This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Samsung First view 2023-02-09
Product Android Last view 2023-12-05
Version 10.0 Type Os
Update smr-oct-2020-r1  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:o:samsung:android

Activity : Overall

Related : CVE

  Date Alert Description
3.3 2023-12-05 CVE-2023-42570

Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN.

3.3 2023-12-05 CVE-2023-42569

Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji.

4.4 2023-12-05 CVE-2023-42568

Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system privilege.

7.8 2023-12-05 CVE-2023-42566

Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code.

6.7 2023-12-05 CVE-2023-42565

Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary code.

5.5 2023-12-05 CVE-2023-42564

Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to send broadcast with system privilege.

7.8 2023-12-05 CVE-2023-42563

Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.

7.8 2023-12-05 CVE-2023-42562

Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.

6.8 2023-12-05 CVE-2023-42561

Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code.

7.8 2023-12-05 CVE-2023-42560

Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary code.

5.2 2023-12-05 CVE-2023-42559

Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time.

6.7 2023-12-05 CVE-2023-42557

Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system attackers to execute arbitrary code.

5.5 2023-12-05 CVE-2023-42556

Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1 allows attacker to get sensitive information.

5.5 2023-02-09 CVE-2023-21441

Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12) allows local attacker to access protected files via unused code.

5.5 2023-02-09 CVE-2023-21437

Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast.

3.3 2023-02-09 CVE-2023-21436

Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID.

7.8 2023-02-09 CVE-2023-21430

An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR JAN-2023 Release 1 allows attacker to cause memory access fault.

3.3 2023-02-09 CVE-2023-21429

Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID.

5.5 2023-02-09 CVE-2023-21426

Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN.

5.5 2023-02-09 CVE-2023-21425

Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information.

7.8 2023-02-09 CVE-2023-21421

Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.

7.8 2023-02-09 CVE-2023-21420

Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution.

CWE : Common Weakness Enumeration

%idName
28% (4) CWE-787 Out-of-bounds Write
14% (2) CWE-287 Improper Authentication
14% (2) CWE-190 Integer Overflow or Wraparound
7% (1) CWE-798 Use of Hard-coded Credentials
7% (1) CWE-755 Improper Handling of Exceptional Conditions
7% (1) CWE-345 Insufficient Verification of Data Authenticity
7% (1) CWE-269 Improper Privilege Management
7% (1) CWE-134 Uncontrolled Format String
7% (1) CWE-125 Out-of-bounds Read