to SMR Apr-2024 Release 1 allows local privileged attackers to write out-of-bounds memory.
6.7
Medium
CVE-2024-20833 2024-03-05 08h08 +00:00 Use after free vulnerability in pub_crypto_recv_msg prior to SMR Mar-2024 Release 1 due to race condition allows local attackers with system privilege to cause memory corruption.
6.4
Medium
CVE-2024-20836 2024-03-05 04h44 +00:00 Out of bounds Read vulnerability in ssmis_get_frm in libsubextractor.so prior to SMR Mar-2024 Release 1 allows local attackers to read out of bounds memory.
5.5
Medium
CVE-2024-20835 2024-03-05 04h44 +00:00 Improper access control vulnerability in CustomFrequencyManagerService prior to SMR Mar-2024 Release 1 allows local attackers to execute privileged behaviors.
7.8
High
CVE-2024-20834 2024-03-05 04h44 +00:00 The sensitive information exposure vulnerability in WlanTest prior to SMR Mar-2024 Release 1 allows local attackers to access MAC address without proper permission.
3.3
Low
CVE-2024-20832 2024-03-05 04h44 +00:00 Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary code.
6.7
Medium
CVE-2024-20831 2024-03-05 04h44 +00:00 Stack overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary code.
6.7
Medium
CVE-2024-20830 2024-03-05 04h44 +00:00 Incorrect default permission in AppLock prior to SMR MAr-2024 Release 1 allows local attackers to configure AppLock settings.
5.3
Medium
CVE-2024-20820 2024-02-06 02h23 +00:00 Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows local privileged attackers to cause an Out-Of-Bounds read.
7.1
High
CVE-2024-20819 2024-02-06 02h23 +00:00 Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.
7.8
High
CVE-2024-20818 2024-02-06 02h23 +00:00 Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.
7.8
High
CVE-2024-20817 2024-02-06 02h23 +00:00 Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.
7.8
High
CVE-2024-20816 2024-02-06 02h23 +00:00 Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.
8
High
CVE-2024-20815 2024-02-06 02h23 +00:00 Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.
8
High
CVE-2024-20814 2024-02-06 02h23 +00:00 Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows local attackers access unauthorized information.
5.5
Medium
CVE-2024-20813 2024-02-06 02h23 +00:00 Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.
8.4
High
CVE-2024-20812 2024-02-06 02h23 +00:00 Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.
8.4
High
CVE-2024-20811 2024-02-06 02h23 +00:00 Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer.
5.1
Medium
CVE-2024-20810 2024-02-06 02h23 +00:00 Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows local attackers to get sensitive information.
3.3
Low
CVE-2024-20806 2024-01-04 01h10 +00:00 Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data.
6.2
Medium
CVE-2024-20805 2024-01-04 01h10 +00:00 Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.
5.5
Medium
CVE-2024-20804 2024-01-04 01h10 +00:00 Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.
5.5
Medium
CVE-2024-20803 2024-01-04 01h10 +00:00 Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction.
6.8
Medium
CVE-2023-42563 2023-12-05 02h49 +00:00 Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.
7.8
High
CVE-2023-42570 2023-12-05 02h44 +00:00 Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN.
5.9
Medium
CVE-2023-42569 2023-12-05 02h44 +00:00 Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji.
4
Medium
CVE-2023-42568 2023-12-05 02h44 +00:00 Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system privilege.
7.3
High
CVE-2023-42566 2023-12-05 02h44 +00:00 Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code.
7.8
High
CVE-2023-42564 2023-12-05 02h44 +00:00 Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to send broadcast with system privilege.
6.6
Medium
CVE-2023-42562 2023-12-05 02h44 +00:00 Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.
7.8
High
CVE-2023-42561 2023-12-05 02h44 +00:00 Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code.
7.1
High
CVE-2023-42560 2023-12-05 02h44 +00:00 Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary code.
7.8
High
CVE-2023-42559 2023-12-05 02h44 +00:00 Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time.
5.2
Medium
CVE-2023-42557 2023-12-05 02h44 +00:00 Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system attackers to execute arbitrary code.
6.7
Medium
CVE-2023-42556 2023-12-05 02h44 +00:00 Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1 allows attacker to get sensitive information.
5.5
Medium
CVE-2023-42538 2023-11-07 07h49 +00:00 An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.
7.8
High
CVE-2023-42537 2023-11-07 07h49 +00:00 An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.
8.4
High
CVE-2023-42536 2023-11-07 07h49 +00:00 An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.
8.4
High
CVE-2023-42535 2023-11-07 07h49 +00:00 Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.
8.4
High
CVE-2023-42534 2023-11-07 07h49 +00:00 Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege.
6.3
Medium
CVE-2023-42533 2023-11-07 07h49 +00:00 Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel.
6.8
Medium
CVE-2023-42532 2023-11-07 07h49 +00:00 Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information.
7.5
High
CVE-2023-42531 2023-11-07 07h49 +00:00 Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows local attackers to bypass restrictions on starting activities from the background.
7.1
High
CVE-2023-42530 2023-11-07 07h49 +00:00 Improper access control vulnerability in SecSettings prior to SMR Nov-2023 Release 1 allows attackers to enable Wi-Fi and Wi-Fi Direct without User Interaction.
7.5
High
CVE-2023-42529 2023-11-07 07h49 +00:00 Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to execute arbitrary code.
7.8
High
CVE-2023-42528 2023-11-07 07h49 +00:00 Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.
7.8
High
CVE-2023-42527 2023-11-07 07h49 +00:00 Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information.
5.6
Medium
CVE-2023-30739 2023-11-07 07h45 +00:00 Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.
7.8
High
CVE-2023-30733 2023-10-04 03h02 +00:00 Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows local privileged attackers to perform code execution.
7.8
High
CVE-2023-30731 2023-10-04 03h02 +00:00 Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type.
5.7
Medium
CVE-2023-30727 2023-10-04 03h02 +00:00 Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction.
7.5
High
CVE-2023-30692 2023-10-04 03h02 +00:00 Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.
8.5
High
CVE-2023-30690 2023-10-04 03h01 +00:00 Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.
8.5
High
CVE-2023-30721 2023-09-06 03h12 +00:00 Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log.
4.4
Medium
CVE-2023-30720 2023-09-06 03h12 +00:00 PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access.
5.5
Medium
CVE-2023-30719 2023-09-06 03h12 +00:00 Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data.
4
Medium
CVE-2023-30718 2023-09-06 03h12 +00:00 Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting.
4
Medium
CVE-2023-30717 2023-09-06 03h12 +00:00 Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers.
4
Medium
CVE-2023-30716 2023-09-06 03h12 +00:00 Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands.
5.5
Medium
CVE-2023-30715 2023-09-06 03h12 +00:00 Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission.
4
Medium
CVE-2023-30714 2023-09-06 03h12 +00:00 Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock.
4.6
Medium
CVE-2023-30713 2023-09-06 03h11 +00:00 Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock.
6.2
Medium
CVE-2023-30712 2023-09-06 03h11 +00:00 Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity.
7.8
High
CVE-2023-30711 2023-09-06 03h11 +00:00 Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider.
4
Medium
CVE-2023-30710 2023-09-06 03h11 +00:00 Improper input validation vulnerability in Knox AI prior to SMR Sep-2023 Release 1 allows local attackers to launch privileged activities.
8.5
High
CVE-2023-30709 2023-09-06 03h11 +00:00 Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers launch activity with system privilege.
7.9
High
CVE-2023-30708 2023-09-06 03h11 +00:00 Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 allows attacker to access Captive Portal Wi-Fi in Reactivation Lock status.
7.5
High
CVE-2023-30707 2023-09-06 03h11 +00:00 Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows local attackers to delete arbitrary files with Samsung Keyboard privilege.
7.1
High
CVE-2023-30706 2023-09-06 03h11 +00:00 Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege.
7.5
High
CVE-2023-30701 2023-08-10 01h18 +00:00 PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1 allows local attacker to arbitrary file access.
5.5
Medium
CVE-2023-30700 2023-08-10 01h18 +00:00 PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1 allows local attackers to access ContentProvider without proper permission.
5.3
Medium
CVE-2023-30699 2023-08-10 01h18 +00:00 Out-of-bounds write vulnerability in parser_hvcC function of libsimba library prior to SMR Aug-2023 Release 1 allows code execution by remote attackers.
9.8
Critical
CVE-2023-30697 2023-08-10 01h18 +00:00 An improper input validation in IpcTxCfgSetSimlockPayload in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.
7.8
High
CVE-2023-30696 2023-08-10 01h18 +00:00 An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.
7.8
High
CVE-2023-30694 2023-08-10 01h18 +00:00 Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
7.8
High
CVE-2023-30693 2023-08-10 01h18 +00:00 Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
7.8
High
CVE-2023-30691 2023-08-10 01h18 +00:00 Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1 allows local attacker to privilege escalation.
8.4
High
CVE-2023-30689 2023-08-10 01h18 +00:00 Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
7.8
High
CVE-2023-30688 2023-08-10 01h18 +00:00 Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
7.8
High
CVE-2023-30687 2023-08-10 01h18 +00:00 Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
7.8
High
CVE-2023-30686 2023-08-10 01h18 +00:00 Out-of-bounds Write in ReqDataRaw of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
7.8
High
CVE-2023-30685 2023-08-10 01h18 +00:00 Improper access control vulnerability in Telecom prior to SMR Aug-2023 Release 1 allows local attakcers to change TTY mode.
4.3
Medium
CVE-2023-30681 2023-08-10 01h18 +00:00 An improper input validation vulnerability within initialize function in HAL VaultKeeper prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.
7.8
High
CVE-2023-30680 2023-08-10 01h18 +00:00 Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1 allows code execution with privilege.
8.4
High
CVE-2023-30679 2023-08-10 01h18 +00:00 Improper access control in HDCP trustlet prior to SMR Aug-2023 Release 1 allows local attackers to execute arbitrary code.
7.8
High
CVE-2023-30654 2023-08-10 01h17 +00:00 Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1 allows local attacker to update fake location.
6.7
Medium
CVE-2023-30671 2023-07-06 02h51 +00:00 Logic error in package installation via adb command prior to SMR Jul-2023 Release 1 allows local attackers to downgrade installed application.
6.3
Medium
CVE-2023-30670 2023-07-06 02h51 +00:00 Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.
7.8
High
CVE-2023-30669 2023-07-06 02h51 +00:00 Out-of-bounds Write in DoOemFactorySendFactoryTestResult of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.
7.8
High
CVE-2023-30668 2023-07-06 02h51 +00:00 Out-of-bounds Write in BuildOemSecureSimLockResponse of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.
7.8
High
CVE-2023-30666 2023-07-06 02h51 +00:00 Improper input validation vulnerability in DoOemImeiSetPreconfig in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.
7.8
High
CVE-2023-30665 2023-07-06 02h51 +00:00 Improper input validation vulnerability in OnOemServiceMode in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds read.
4.4
Medium
CVE-2023-30664 2023-07-06 02h51 +00:00 Improper input validation vulnerability in RegisteredMSISDN prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
8.5
High
CVE-2023-30663 2023-07-06 02h51 +00:00 Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.
7.8
High
CVE-2023-30662 2023-07-06 02h51 +00:00 Exposure of Sensitive Information vulnerability in getChipIds in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.
6.2
Medium
CVE-2023-30661 2023-07-06 02h51 +00:00 Exposure of Sensitive Information vulnerability in getChipInfos in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.
6.2
Medium
CVE-2023-30660 2023-07-06 02h51 +00:00 Exposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.
6.2
Medium
CVE-2023-30657 2023-07-06 02h51 +00:00 Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
7.8
High
CVE-2023-30656 2023-07-06 02h51 +00:00 Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1 allows attackers to launch certain activities.
8.5
High
CVE-2023-30655 2023-07-06 02h51 +00:00 Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
8.5
High
CVE-2023-30653 2023-07-06 02h50 +00:00 Out of bounds read and write in enableTspDevice of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.
7.8
High
CVE-2023-30652 2023-07-06 02h50 +00:00 Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.
7.8
High
CVE-2023-30651 2023-07-06 02h50 +00:00 Out of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.
7.8
High
CVE-2023-30650 2023-07-06 02h50 +00:00 Out of bounds read and write in callrunTspCmd of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.
7.8
High
CVE-2023-30649 2023-07-06 02h50 +00:00 Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.
7.8
High
CVE-2023-30648 2023-07-06 02h50 +00:00 Stack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of RILD priro to SMR Jul-2023 Release 1 cause a denial of service on the system.
5.5
Medium
CVE-2023-30647 2023-07-06 02h50 +00:00 Heap out of bound write vulnerability in IpcRxUsimPhoneBookCapa of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.
7.8
High
CVE-2023-30646 2023-07-06 02h50 +00:00 Heap out of bound write vulnerability in BroadcastSmsConfig of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.
7.8
High
CVE-2023-30645 2023-07-06 02h50 +00:00 Heap out of bound write vulnerability in IpcRxIncomingCBMsg of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.
7.8
High
CVE-2023-30644 2023-07-06 02h50 +00:00 Stack out of bound write vulnerability in CdmaSmsParser of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.
7.8
High
CVE-2023-30643 2023-07-06 02h50 +00:00 Missing authentication vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to delete arbitrary non-preloaded applications.
7.7
High
CVE-2023-30642 2023-07-06 02h50 +00:00 Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to call privilege function.
6.2
Medium
CVE-2023-30640 2023-07-06 02h44 +00:00 Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugration.
4.3
Medium
CVE-2023-21512 2023-06-27 22h00 +00:00 Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission.
3.3
Low
CVE-2023-21513 2023-06-27 22h00 +00:00 Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition.
6.8
Medium
CVE-2023-21484 2023-05-04 00h00 +00:00 Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation.
7.8
High
CVE-2023-21485 2023-05-04 00h00 +00:00 Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.
5.3
Medium
CVE-2023-21486 2023-05-04 00h00 +00:00 Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.
5.3
Medium
CVE-2023-21487 2023-05-04 00h00 +00:00 Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting.
5.1
Medium
CVE-2023-21488 2023-05-04 00h00 +00:00 Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips.
7.8
High
CVE-2023-21489 2023-05-04 00h00 +00:00 Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code.
7.1
High
CVE-2023-21490 2023-05-04 00h00 +00:00 Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager.
7.1
High
CVE-2023-21491 2023-05-04 00h00 +00:00 Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege.
8.5
High
CVE-2023-21492 2023-05-04 00h00 +00:00 Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.
4.4
Medium
CVE-2023-21493 2023-05-04 00h00 +00:00 Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data.
6.8
Medium
CVE-2023-21495 2023-05-04 00h00 +00:00 Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set.
5.5
Medium
CVE-2023-21496 2023-05-04 00h00 +00:00 Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level.
6.1
Medium
CVE-2023-21502 2023-05-04 00h00 +00:00 Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands.
7.8
High
CVE-2023-21504 2023-05-04 00h00 +00:00 Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.
9.8
Critical
CVE-2023-21449 2023-03-16 00h00 +00:00 Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission.
5.5
Medium
CVE-2023-21452 2023-03-16 00h00 +00:00 Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device.
3.3
Low
CVE-2023-21454 2023-03-16 00h00 +00:00 Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows physical attacker to access users text history on the lockscreen.
2.4
Low
CVE-2023-21456 2023-03-16 00h00 +00:00 Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar-2023 Release 1 allows attacker to access arbitrary file with system uid.
9
Critical
CVE-2023-21457 2023-03-16 00h00 +00:00 Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission.
8.1
High
CVE-2023-21458 2023-03-16 00h00 +00:00 Improper privilege management vulnerability in PhoneStatusBarPolicy in System UI prior to SMR Mar-2023 Release 1 allows attacker to turn off Do not disturb via unprotected intent.
6.2
Medium
CVE-2023-21459 2023-03-16 00h00 +00:00 Use after free vulnerability in decon driver prior to SMR Mar-2023 Release 1 allows attackers to cause memory access fault.
9.8
Critical
CVE-2023-21460 2023-03-16 00h00 +00:00 Improper authentication in SecSettings prior to SMR Mar-2023 Release 1 allows attacker to reset the setting.
4.4
Medium
CVE-2023-21461 2023-03-15 23h00 +00:00 Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device off via unprotected activity.
5.5
Medium
CVE-2023-21421 2023-02-09 00h00 +00:00 Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.
7.8
High
CVE-2023-21422 2023-02-09 00h00 +00:00 Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService.
5.7
Medium
CVE-2023-21423 2023-02-09 00h00 +00:00 Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action.
5.5
Medium
CVE-2023-21424 2023-02-09 00h00 +00:00 Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand.
5.1
Medium
CVE-2023-21425 2023-02-09 00h00 +00:00 Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information.
5.5
Medium
CVE-2023-21427 2023-02-09 00h00 +00:00 Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition.
6.5
Medium
CVE-2023-21428 2023-02-09 00h00 +00:00 Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call. The patch removes unused code.
4
Medium
CVE-2023-21429 2023-02-09 00h00 +00:00 Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID.
4
Medium
CVE-2023-21430 2023-02-09 00h00 +00:00 An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR JAN-2023 Release 1 allows attacker to cause memory access fault.
7.8
High
CVE-2023-21435 2023-02-09 00h00 +00:00 Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log.
5.5
Medium
CVE-2023-21436 2023-02-09 00h00 +00:00 Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID.
3.3
Low
CVE-2023-21437 2023-02-09 00h00 +00:00 Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast.
5.5
Medium
CVE-2023-21438 2023-02-09 00h00 +00:00 Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder.
2.4
Low
CVE-2023-21439 2023-02-09 00h00 +00:00 Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allows attackers to launch certain activities.
8.5
High
CVE-2023-21441 2023-02-09 00h00 +00:00 Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12) allows local attacker to access protected files via unused code.
7.4
High
CVE-2023-21442 2023-02-09 00h00 +00:00 Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) allows local attackers to get device location information.
5.5
Medium
CVE-2023-21445 2023-02-09 00h00 +00:00 Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13) allows local attacker to write file with MyFiles privilege via implicit intent.
7.8
High
CVE-2023-21446 2023-02-09 00h00 +00:00 Improper input validation in MyFiles prior to version 12.2.09 in Android R(11), 13.1.03.501 in Android S( 12) and 14.1.00.422 in Android T(13) allows local attacker to access data of MyFiles.
6.2
Medium
CVE-2023-21451 2023-02-09 00h00 +00:00 A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allows attacker to cause memory corruptions.
7.8
High