CVE-2021-1012

In onResume of NotificationAccessDetails.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction ...

CVE-2021-0973

In isFileUri of UriUtil.java, there is a possible way to bypass ignoring file://URI attachment due to improper handling of case sensitivity. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product:...

CVE-2021-0999

In the broadcast definition in AndroidManifest.xml, there is a possible way to set the A2DP bluetooth device connection state due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2024-36842

An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57LV3.220220301, and Build Number PlatformVER:K24-2023/05/09-v0.01 allows a remote attacker to execute arbitrary code via the ADB port component...

CVE-2024-36842

An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57LV3.220220301, and Build Number PlatformVER:K24-2023/05/09-v0.01 allows a remote attacker to execute arbitrary code via the ADB port component...

CVE-2024-36842

An issue in Oncord+ Android Infotainment Systems OS Android 12, Model Hardware TS17,Hardware part Number F57LV3.220220301, and Build Number PlatformVER:K24-2023/05/09-v0.01 allows a remote attacker to execute arbitrary code via the ADB port component...

CVE-2025-20899

Improper access control in PushNotification prior to version 13.0.00.15 in Android 12, 14.0.00.7 in Android 13, and 15.1.00.5 in Android 14 allows local attackers to access sensitive information...

CVE-2025-20897

CVE-2025-20897 concerns Samsung Secure Folder across Android 12–14. The issue is described as improper access control within Secure Folder, enabling a local attacker to access data. Affected versions include: Android 14 — Secure Folder prior to 1.9.20.50; Android 13 — prior to 1.8.11.0; Android 1...

PT-2025-4181 · Google · Android 12 +2

Name of the Vulnerable Software and Affected Versions: PushNotification versions prior to 13.0.00.15 in Android 12 PushNotification versions prior to 14.0.00.7 in Android 13 PushNotification versions prior to 15.1.00.5 in Android 14 Description: The issue is related to improper access control in...

CVE-2024-49421

Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location...

CVE-2024-49421

Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location...

CVE-2024-49421

CVE-2024-49421 describes a path traversal flaw in Samsung Quick Share Agent. Affected: Android 12 (before 3.5.14.47), Android 13 (before 3.5.19.41), Android 14 (before 3.5.19.42). Root cause: improper validation of user-supplied path leading to arbitrary file writes. Impact: adjacent attackers co...

CVE-2024-49421

Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location...

CVE-2024-49404

Improper Access Control in Samsung Video Player prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows physical attackers to access video file of other users...

CVE-2024-49404

The CVE-2024-49404 entry concerns Samsung Video Player with an improper access control flaw that could allow a physical attacker to access other users’ video files. Affected versions are: Android 12 where versions prior to 7.3.29.1 are vulnerable; Android 13 prior to 7.3.36.1; and Android 14 prio...

CVE-2024-49404

Improper Access Control in Samsung Video Player prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows physical attackers to access video file of other users...

CVE-2024-49404

Improper Access Control in Samsung Video Player prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows physical attackers to access video file of other users...

PT-2024-33515 · Google +1 · Android 12 +3

Name of the Vulnerable Software and Affected Versions: Samsung Video Player versions prior to 7.3.29.1 on Android 12 Samsung Video Player versions prior to 7.3.36.1 on Android 13 Samsung Video Player versions prior to 7.3.41.230 on Android 14 Description: The issue is related to improper access...

CVE-2024-34672

Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows local attackers to access video file of other users...

CVE-2024-34672

Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows local attackers to access video file of other users...