Summary
Detail | |||
---|---|---|---|
Vendor | Samsung | First view | 2023-02-09 |
Product | Android | Last view | 2024-02-06 |
Version | 11.0 | Type | Os |
Update | smr-nov-2022-r1 | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:samsung:android |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
7.1 | 2024-02-06 | CVE-2024-20820 | Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows local privileged attackers to cause an Out-Of-Bounds read. |
7.8 | 2024-02-06 | CVE-2024-20819 | Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. |
7.8 | 2024-02-06 | CVE-2024-20818 | Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. |
7.8 | 2024-02-06 | CVE-2024-20817 | Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. |
6.5 | 2024-02-06 | CVE-2024-20816 | Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness. |
6.5 | 2024-02-06 | CVE-2024-20815 | Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness. |
5.5 | 2024-02-06 | CVE-2024-20814 | Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows local attackers access unauthorized information. |
7.8 | 2024-02-06 | CVE-2024-20813 | Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code. |
7.8 | 2024-02-06 | CVE-2024-20812 | Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code. |
3.3 | 2024-02-06 | CVE-2024-20811 | Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer. |
5.5 | 2024-01-04 | CVE-2024-20806 | Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data. |
5.5 | 2024-01-04 | CVE-2024-20805 | Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file. |
5.5 | 2024-01-04 | CVE-2024-20804 | Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file. |
6.5 | 2024-01-04 | CVE-2024-20803 | Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction. |
3.3 | 2023-12-05 | CVE-2023-42570 | Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN. |
3.3 | 2023-12-05 | CVE-2023-42569 | Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji. |
4.4 | 2023-12-05 | CVE-2023-42568 | Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system privilege. |
7.8 | 2023-12-05 | CVE-2023-42566 | Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code. |
6.7 | 2023-12-05 | CVE-2023-42565 | Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary code. |
5.5 | 2023-12-05 | CVE-2023-42564 | Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to send broadcast with system privilege. |
7.8 | 2023-12-05 | CVE-2023-42563 | Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow. |
7.8 | 2023-12-05 | CVE-2023-42562 | Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow. |
6.8 | 2023-12-05 | CVE-2023-42561 | Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code. |
7.8 | 2023-12-05 | CVE-2023-42560 | Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary code. |
5.2 | 2023-12-05 | CVE-2023-42559 | Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
44% (39) | CWE-787 | Out-of-bounds Write |
11% (10) | CWE-287 | Improper Authentication |
11% (10) | CWE-20 | Improper Input Validation |
8% (7) | CWE-125 | Out-of-bounds Read |
3% (3) | CWE-532 | Information Leak Through Log Files |
3% (3) | CWE-269 | Improper Privilege Management |
3% (3) | CWE-22 | Improper Limitation of a Pathname to a Restricted Directory ('Path ... |
2% (2) | CWE-668 | Exposure of Resource to Wrong Sphere |
2% (2) | CWE-190 | Integer Overflow or Wraparound |
1% (1) | CWE-755 | Improper Handling of Exceptional Conditions |
1% (1) | CWE-416 | Use After Free |
1% (1) | CWE-345 | Insufficient Verification of Data Authenticity |
1% (1) | CWE-306 | Missing Authentication for Critical Function |
1% (1) | CWE-295 | Certificate Issues |
1% (1) | CWE-276 | Incorrect Default Permissions |
1% (1) | CWE-134 | Uncontrolled Format String |
1% (1) | CWE-120 | Buffer Copy without Checking Size of Input ('Classic Buffer Overflo... |