Summary
| Detail | |||
|---|---|---|---|
| Vendor | Samsung | First view | 2023-02-09 |
| Product | Android | Last view | 2025-02-04 |
| Version | 12.0 | Type | Os |
| Update | smr-oct-2023-r1 | ||
| Edition | * | ||
| Language | * | ||
| Sofware Edition | * | ||
| Target Software | * | ||
| Target Hardware | * | ||
| Other | * | ||
| CPE Product | cpe:2.3:o:samsung:android | ||
Activity : Overall
Related : CVE
| Date | Alert | Description | |
|---|---|---|---|
| 4.4 | 2025-02-04 | CVE-2025-20907 | Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find. |
| 6.7 | 2025-02-04 | CVE-2025-20905 | Out-of-bounds read and write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to read and write out-of-bounds memory. |
| 6.7 | 2025-02-04 | CVE-2025-20904 | Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to cause memory corruption. |
| 5.5 | 2025-02-04 | CVE-2025-20891 | Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability. |
| 7.8 | 2025-02-04 | CVE-2025-20890 | Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability. |
| 5.5 | 2025-02-04 | CVE-2025-20889 | Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability. |
| 7.8 | 2025-02-04 | CVE-2025-20888 | Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability. |
| 5.5 | 2025-02-04 | CVE-2025-20887 | Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability. |
| 4.4 | 2025-02-04 | CVE-2025-20886 | Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key. |
| 6.7 | 2025-02-04 | CVE-2025-20885 | Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption. |
| 4.6 | 2025-02-04 | CVE-2025-20884 | Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles. |
| 4.6 | 2025-02-04 | CVE-2025-20883 | Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles. |
| 7.8 | 2025-02-04 | CVE-2025-20882 | Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability. |
| 7.8 | 2025-02-04 | CVE-2025-20881 | Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability. |
| 9.8 | 2024-12-03 | CVE-2024-49415 | Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code. |
| 2.4 | 2024-12-03 | CVE-2024-49414 | Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list. |
| 4.6 | 2024-12-03 | CVE-2024-49411 | Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege. |
| 7.8 | 2024-12-03 | CVE-2024-49410 | Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code. |
| 5.5 | 2024-11-06 | CVE-2024-34680 | Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information. |
| 7.8 | 2024-11-06 | CVE-2024-34678 | Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. |
| 3.3 | 2024-11-06 | CVE-2024-34677 | Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate. |
| 7.3 | 2024-11-06 | CVE-2024-34676 | Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. User interaction is required for triggering this vulnerability. |
| 4.6 | 2024-11-06 | CVE-2024-34674 | Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles. |
| 5.5 | 2024-11-06 | CVE-2024-34673 | Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service. |
| 8.8 | 2024-10-08 | CVE-2024-34669 | Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. |
CWE : Common Weakness Enumeration
| % | id | Name |
|---|---|---|
| 54% (54) | CWE-787 | Out-of-bounds Write |
| 11% (11) | CWE-125 | Out-of-bounds Read |
| 9% (9) | CWE-287 | Improper Authentication |
| 4% (4) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
| 4% (4) | CWE-20 | Improper Input Validation |
| 3% (3) | CWE-276 | Incorrect Default Permissions |
| 2% (2) | CWE-755 | Improper Handling of Exceptional Conditions |
| 2% (2) | CWE-668 | Exposure of Resource to Wrong Sphere |
| 2% (2) | CWE-416 | Use After Free |
| 2% (2) | CWE-190 | Integer Overflow or Wraparound |
| 1% (1) | CWE-552 | Files or Directories Accessible to External Parties |
| 1% (1) | CWE-532 | Information Leak Through Log Files |
| 1% (1) | CWE-347 | Improper Verification of Cryptographic Signature |
| 1% (1) | CWE-345 | Insufficient Verification of Data Authenticity |
| 1% (1) | CWE-295 | Certificate Issues |
| 1% (1) | CWE-269 | Improper Privilege Management |
