179 matches found
CVE-2024-49411
Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege.
CVE-2024-20843
Out-of-bound write vulnerability in command parsing implementation of libIfaaCa prior to SMR Apr-2024 Release 1 allows local privileged attackers to execute arbitrary code.
CVE-2024-20894
Improper handling of exceptional conditions in Secure Folder prior to SMR Jul-2024 Release 1 allows physical attackers to bypass authentication under certain condition. User interaction is required for triggering this vulnerability.
CVE-2024-34651
Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access restricted data in My Files.
CVE-2024-34678
Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption.
CVE-2024-34680
Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information.
CVE-2024-49410
Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code.
CVE-2024-49414
Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list.
CVE-2024-49415
Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.
CVE-2025-20955
Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackers to access notification images.
CVE-2024-20812
Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.
CVE-2024-20890
Improper input validation in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to trigger abnormal behavior.
CVE-2024-34588
Improper input validation혻in parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
CVE-2024-34654
Improper Export of android application component in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access files with My Files' privilege.
CVE-2024-34667
Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
CVE-2024-34673
Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service.
CVE-2024-34675
Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen.
CVE-2024-34679
Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege.
CVE-2025-20959
Use of implicit intent for sensitive communication in Wi-Fi P2P service prior to SMR May-2025 Release 1 allows local attackers to access sensitive information.
CVE-2024-20806
Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data.
CVE-2024-20816
Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.
CVE-2024-20873
Improper input validation vulnerability in caminfo driver prior to SMR Jun-2024 Release 1 allows local privileged attackers to write out-of-bounds memory.
CVE-2024-34637
Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on starting services from the background.
CVE-2024-34638
Improper handling of exceptional conditions in ThemeCenter prior to SMR Sep-2024 Release 1 allows local attackers to delete non-preloaded applications.
CVE-2024-34642
Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access sensitive information.
CVE-2024-34653
Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access directories with My Files' privilege.
CVE-2024-34676
Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. User interaction is required for triggering this vulnerability.
CVE-2025-20953
Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN.
CVE-2025-20958
Improper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1 allows local attackers to manipulate VoWiFi related behaviors.
CVE-2024-34614
Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code.
CVE-2024-34639
Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows physical attackers to bypass proper validation.
CVE-2024-34644
Improper access control in item selection related in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability.
CVE-2024-34649
Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access an unlocked screen.
CVE-2024-34665
Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
CVE-2023-42559
Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time.
CVE-2023-42566
Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code.
CVE-2023-42557
Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system attackers to execute arbitrary code.
CVE-2024-20815
Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.
CVE-2024-20877
Heap out-of-bound write vulnerability in parsing grid image header in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers to execute arbitrary code.
CVE-2024-20885
Improper component protection vulnerability in Samsung Dialer prior to SMR May-2024 Release 1 allows local attackers to make a call without proper permission.
CVE-2024-34609
Improper access control in VoiceNoteService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
CVE-2024-34640
Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows local attackers to bypass restriction of process expiration.
CVE-2024-34682
Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode.
CVE-2023-42556
Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1 allows attacker to get sensitive information.
CVE-2023-42565
Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary code.
CVE-2023-42567
Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1 allows stack-based buffer overflow.
CVE-2024-20878
Heap out-of-bound write vulnerability in parsing grid image in libsavscmn.so prior to SMR June-2024 Release 1 allows local attackers to execute arbitrary code.
CVE-2024-20880
Stack-based buffer overflow vulnerability in bootloader prior to SMR Jun-2024 Release 1 allows physical attackers to overwrite memory.
CVE-2023-42561
Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code.
CVE-2024-20874
Improper access control vulnerability in SmartManagerCN prior to SMR Jun-2024 Release 1 allows local attackers to launch privileged activities.