Lucene search

K
SamsungAndroid

78 matches found

CVE
CVE
added 2021/10/06 6:15 p.m.396 views

CVE-2021-25489

Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic.

5.5CVSS5.6AI score0.00289EPSS
CVE
CVE
added 2024/01/04 1:15 a.m.64 views

CVE-2024-20804

Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.

5.5CVSS5.4AI score0.00096EPSS
CVE
CVE
added 2024/09/04 6:15 a.m.64 views

CVE-2024-34647

Incorrect use of privileged API in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to knox without proper license.

5.5CVSS6.8AI score0.00036EPSS
CVE
CVE
added 2025/02/04 8:15 a.m.61 views

CVE-2025-20892

Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability.

5.9CVSS6.9AI score0.00024EPSS
CVE
CVE
added 2023/10/04 4:15 a.m.57 views

CVE-2023-30731

Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type.

5.7CVSS4.7AI score0.00069EPSS
CVE
CVE
added 2024/03/05 5:15 a.m.55 views

CVE-2024-20830

Incorrect default permission in AppLock prior to SMR MAr-2024 Release 1 allows local attackers to configure AppLock settings.

5.3CVSS5.1AI score0.00063EPSS
CVE
CVE
added 2025/02/04 8:15 a.m.55 views

CVE-2025-20887

Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.

5.5CVSS6.9AI score0.00017EPSS
CVE
CVE
added 2024/01/04 1:15 a.m.54 views

CVE-2024-20805

Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.

5.5CVSS5.4AI score0.00069EPSS
CVE
CVE
added 2023/08/10 2:15 a.m.53 views

CVE-2023-30698

Improper access control vulnerability in TelephonyUI prior to SMR Aug-2023 Release 1 allows local attacker to connect BLE without privilege.

5.5CVSS5.3AI score0.00045EPSS
CVE
CVE
added 2024/02/06 3:15 a.m.53 views

CVE-2024-20814

Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows local attackers access unauthorized information.

5.5CVSS5.3AI score0.00053EPSS
CVE
CVE
added 2024/03/05 5:15 a.m.51 views

CVE-2024-20836

Out of bounds Read vulnerability in ssmis_get_frm in libsubextractor.so prior to SMR Mar-2024 Release 1 allows local attackers to read out of bounds memory.

5.5CVSS3.9AI score0.0007EPSS
CVE
CVE
added 2025/02/04 8:15 a.m.51 views

CVE-2025-20889

Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.

5.5CVSS6.9AI score0.00017EPSS
CVE
CVE
added 2023/02/09 7:15 p.m.50 views

CVE-2023-21422

Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService.

5.7CVSS5.4AI score0.00047EPSS
CVE
CVE
added 2023/02/09 7:15 p.m.49 views

CVE-2023-21424

Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand.

5.1CVSS4.1AI score0.00029EPSS
CVE
CVE
added 2024/07/02 10:15 a.m.49 views

CVE-2024-20897

Use of implicit intent for sensitive communication in FCM function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.

5.5CVSS6.8AI score0.00039EPSS
CVE
CVE
added 2023/02/09 7:15 p.m.48 views

CVE-2023-21437

Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast.

5.5CVSS5.2AI score0.00056EPSS
CVE
CVE
added 2024/07/02 10:15 a.m.48 views

CVE-2024-20898

Use of implicit intent for sensitive communication in SoftphoneClient in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.

5.5CVSS6.8AI score0.00036EPSS
CVE
CVE
added 2025/02/04 8:15 a.m.48 views

CVE-2025-20891

Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.

5.5CVSS6.9AI score0.00017EPSS
CVE
CVE
added 2024/02/06 3:15 a.m.47 views

CVE-2024-20811

Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer.

5.1CVSS4AI score0.00047EPSS
CVE
CVE
added 2024/05/07 5:15 a.m.47 views

CVE-2024-20858

Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.

5.5CVSS6.2AI score0.00074EPSS
CVE
CVE
added 2024/07/02 10:15 a.m.47 views

CVE-2024-20896

Use of implicit intent for sensitive communication in Configuration message prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.

5.5CVSS6.8AI score0.00041EPSS
CVE
CVE
added 2024/07/02 10:15 a.m.47 views

CVE-2024-34590

Improper input validation혻in parsing an item type from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.

5.3CVSS4.9AI score0.00297EPSS
CVE
CVE
added 2025/04/08 5:15 a.m.47 views

CVE-2025-20934

Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege.

5.5CVSS6.8AI score0.00017EPSS
CVE
CVE
added 2023/02/09 7:15 p.m.45 views

CVE-2023-21426

Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN.

5.5CVSS5.4AI score0.00076EPSS
CVE
CVE
added 2024/05/07 5:15 a.m.45 views

CVE-2024-20857

Improper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.

5.5CVSS6.2AI score0.00074EPSS
CVE
CVE
added 2024/05/07 5:15 a.m.45 views

CVE-2024-20864

Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system resources.

5.5CVSS6.5AI score0.00096EPSS
CVE
CVE
added 2024/07/08 7:15 a.m.45 views

CVE-2024-34603

Improper access control in Samsung Message prior to SMR Jul-2024 Release 1 allows local attackers to access location data.

5.5CVSS4.3AI score0.00036EPSS
CVE
CVE
added 2025/02/04 8:15 a.m.45 views

CVE-2025-20893

Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications.

5.1CVSS6.8AI score0.00031EPSS
CVE
CVE
added 2024/05/07 5:15 a.m.44 views

CVE-2024-20859

Improper access control vulnerability in FactoryCamera prior to SMR May-2024 Release 1 allows local attackers to take pictures without privilege.

5.5CVSS6.5AI score0.00077EPSS
CVE
CVE
added 2024/07/02 10:15 a.m.44 views

CVE-2024-34594

Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local attackers to read kernel memory address.

5.5CVSS6.2AI score0.00038EPSS
CVE
CVE
added 2024/07/08 7:15 a.m.44 views

CVE-2024-34602

Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability.

5.5CVSS3.9AI score0.00027EPSS
CVE
CVE
added 2025/05/07 9:15 a.m.44 views

CVE-2025-20954

Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability.

5.5CVSS5.4AI score0.00017EPSS
CVE
CVE
added 2025/05/07 9:15 a.m.44 views

CVE-2025-20961

Improper handling of insufficient permission or privileges in sepunion service prior to SMR May-2025 Release 1 allows local privileged attackers to access files with system privilege.

5.5CVSS5.3AI score0.00017EPSS
CVE
CVE
added 2023/08/10 2:15 a.m.43 views

CVE-2023-30700

PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1 allows local attackers to access ContentProvider without proper permission.

5.3CVSS4AI score0.00067EPSS
CVE
CVE
added 2024/09/04 6:15 a.m.43 views

CVE-2024-34648

Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allows local attackers to access sensitive data.

5.5CVSS6.7AI score0.00028EPSS
CVE
CVE
added 2023/03/16 9:15 p.m.41 views

CVE-2023-21449

Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission.

5.5CVSS5.2AI score0.0006EPSS
CVE
CVE
added 2023/12/05 3:15 a.m.41 views

CVE-2023-42570

Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN.

5.9CVSS4.1AI score0.00135EPSS
CVE
CVE
added 2024/07/02 10:15 a.m.41 views

CVE-2024-20889

Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair with devices.

5.9CVSS7.2AI score0.00036EPSS
CVE
CVE
added 2024/07/02 10:15 a.m.41 views

CVE-2024-20899

Use of implicit intent for sensitive communication in RCS function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.

5.5CVSS6.8AI score0.00036EPSS
CVE
CVE
added 2024/07/02 10:15 a.m.40 views

CVE-2024-34591

Improper input validation in parsing an item data from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.

5.3CVSS7.1AI score0.00297EPSS
CVE
CVE
added 2024/07/02 10:15 a.m.40 views

CVE-2024-34592

Improper input validation in parsing RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.

5.3CVSS7.1AI score0.00297EPSS
CVE
CVE
added 2024/09/04 6:15 a.m.40 views

CVE-2024-34641

Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuration.

5.1CVSS6.8AI score0.00045EPSS
CVE
CVE
added 2023/09/06 4:15 a.m.39 views

CVE-2023-30720

PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access.

5.5CVSS5.6AI score0.001EPSS
CVE
CVE
added 2023/10/04 4:15 a.m.39 views

CVE-2023-30732

Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number.

5.5CVSS4AI score0.00109EPSS
CVE
CVE
added 2024/07/02 10:15 a.m.39 views

CVE-2024-34586

Improper access control in KnoxCustomManagerService prior to SMR Jul-2024 Release 1 allows local attackers to configure Knox privacy policy.

5.9CVSS6.8AI score0.00043EPSS
CVE
CVE
added 2023/02/09 7:15 p.m.38 views

CVE-2023-21423

Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action.

5.5CVSS5.4AI score0.00044EPSS
CVE
CVE
added 2024/11/06 3:15 a.m.38 views

CVE-2024-34680

Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information.

5.5CVSS4.3AI score0.00027EPSS
CVE
CVE
added 2025/05/07 9:15 a.m.38 views

CVE-2025-20955

Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackers to access notification images.

5.5CVSS5.3AI score0.00018EPSS
CVE
CVE
added 2023/05/04 9:15 p.m.37 views

CVE-2023-21486

Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.

5.3CVSS4.5AI score0.00072EPSS
CVE
CVE
added 2023/08/10 2:15 a.m.37 views

CVE-2023-30701

PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1 allows local attacker to arbitrary file access.

5.5CVSS5.4AI score0.00054EPSS
Total number of security vulnerabilities78