Samsung Android 13.0 SMR-OCT-2023-R1

CPE Details

Samsung Android 13.0 SMR-OCT-2023-R1
13.0
2023-02-17
14h41 +00:00
2023-02-17
17h57 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:o:samsung:android:13.0:smr-oct-2023-r1:*:*:*:*:*:*

Informations

Vendor

samsung

Product

android

Version

13.0

Update

smr-oct-2023-r1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2025-20907 2025-02-04 07h24 +00:00 Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find.
6
Medium
CVE-2025-20905 2025-02-04 07h24 +00:00 Out-of-bounds read and write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to read and write out-of-bounds memory.
6.7
Medium
CVE-2025-20904 2025-02-04 07h24 +00:00 Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to cause memory corruption.
6.7
Medium
CVE-2025-20892 2025-02-04 07h19 +00:00 Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability.
5.9
Medium
CVE-2025-20891 2025-02-04 07h19 +00:00 Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
5.5
Medium
CVE-2025-20890 2025-02-04 07h19 +00:00 Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
7.8
High
CVE-2025-20889 2025-02-04 07h19 +00:00 Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
5.5
Medium
CVE-2025-20888 2025-02-04 07h19 +00:00 Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
7.8
High
CVE-2025-20887 2025-02-04 07h19 +00:00 Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.
5.5
Medium
CVE-2025-20886 2025-02-04 07h19 +00:00 Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key.
4.4
Medium
CVE-2025-20885 2025-02-04 07h19 +00:00 Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption.
6.7
Medium
CVE-2025-20884 2025-02-04 07h19 +00:00 Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.
4.6
Medium
CVE-2025-20883 2025-02-04 07h19 +00:00 Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.
4.6
Medium
CVE-2025-20882 2025-02-04 07h19 +00:00 Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
7.8
High
CVE-2025-20881 2025-02-04 07h19 +00:00 Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.
7.8
High
CVE-2024-49415 2024-12-03 05h47 +00:00 Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.
9.8
Critical
CVE-2024-49414 2024-12-03 05h47 +00:00 Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list.
2.4
Low
CVE-2024-49413 2024-12-03 05h47 +00:00 Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.
7.8
High
CVE-2024-49411 2024-12-03 05h47 +00:00 Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege.
4.6
Medium
CVE-2024-49410 2024-12-03 05h47 +00:00 Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code.
7.8
High
CVE-2024-49401 2024-11-06 02h17 +00:00 Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities.
7.1
High
CVE-2024-34680 2024-11-06 02h17 +00:00 Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information.
5.5
Medium
CVE-2024-34678 2024-11-06 02h17 +00:00 Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption.
7.8
High
CVE-2024-34677 2024-11-06 02h17 +00:00 Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate.
4
Medium
CVE-2024-34676 2024-11-06 02h17 +00:00 Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. User interaction is required for triggering this vulnerability.
7.3
High
CVE-2024-34674 2024-11-06 02h17 +00:00 Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles.
4.6
Medium
CVE-2024-34673 2024-11-06 02h16 +00:00 Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service.
5.5
Medium
CVE-2024-34669 2024-10-08 06h30 +00:00 Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
8.8
High
CVE-2024-34668 2024-10-08 06h30 +00:00 Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
8.8
High
CVE-2024-34667 2024-10-08 06h30 +00:00 Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
8.8
High
CVE-2024-34666 2024-10-08 06h30 +00:00 Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
8.8
High
CVE-2024-34665 2024-10-08 06h30 +00:00 Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
8.8
High
CVE-2024-34662 2024-10-08 06h30 +00:00 Improper access control in ActivityManager prior to SMR Oct-2024 Release 1 in select Android 12, 13 and SMR Sep-2024 Release 1 in select Android 14 allows local attackers to execute privileged behaviors.
7.8
High
CVE-2024-34655 2024-09-04 05h32 +00:00 Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1 allows local attackers to access privileged API related to UniversalCredentialManager.
6.2
Medium
CVE-2024-34654 2024-09-04 05h32 +00:00 Improper Export of android application component in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access files with My Files' privilege.
6.2
Medium
CVE-2024-34653 2024-09-04 05h32 +00:00 Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access directories with My Files' privilege.
4.6
Medium
CVE-2024-34652 2024-09-04 05h32 +00:00 Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to access information related to performance including app usage.
4
Medium
CVE-2024-34651 2024-09-04 05h32 +00:00 Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access restricted data in My Files.
6.2
Medium
CVE-2024-34648 2024-09-04 05h32 +00:00 Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allows local attackers to access sensitive data.
5.5
Medium
CVE-2024-34647 2024-09-04 05h32 +00:00 Incorrect use of privileged API in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to knox without proper license.
5.5
Medium
CVE-2024-34646 2024-09-04 05h32 +00:00 Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to cause local permanent denial of service.
6.6
Medium
CVE-2024-34645 2024-09-04 05h32 +00:00 Improper input validation in ThemeCenter prior to SMR Sep-2024 Release 1 allows physical attackers to install privileged applications.
6.1
Medium
CVE-2024-34642 2024-09-04 05h32 +00:00 Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access sensitive information.
4.6
Medium
CVE-2024-34620 2024-08-07 01h30 +00:00 Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1 allows local attackers to start privileged service.
8.4
High
CVE-2024-34619 2024-08-07 01h30 +00:00 Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
8.8
High
CVE-2024-34618 2024-08-07 01h30 +00:00 Improper access control in System property prior to SMR Aug-2024 Release 1 allows local attackers to access cell related information.
4
Medium
CVE-2024-34616 2024-08-07 01h30 +00:00 Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data.
5.5
Medium
CVE-2024-34615 2024-08-07 01h30 +00:00 Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to cause memory corruption.
7.8
High
CVE-2024-34614 2024-08-07 01h30 +00:00 Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code.
7.8
High
CVE-2024-34612 2024-08-07 01h30 +00:00 Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code.
7.8
High
CVE-2024-34611 2024-08-07 01h30 +00:00 Improper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get sensitive information.
5.5
Medium
CVE-2024-34610 2024-08-07 01h30 +00:00 Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1 allows local attackers to access protected data.
5.5
Medium
CVE-2024-34609 2024-08-07 01h29 +00:00 Improper access control in VoiceNoteService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
6.2
Medium
CVE-2024-34608 2024-08-07 01h29 +00:00 Improper access control in PaymentManagerService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
6.2
Medium
CVE-2024-34607 2024-08-07 01h29 +00:00 Improper access control in SamsungNotesService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
6.2
Medium
CVE-2024-34606 2024-08-07 01h29 +00:00 Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
6.2
Medium
CVE-2024-34605 2024-08-07 01h29 +00:00 Improper access control in SamsungHealthService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
6.2
Medium
CVE-2024-34604 2024-08-07 01h29 +00:00 Improper access control in LedCoverService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
6.2
Medium
CVE-2024-34603 2024-07-08 06h12 +00:00 Improper access control in Samsung Message prior to SMR Jul-2024 Release 1 allows local attackers to access location data.
5.5
Medium
CVE-2024-34602 2024-07-08 06h12 +00:00 Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability.
5.5
Medium
CVE-2024-34595 2024-07-02 09h23 +00:00 Improper access control in clickAdapterItem of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.
7.8
High
CVE-2024-34594 2024-07-02 09h23 +00:00 Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local attackers to read kernel memory address.
5.5
Medium
CVE-2024-34593 2024-07-02 09h23 +00:00 Improper input validation in parsing and distributing RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
8.8
High
CVE-2024-34592 2024-07-02 09h23 +00:00 Improper input validation in parsing RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
5.3
Medium
CVE-2024-34591 2024-07-02 09h23 +00:00 Improper input validation in parsing an item data from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
5.3
Medium
CVE-2024-34590 2024-07-02 09h23 +00:00 Improper input validation혻in parsing an item type from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
5.3
Medium
CVE-2024-34589 2024-07-02 09h23 +00:00 Improper input validation in parsing RTCP RR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
6.5
Medium
CVE-2024-34588 2024-07-02 09h23 +00:00 Improper input validation혻in parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
6.5
Medium
CVE-2024-34587 2024-07-02 09h23 +00:00 Improper input validation in parsing application information from RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
7.5
High
CVE-2024-34586 2024-07-02 09h23 +00:00 Improper access control in KnoxCustomManagerService prior to SMR Jul-2024 Release 1 allows local attackers to configure Knox privacy policy.
5.9
Medium
CVE-2024-34585 2024-07-02 09h23 +00:00 Improper access control in launchApp of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.
7.8
High
CVE-2024-34583 2024-07-02 09h23 +00:00 Improper access control in system property prior to SMR Jul-2024 Release 1 allows local attackers to get device identifier.
4
Medium
CVE-2024-20901 2024-07-02 09h20 +00:00 Improper input validation in copying data to buffer cache in libsaped prior to SMR Jul-2024 Release 1 allows local attackers to write out-of-bounds memory.
7.8
High
CVE-2024-20900 2024-07-02 09h20 +00:00 Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to enter MTP mode without proper authentication.
4
Medium
CVE-2024-20899 2024-07-02 09h20 +00:00 Use of implicit intent for sensitive communication in RCS function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
5.5
Medium
CVE-2024-20898 2024-07-02 09h20 +00:00 Use of implicit intent for sensitive communication in SoftphoneClient in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
5.5
Medium
CVE-2024-20897 2024-07-02 09h20 +00:00 Use of implicit intent for sensitive communication in FCM function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
5.5
Medium
CVE-2024-20896 2024-07-02 09h20 +00:00 Use of implicit intent for sensitive communication in Configuration message prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
5.5
Medium
CVE-2024-20895 2024-07-02 09h20 +00:00 Improper access control in Dar service prior to SMR Jul-2024 Release 1 allows local attackers to bypass restriction for calling SDP features.
7.7
High
CVE-2024-20894 2024-07-02 09h20 +00:00 Improper handling of exceptional conditions in Secure Folder prior to SMR Jul-2024 Release 1 allows physical attackers to bypass authentication under certain condition. User interaction is required for triggering this vulnerability.
4.3
Medium
CVE-2024-20893 2024-07-02 09h20 +00:00 Improper input validation in libmediaextractorservice.so prior to SMR Jul-2024 Release 1 allows local attackers to trigger memory corruption.
7.8
High
CVE-2024-20892 2024-07-02 09h20 +00:00 Improper verification of signature in FilterProvider prior to SMR Jul-2024 Release 1 allows local attackers to execute privileged behaviors. User interaction is required for triggering this vulnerability.
7.8
High
CVE-2024-20891 2024-07-02 09h20 +00:00 Improper access control in launchFullscreenIntent of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.
7.8
High
CVE-2024-20890 2024-07-02 09h20 +00:00 Improper input validation in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to trigger abnormal behavior.
8.8
High
CVE-2024-20889 2024-07-02 09h20 +00:00 Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair with devices.
5.9
Medium
CVE-2024-20888 2024-07-02 09h20 +00:00 Improper access control in OneUIHome prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.
7.8
High
CVE-2024-20882 2024-06-04 06h42 +00:00 Out-of-bounds read vulnerability in bootloader prior to SMR June-2024 Release 1 allows physical attackers to arbitrary data access.
4.6
Medium
CVE-2024-20881 2024-06-04 06h42 +00:00 Improper input validation vulnerability in chnactiv TA prior to SMR Jun-2024 Release 1 allows local privileged attackers lead to potential arbitrary code execution.
6.7
Medium
CVE-2024-20880 2024-06-04 06h42 +00:00 Stack-based buffer overflow vulnerability in bootloader prior to SMR Jun-2024 Release 1 allows physical attackers to overwrite memory.
6.8
Medium
CVE-2024-20879 2024-06-04 06h42 +00:00 Improper input validation vulnerability in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers to write out-of-bounds memory.
7.1
High
CVE-2024-20878 2024-06-04 06h42 +00:00 Heap out-of-bound write vulnerability in parsing grid image in libsavscmn.so prior to SMR June-2024 Release 1 allows local attackers to execute arbitrary code.
7.8
High
CVE-2024-20877 2024-06-04 06h42 +00:00 Heap out-of-bound write vulnerability in parsing grid image header in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers to execute arbitrary code.
7.8
High
CVE-2024-20876 2024-06-04 06h42 +00:00 Improper input validation in libsheifdecadapter.so prior to SMR Jun-2024 Release 1 allows local attackers to lead to memory corruption.
7.8
High
CVE-2024-20875 2024-06-04 06h42 +00:00 Improper caller verification vulnerability in SemClipboard prior to SMR June-2024 Release 1 allows local attackers to access arbitrary files.
5.5
Medium
CVE-2024-20874 2024-06-04 06h42 +00:00 Improper access control vulnerability in SmartManagerCN prior to SMR Jun-2024 Release 1 allows local attackers to launch privileged activities.
7.9
High
CVE-2024-20866 2024-05-07 04h28 +00:00 Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical attackers to skip activation step.
6.6
Medium
CVE-2024-20865 2024-05-07 04h28 +00:00 Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary images.
6.8
Medium
CVE-2024-20863 2024-05-07 04h28 +00:00 Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code.
6.7
Medium
CVE-2024-20862 2024-05-07 04h28 +00:00 Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code.
6.7
Medium
CVE-2024-20861 2024-05-07 04h28 +00:00 Use after free vulnerability in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to cause memory corruption.
6.7
Medium
CVE-2024-20859 2024-05-07 04h28 +00:00 Improper access control vulnerability in FactoryCamera prior to SMR May-2024 Release 1 allows local attackers to take pictures without privilege.
5.5
Medium
CVE-2024-20858 2024-05-07 04h28 +00:00 Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.
5.5
Medium
CVE-2024-20857 2024-05-07 04h28 +00:00 Improper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.
5.5
Medium
CVE-2024-20849 2024-04-02 02h59 +00:00 Out-of-bound Write vulnerability in chunk parsing implementation of libsdffextractor prior to SMR Apr-2023 Release 1 allows local attackers to execute arbitrary code.
7.8
High
CVE-2024-20848 2024-04-02 02h59 +00:00 Improper Input Validation vulnerability in text parsing implementation of libsdffextractor prior to SMR Apr-2024 Release 1 allows local attackers to write out-of-bounds memory.
7.8
High
CVE-2024-20847 2024-04-02 02h59 +00:00 Improper Access Control vulnerability in StorageManagerService prior to SMR Apr-2024 Release 1 allows local attackers to read sdcard information.
4
Medium
CVE-2024-20843 2024-04-02 02h59 +00:00 Out-of-bound write vulnerability in command parsing implementation of libIfaaCa prior to SMR Apr-2024 Release 1 allows local privileged attackers to execute arbitrary code.
6.7
Medium
CVE-2024-20842 2024-04-02 02h59 +00:00 Improper Input Validation vulnerability in handling apdu of libsec-ril prior to SMR Apr-2024 Release 1 allows local privileged attackers to write out-of-bounds memory.
6.7
Medium
CVE-2024-20833 2024-03-05 08h08 +00:00 Use after free vulnerability in pub_crypto_recv_msg prior to SMR Mar-2024 Release 1 due to race condition allows local attackers with system privilege to cause memory corruption.
6.4
Medium
CVE-2024-20836 2024-03-05 04h44 +00:00 Out of bounds Read vulnerability in ssmis_get_frm in libsubextractor.so prior to SMR Mar-2024 Release 1 allows local attackers to read out of bounds memory.
5.5
Medium
CVE-2024-20835 2024-03-05 04h44 +00:00 Improper access control vulnerability in CustomFrequencyManagerService prior to SMR Mar-2024 Release 1 allows local attackers to execute privileged behaviors.
7.8
High
CVE-2024-20834 2024-03-05 04h44 +00:00 The sensitive information exposure vulnerability in WlanTest prior to SMR Mar-2024 Release 1 allows local attackers to access MAC address without proper permission.
3.3
Low
CVE-2024-20832 2024-03-05 04h44 +00:00 Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary code.
6.7
Medium
CVE-2024-20831 2024-03-05 04h44 +00:00 Stack overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary code.
6.7
Medium
CVE-2024-20830 2024-03-05 04h44 +00:00 Incorrect default permission in AppLock prior to SMR MAr-2024 Release 1 allows local attackers to configure AppLock settings.
5.3
Medium
CVE-2024-20820 2024-02-06 02h23 +00:00 Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows local privileged attackers to cause an Out-Of-Bounds read.
7.1
High
CVE-2024-20819 2024-02-06 02h23 +00:00 Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.
7.8
High
CVE-2024-20818 2024-02-06 02h23 +00:00 Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.
7.8
High
CVE-2024-20817 2024-02-06 02h23 +00:00 Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.
7.8
High
CVE-2024-20816 2024-02-06 02h23 +00:00 Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.
8
High
CVE-2024-20815 2024-02-06 02h23 +00:00 Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.
8
High
CVE-2024-20814 2024-02-06 02h23 +00:00 Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows local attackers access unauthorized information.
5.5
Medium
CVE-2024-20813 2024-02-06 02h23 +00:00 Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.
8.4
High
CVE-2024-20812 2024-02-06 02h23 +00:00 Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.
8.4
High
CVE-2024-20811 2024-02-06 02h23 +00:00 Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer.
5.1
Medium
CVE-2024-20810 2024-02-06 02h23 +00:00 Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows local attackers to get sensitive information.
3.3
Low
CVE-2024-20806 2024-01-04 01h10 +00:00 Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data.
6.2
Medium
CVE-2024-20805 2024-01-04 01h10 +00:00 Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.
5.5
Medium
CVE-2024-20804 2024-01-04 01h10 +00:00 Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.
5.5
Medium
CVE-2024-20803 2024-01-04 01h10 +00:00 Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction.
6.8
Medium
CVE-2023-42563 2023-12-05 02h49 +00:00 Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.
7.8
High
CVE-2023-42570 2023-12-05 02h44 +00:00 Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN.
5.9
Medium
CVE-2023-42569 2023-12-05 02h44 +00:00 Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji.
4
Medium
CVE-2023-42568 2023-12-05 02h44 +00:00 Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system privilege.
7.3
High
CVE-2023-42566 2023-12-05 02h44 +00:00 Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code.
7.8
High
CVE-2023-42565 2023-12-05 02h44 +00:00 Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary code.
7.3
High
CVE-2023-42564 2023-12-05 02h44 +00:00 Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to send broadcast with system privilege.
6.6
Medium
CVE-2023-42562 2023-12-05 02h44 +00:00 Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.
7.8
High
CVE-2023-42561 2023-12-05 02h44 +00:00 Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code.
7.1
High
CVE-2023-42560 2023-12-05 02h44 +00:00 Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary code.
7.8
High
CVE-2023-42559 2023-12-05 02h44 +00:00 Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time.
5.2
Medium
CVE-2023-42558 2023-12-05 02h44 +00:00 Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1 allows attacker to perform code execution.
7.8
High
CVE-2023-42557 2023-12-05 02h44 +00:00 Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system attackers to execute arbitrary code.
6.7
Medium
CVE-2023-42556 2023-12-05 02h44 +00:00 Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1 allows attacker to get sensitive information.
5.5
Medium
CVE-2023-42538 2023-11-07 07h49 +00:00 An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.
7.8
High
CVE-2023-42537 2023-11-07 07h49 +00:00 An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.
8.4
High
CVE-2023-42536 2023-11-07 07h49 +00:00 An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.
8.4
High
CVE-2023-42535 2023-11-07 07h49 +00:00 Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.
8.4
High
CVE-2023-42534 2023-11-07 07h49 +00:00 Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege.
6.3
Medium
CVE-2023-42533 2023-11-07 07h49 +00:00 Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel.
6.8
Medium
CVE-2023-42532 2023-11-07 07h49 +00:00 Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information.
7.5
High
CVE-2023-42531 2023-11-07 07h49 +00:00 Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows local attackers to bypass restrictions on starting activities from the background.
7.1
High
CVE-2023-42530 2023-11-07 07h49 +00:00 Improper access control vulnerability in SecSettings prior to SMR Nov-2023 Release 1 allows attackers to enable Wi-Fi and Wi-Fi Direct without User Interaction.
7.5
High
CVE-2023-42529 2023-11-07 07h49 +00:00 Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to execute arbitrary code.
7.8
High
CVE-2023-42528 2023-11-07 07h49 +00:00 Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.
7.8
High
CVE-2023-42527 2023-11-07 07h49 +00:00 Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information.
5.6
Medium
CVE-2023-30739 2023-11-07 07h45 +00:00 Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.
7.8
High
CVE-2023-21459 2023-03-16 00h00 +00:00 Use after free vulnerability in decon driver prior to SMR Mar-2023 Release 1 allows attackers to cause memory access fault.
9.8
Critical
CVE-2023-21421 2023-02-09 00h00 +00:00 Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.
7.8
High
CVE-2023-21423 2023-02-09 00h00 +00:00 Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action.
5.5
Medium
CVE-2023-21424 2023-02-09 00h00 +00:00 Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand.
5.1
Medium
CVE-2023-21425 2023-02-09 00h00 +00:00 Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information.
5.5
Medium
CVE-2023-21427 2023-02-09 00h00 +00:00 Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition.
6.5
Medium
CVE-2023-21428 2023-02-09 00h00 +00:00 Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call. The patch removes unused code.
4
Medium
CVE-2023-21429 2023-02-09 00h00 +00:00 Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID.
4
Medium
CVE-2023-21430 2023-02-09 00h00 +00:00 An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR JAN-2023 Release 1 allows attacker to cause memory access fault.
7.8
High
CVE-2023-21435 2023-02-09 00h00 +00:00 Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log.
5.5
Medium
CVE-2023-21436 2023-02-09 00h00 +00:00 Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID.
3.3
Low
CVE-2023-21437 2023-02-09 00h00 +00:00 Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast.
5.5
Medium
CVE-2023-21439 2023-02-09 00h00 +00:00 Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allows attackers to launch certain activities.
8.5
High
CVE-2023-21440 2023-02-09 00h00 +00:00 Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture.
6.2
Medium
CVE-2023-21445 2023-02-09 00h00 +00:00 Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13) allows local attacker to write file with MyFiles privilege via implicit intent.
7.8
High
CVE-2023-21446 2023-02-09 00h00 +00:00 Improper input validation in MyFiles prior to version 12.2.09 in Android R(11), 13.1.03.501 in Android S( 12) and 14.1.00.422 in Android T(13) allows local attacker to access data of MyFiles.
6.2
Medium