Android Security Vulnerabilities and Issues — Android CVE List

Lucene search

SamsungAndroid

141 matches found

CVE•added 2024/02/06 3:15 a.m.•93 views

CVE-2024-20819

Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.

7.8CVSS7.6AI score0.00076EPSS

CVE•added 2024/03/05 5:15 a.m.•74 views

CVE-2024-20832

Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary code.

6.7CVSS6.7AI score0.00067EPSS

CVE•added 2024/03/05 5:15 a.m.•70 views

CVE-2024-20831

Stack overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary code.

6.7CVSS6.7AI score0.00072EPSS

CVE•added 2024/01/04 1:15 a.m.•64 views

CVE-2024-20804

Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.

5.5CVSS5.4AI score0.00096EPSS

CVE•added 2024/09/04 6:15 a.m.•64 views

CVE-2024-34647

Incorrect use of privileged API in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to knox without proper license.

5.5CVSS6.8AI score0.00036EPSS

CVE•added 2024/09/04 6:15 a.m.•64 views

CVE-2024-34655

Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1 allows local attackers to access privileged API related to UniversalCredentialManager.

6.2CVSS6.8AI score0.00038EPSS

CVE•added 2024/02/06 3:15 a.m.•63 views

CVE-2024-20820

Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows local privileged attackers to cause an Out-Of-Bounds read.

7.1CVSS6.6AI score0.00016EPSS

CVE•added 2024/09/04 6:15 a.m.•63 views

CVE-2024-34650

Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to Edge panel.

4CVSS6.8AI score0.00037EPSS

CVE•added 2024/02/06 3:15 a.m.•62 views

CVE-2024-20818

Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.

7.8CVSS7.6AI score0.00076EPSS

CVE•added 2024/02/06 3:15 a.m.•57 views

CVE-2024-20810

Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows local attackers to get sensitive information.

3.3CVSS3.9AI score0.00066EPSS

CVE•added 2024/02/06 3:15 a.m.•56 views

CVE-2024-20817

Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.

7.8CVSS7.6AI score0.00076EPSS

CVE•added 2024/03/05 5:15 a.m.•55 views

CVE-2024-20830

Incorrect default permission in AppLock prior to SMR MAr-2024 Release 1 allows local attackers to configure AppLock settings.

5.3CVSS5.1AI score0.00086EPSS

CVE•added 2024/07/02 10:15 a.m.•55 views

CVE-2024-20893

Improper input validation in libmediaextractorservice.so prior to SMR Jul-2024 Release 1 allows local attackers to trigger memory corruption.

7.8CVSS6.8AI score0.00043EPSS

CVE•added 2024/01/04 1:15 a.m.•54 views

CVE-2024-20805

Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.

5.5CVSS5.4AI score0.00069EPSS

CVE•added 2024/02/06 3:15 a.m.•53 views

CVE-2024-20814

Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows local attackers access unauthorized information.

5.5CVSS5.3AI score0.00053EPSS

CVE•added 2024/07/02 10:15 a.m.•53 views

CVE-2024-20888

Improper access control in OneUIHome prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.

7.8CVSS6.8AI score0.00026EPSS

CVE•added 2024/04/02 3:15 a.m.•52 views

CVE-2024-20848

Improper Input Validation vulnerability in text parsing implementation of libsdffextractor prior to SMR Apr-2024 Release 1 allows local attackers to write out-of-bounds memory.

7.8CVSS6.5AI score0.00058EPSS

CVE•added 2024/06/04 7:15 a.m.•52 views

CVE-2024-20883

Incorrect use of privileged API vulnerability in registerBatteryStatsCallback in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API.

7.8CVSS6.8AI score0.00134EPSS

CVE•added 2024/03/05 5:15 a.m.•51 views

CVE-2024-20836

Out of bounds Read vulnerability in ssmis_get_frm in libsubextractor.so prior to SMR Mar-2024 Release 1 allows local attackers to read out of bounds memory.

5.5CVSS3.9AI score0.00095EPSS

CVE•added 2024/03/05 5:15 a.m.•50 views

CVE-2023-52432

Improper input validation in IpcTxSndSetLoopbackCtrl in libsec-ril prior to SMR Sep-2023 Release 1 allows local attackers to write out-of-bounds memory.

7.1CVSS5.6AI score0.0006EPSS

CVE•added 2024/03/05 5:15 a.m.•50 views

CVE-2024-20834

The sensitive information exposure vulnerability in WlanTest prior to SMR Mar-2024 Release 1 allows local attackers to access MAC address without proper permission.

3.3CVSS3.7AI score0.0011EPSS

CVE•added 2024/07/02 10:15 a.m.•50 views

CVE-2024-20900

Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to enter MTP mode without proper authentication.

4CVSS7AI score0.00024EPSS

CVE•added 2024/05/07 5:15 a.m.•49 views

CVE-2024-20865

Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary images.

6.8CVSS6.7AI score0.0006EPSS

CVE•added 2024/05/07 5:15 a.m.•49 views

CVE-2024-20866

Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical attackers to skip activation step.

6.6CVSS6.5AI score0.00037EPSS

CVE•added 2024/07/02 10:15 a.m.•49 views

CVE-2024-20892

Improper verification of signature in FilterProvider prior to SMR Jul-2024 Release 1 allows local attackers to execute privileged behaviors. User interaction is required for triggering this vulnerability.

7.8CVSS7.1AI score0.00014EPSS

CVE•added 2024/07/02 10:15 a.m.•49 views

CVE-2024-20897

Use of implicit intent for sensitive communication in FCM function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.

5.5CVSS6.8AI score0.00039EPSS

CVE•added 2024/03/05 5:15 a.m.•48 views

CVE-2024-20835

Improper access control vulnerability in CustomFrequencyManagerService prior to SMR Mar-2024 Release 1 allows local attackers to execute privileged behaviors.

7.8CVSS4.5AI score0.0007EPSS

CVE•added 2024/04/02 3:15 a.m.•48 views

CVE-2024-20847

Improper Access Control vulnerability in StorageManagerService prior to SMR Apr-2024 Release 1 allows local attackers to read sdcard information.

4CVSS6.4AI score0.00081EPSS

CVE•added 2024/07/02 10:15 a.m.•48 views

CVE-2024-20895

Improper access control in Dar service prior to SMR Jul-2024 Release 1 allows local attackers to bypass restriction for calling SDP features.

7.7CVSS6.9AI score0.00046EPSS

CVE•added 2024/07/02 10:15 a.m.•48 views

CVE-2024-20898

Use of implicit intent for sensitive communication in SoftphoneClient in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.

5.5CVSS6.8AI score0.00036EPSS

CVE•added 2024/12/03 6:15 a.m.•48 views

CVE-2024-49413

Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.

7.8CVSS6.8AI score0.0003EPSS

CVE•added 2024/02/06 3:15 a.m.•47 views

CVE-2024-20811

Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer.

5.1CVSS4AI score0.00047EPSS

CVE•added 2024/05/07 5:15 a.m.•47 views

CVE-2024-20855

Improper access control vulnerability in multitasking framework prior to SMR May-2024 Release 1 allows physical attackers to access unlocked screen for a while.

2.4CVSS6.4AI score0.00174EPSS

CVE•added 2024/05/07 5:15 a.m.•47 views

CVE-2024-20856

Improper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows physical attackers to access Secure Folder without proper authentication in a specific scenario.

4.3CVSS6.6AI score0.00153EPSS

CVE•added 2024/05/07 5:15 a.m.•47 views

CVE-2024-20858

Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.

5.5CVSS6.2AI score0.00074EPSS

CVE•added 2024/05/07 5:15 a.m.•47 views

CVE-2024-20860

Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper permission.

4CVSS6.5AI score0.00086EPSS

CVE•added 2024/07/02 10:15 a.m.•47 views

CVE-2024-20896

Use of implicit intent for sensitive communication in Configuration message prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.

5.5CVSS6.8AI score0.00041EPSS

CVE•added 2024/07/02 10:15 a.m.•47 views

CVE-2024-34590

Improper input validation혻in parsing an item type from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.

5.3CVSS4.9AI score0.00297EPSS

CVE•added 2024/05/07 5:15 a.m.•46 views

CVE-2024-20861

Use after free vulnerability in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to cause memory corruption.

6.7CVSS6.8AI score0.00068EPSS

CVE•added 2024/05/07 5:15 a.m.•46 views

CVE-2024-20862

Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code.

6.7CVSS7.2AI score0.00041EPSS

CVE•added 2024/04/02 3:15 a.m.•45 views

CVE-2024-20846

Out-of-bounds write vulnerability while decoding hcr of libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code.

7.8CVSS7.3AI score0.00061EPSS

CVE•added 2024/05/07 5:15 a.m.•45 views

CVE-2024-20857

Improper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.

5.5CVSS6.2AI score0.00074EPSS

CVE•added 2024/05/07 5:15 a.m.•45 views

CVE-2024-20863

Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code.

6.7CVSS7.3AI score0.00055EPSS

CVE•added 2024/05/07 5:15 a.m.•45 views

CVE-2024-20864

Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system resources.

5.5CVSS6.5AI score0.00096EPSS

CVE•added 2024/06/04 7:15 a.m.•45 views

CVE-2024-20884

Incorrect use of privileged API vulnerability in getSemBatteryUsageStats in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API.

7.8CVSS6.8AI score0.0014EPSS

CVE•added 2024/07/02 10:15 a.m.•45 views

CVE-2024-20891

Improper access control in launchFullscreenIntent of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.

7.8CVSS6.8AI score0.00035EPSS

CVE•added 2024/07/08 7:15 a.m.•45 views

CVE-2024-34603

Improper access control in Samsung Message prior to SMR Jul-2024 Release 1 allows local attackers to access location data.

5.5CVSS4.3AI score0.00036EPSS

CVE•added 2024/04/02 3:15 a.m.•44 views

CVE-2024-20842

Improper Input Validation vulnerability in handling apdu of libsec-ril prior to SMR Apr-2024 Release 1 allows local privileged attackers to write out-of-bounds memory.

6.7CVSS6.5AI score0.00038EPSS

CVE•added 2024/05/07 5:15 a.m.•44 views

CVE-2024-20859

Improper access control vulnerability in FactoryCamera prior to SMR May-2024 Release 1 allows local attackers to take pictures without privilege.

5.5CVSS6.5AI score0.00077EPSS

CVE•added 2024/07/02 10:15 a.m.•44 views

CVE-2024-34594

Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local attackers to read kernel memory address.

5.5CVSS6.2AI score0.00038EPSS

Total number of security vulnerabilities141