Android Security Vulnerabilities - CVSS Score 5 - 6
Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService.
5.7CVSS
5.4AI Score
0.0004EPSS
Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action.
5.5CVSS
5.4AI Score
0.0004EPSS
Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand.
5.1CVSS
4.1AI Score
0.0004EPSS
Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information.
5.5CVSS
5.3AI Score
0.0004EPSS
Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN.
5.5CVSS
5.4AI Score
0.0004EPSS
Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log.
5.5CVSS
5.3AI Score
0.0004EPSS
Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast.
5.5CVSS
5.2AI Score
0.0004EPSS
Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) allows local attackers to get device location information.
5.5CVSS
5.3AI Score
0.0004EPSS
Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission.
5.5CVSS
5.2AI Score
0.0004EPSS
Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device off via unprotected activity.
5.5CVSS
5.3AI Score
0.0004EPSS
Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.
5.3CVSS
4.5AI Score
0.001EPSS
Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.
5.3CVSS
4.5AI Score
0.001EPSS
Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting.
5.1CVSS
4AI Score
0.0004EPSS
Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set.
5.5CVSS
5.4AI Score
0.0004EPSS
Stack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of RILD priro to SMR Jul-2023 Release 1 cause a denial of service on the system.
5.5CVSS
5.5AI Score
0.0004EPSS
Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege.
5.1CVSS
4.1AI Score
0.0004EPSS
Improper access control vulnerability in TelephonyUI prior to SMR Aug-2023 Release 1 allows local attacker to connect BLE without privilege.
5.5CVSS
5.3AI Score
0.0004EPSS
PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1 allows local attackers to access ContentProvider without proper permission.
5.3CVSS
4AI Score
0.0004EPSS
PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1 allows local attacker to arbitrary file access.
5.5CVSS
5.4AI Score
0.0004EPSS
Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands.
5.5CVSS
5.4AI Score
0.0004EPSS
PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access.
5.5CVSS
5.6AI Score
0.0004EPSS
Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type.
5.7CVSS
4.7AI Score
0.0004EPSS
Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number.
5.5CVSS
4AI Score
0.0004EPSS
Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information.
5.6CVSS
5.3AI Score
0.0004EPSS
Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1 allows attacker to get sensitive information.
5.5CVSS
5.4AI Score
0.001EPSS
Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time.
5.2CVSS
5.2AI Score
0.001EPSS
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN.
5.9CVSS
4.1AI Score
0.0004EPSS
Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.
5.5CVSS
5.4AI Score
0.0004EPSS
Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.
5.5CVSS
5.4AI Score
0.0004EPSS
Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer.
5.1CVSS
4AI Score
0.0004EPSS
Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows local attackers access unauthorized information.
5.5CVSS
5.3AI Score
0.0004EPSS
Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair with devices.
5.9CVSS
7.2AI Score
0.0004EPSS
Use of implicit intent for sensitive communication in Configuration message prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
5.5CVSS
6.8AI Score
0.0004EPSS
Use of implicit intent for sensitive communication in FCM function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
5.5CVSS
6.8AI Score
0.0004EPSS
Use of implicit intent for sensitive communication in SoftphoneClient in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
5.5CVSS
6.8AI Score
0.0004EPSS
Use of implicit intent for sensitive communication in RCS function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
5.5CVSS
6.8AI Score
0.0004EPSS
Improper access control in KnoxCustomManagerService prior to SMR Jul-2024 Release 1 allows local attackers to configure Knox privacy policy.
5.9CVSS
6.8AI Score
0.0004EPSS
Improper input validation혻in parsing an item type from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
5.3CVSS
4.9AI Score
0.0005EPSS
Improper input validation in parsing an item data from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
5.3CVSS
7.1AI Score
0.0005EPSS
Improper input validation in parsing RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
5.3CVSS
7.1AI Score
0.0005EPSS
Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local attackers to read kernel memory address.
5.5CVSS
6.2AI Score
0.0004EPSS
Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability.
5.5CVSS
3.9AI Score
0.001EPSS
Improper access control in Samsung Message prior to SMR Jul-2024 Release 1 allows local attackers to access location data.
5.5CVSS
4.3AI Score
0.0004EPSS
Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1 allows local attackers to access protected data.
5.5CVSS
6.8AI Score
0.0004EPSS
Improper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get sensitive information.
5.5CVSS
6.7AI Score
0.0004EPSS
Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data.
5.5CVSS
5.1AI Score
0.0004EPSS
Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuration.
5.1CVSS
6.8AI Score
0.0004EPSS
Improper access control in key input related function in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability.
5.5CVSS
6.8AI Score
0.001EPSS
Improper access control in item selection related in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability.
5.5CVSS
6.8AI Score
0.001EPSS
Incorrect use of privileged API in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to knox without proper license.
5.5CVSS
6.8AI Score
0.0004EPSS