| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-30725 |
755 |
|
|
2022-06-07 |
2022-06-11 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. |
|
2 |
CVE-2022-30724 |
755 |
|
|
2022-06-07 |
2022-06-11 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. |
|
3 |
CVE-2022-30723 |
755 |
|
|
2022-06-07 |
2022-06-11 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. |
|
4 |
CVE-2022-28783 |
20 |
|
|
2022-05-03 |
2022-05-11 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logic for removing package name. |
|
5 |
CVE-2022-27831 |
125 |
|
|
2022-04-11 |
2022-04-18 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior to SMR Apr-2022 Release 1 allows attackers to read out of bounds memory. |
|
6 |
CVE-2022-23429 |
125 |
|
|
2022-02-11 |
2022-02-18 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application crash. |
|
7 |
CVE-2022-23427 |
|
|
|
2022-02-11 |
2022-02-18 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent. |
|
8 |
CVE-2022-23426 |
|
|
|
2022-02-11 |
2022-02-18 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege. |
|
9 |
CVE-2022-22268 |
552 |
|
|
2022-01-10 |
2022-01-14 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode. |
|
10 |
CVE-2022-22264 |
20 |
|
|
2022-01-10 |
2022-01-14 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without permission. |
|
11 |
CVE-2022-20226 |
1021 |
|
|
2022-07-13 |
2022-07-26 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
In finishDrawingWindow of WindowManagerService.java, there is a possible tapjacking due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213644870 |
|
12 |
CVE-2022-20221 |
125 |
|
|
2022-07-13 |
2022-07-25 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
In avrc_ctrl_pars_vendor_cmd of avrc_pars_ct.cc, there is a possible out of bounds read due to improper input validation. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-12LAndroid ID: A-205571133 |
|
13 |
CVE-2022-20010 |
125 |
|
|
2022-05-10 |
2022-05-16 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-213519176 |
|
14 |
CVE-2021-39805 |
668 |
|
|
2022-04-12 |
2022-04-20 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
In l2cble_process_sig_cmd of l2c_ble.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure through Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12 Android-12LAndroid ID: A-212694559 |
|
15 |
CVE-2021-30162 |
|
|
Bypass |
2021-04-06 |
2021-04-13 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021). |
|
16 |
CVE-2021-25490 |
|
|
|
2021-10-06 |
2022-08-01 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process. |
|
17 |
CVE-2021-25482 |
89 |
|
Sql |
2021-10-06 |
2021-10-13 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information. |
|
18 |
CVE-2021-25450 |
22 |
|
Dir. Trav. |
2021-09-09 |
2021-09-22 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
Partial |
None |
|
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket. |
|
19 |
CVE-2021-25430 |
287 |
|
|
2021-07-08 |
2021-07-14 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application. |
|
20 |
CVE-2021-25429 |
269 |
|
|
2021-07-08 |
2021-07-14 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application. |
|
21 |
CVE-2021-25427 |
89 |
|
Sql |
2021-07-08 |
2021-07-14 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access to paired device information |
|
22 |
CVE-2021-25410 |
863 |
|
|
2021-06-11 |
2021-10-18 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege. |
|
23 |
CVE-2021-25389 |
287 |
|
|
2021-06-11 |
2021-06-17 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication. |
|
24 |
CVE-2021-25388 |
354 |
|
|
2021-06-11 |
2021-06-16 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app. |
|
25 |
CVE-2021-25382 |
|
|
|
2021-04-23 |
2022-10-25 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command. |
|
26 |
CVE-2021-25363 |
269 |
|
|
2021-04-09 |
2021-04-26 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files. |
|
27 |
CVE-2021-25362 |
269 |
|
|
2021-04-09 |
2021-04-26 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local files. |
|
28 |
CVE-2021-0963 |
1021 |
|
|
2021-12-15 |
2021-12-17 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
In onCreate of KeyChainActivity.java, there is a possible way to use an app certificate stored in keychain due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10 Android-11 Android-12 Android-9Android ID: A-199754277 |
|
29 |
CVE-2021-0632 |
125 |
|
|
2021-10-25 |
2021-10-26 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker under certain build conditions with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05560246; Issue ID: ALPS05551383. |
|
30 |
CVE-2021-0582 |
125 |
|
|
2021-08-17 |
2021-08-24 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187149601 |
|
31 |
CVE-2021-0581 |
125 |
|
|
2021-08-17 |
2021-08-24 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187231638 |
|
32 |
CVE-2021-0580 |
125 |
|
|
2021-08-17 |
2021-08-24 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187231637 |
|
33 |
CVE-2021-0579 |
125 |
|
|
2021-08-17 |
2021-08-24 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187231636 |
|
34 |
CVE-2021-0578 |
125 |
|
|
2021-08-17 |
2021-08-24 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
In wifi driver, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android SoCAndroid ID: A-187161772 |
|
35 |
CVE-2021-0504 |
125 |
|
|
2021-06-21 |
2021-06-22 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-179162665 |
|
36 |
CVE-2020-13838 |
287 |
|
|
2020-06-04 |
2021-07-21 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. The DeX Lockscreen feature does not block access to Quick Panel and notifications. The Samsung ID is SVE-2020-17187 (June 2020). |
|
37 |
CVE-2020-13837 |
287 |
|
|
2020-06-04 |
2021-07-21 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
|
An issue was discovered on Samsung mobile devices with Q(10.0) software. The Lockscreen feature does not block Quick Panel access to Music Share. The Samsung ID is SVE-2020-17145 (June 2020). |
|
38 |
CVE-2020-0282 |
125 |
|
|
2020-09-18 |
2020-09-21 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction are needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-144506224 |
|
39 |
CVE-2020-0281 |
125 |
|
|
2020-09-18 |
2020-09-21 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
In NFC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure. System execution privileges, a Firmware compromise, and User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-137857778 |
|
40 |
CVE-2020-0196 |
20 |
|
DoS |
2020-06-11 |
2020-06-15 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
None |
Partial |
|
In RegisterNotificationResponse::GetEvent of register_notification_packet.cc, there is a possible abort due to improper input validation. This could lead to remote denial of service of the Bluetooth service, over Bluetooth, with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-144066833 |
|
41 |
CVE-2020-0159 |
125 |
|
|
2020-06-11 |
2020-06-11 |
3.5 |
None |
Remote |
Medium |
??? |
Partial |
None |
None |
|
In rw_mfc_writeBlock of rw_mfc.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-10Android ID: A-140768035 |
|
42 |
CVE-2020-0017 |
200 |
|
+Info |
2020-02-13 |
2021-07-21 |
3.3 |
None |
Local |
Medium |
Not required |
Partial |
Partial |
None |
|
In multiple places, it was possible for the primary user’s dictionary to be visible to and modifiable by secondary users. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android-8.1 Android-9 Android-10Android ID: A-123232892 |
|
43 |
CVE-2020-0003 |
367 |
|
Bypass |
2020-01-08 |
2022-10-14 |
3.7 |
None |
Local |
High |
Not required |
Partial |
Partial |
Partial |
|
In onCreate of InstallStart.java, there is a possible package validation bypass due to a time-of-check time-of-use vulnerability. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android Versions: Android-8.0 Android ID: A-140195904 |
|
44 |
CVE-2019-20609 |
200 |
|
+Info |
2020-03-24 |
2021-07-21 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can use Smartwatch to view Secure Folder notification content. The Samsung ID is SVE-2019-13899 (April 2019). |
|
45 |
CVE-2019-20531 |
125 |
|
|
2020-03-24 |
2020-03-27 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
An issue was discovered on Samsung mobile devices with P(9.0) (Exynos chipsets) software. The Wi-Fi kernel drivers have an out-of-bounds Read. The Samsung IDs are SVE-2019-15692, SVE-2019-15693 (December 2019). |
|
46 |
CVE-2019-9461 |
|
|
|
2019-09-06 |
2022-01-01 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
In the Android kernel in VPN routing there is a possible information disclosure. This could lead to remote information disclosure by an adjacent network attacker with no additional execution privileges needed. User interaction is not needed for exploitation. |
|
47 |
CVE-2019-2227 |
125 |
|
|
2019-12-06 |
2019-12-09 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
In DeepCopy of btif_av.cc, there is a possible out of bounds read due to improper casting. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10Android ID: A-140768453 |
|
48 |
CVE-2019-1996 |
125 |
|
|
2019-02-28 |
2019-03-01 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure over Bluetooth with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android-8.0 Android-8.1 Android-9. Android ID: A-111451066. |
|
49 |
CVE-2018-21092 |
20 |
|
|
2020-04-08 |
2020-04-09 |
3.3 |
None |
Local Network |
Low |
Not required |
None |
Partial |
None |
|
An issue was discovered on Samsung mobile devices with M(6.x) and N(7.x) software. A crafted AT command may be sent by the DeviceTest application via an NFC tag. The Samsung ID is SVE-2017-10885 (January 2018). |
|
50 |
CVE-2018-11293 |
125 |
|
|
2018-09-18 |
2018-11-09 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
In all android releases (Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, in wma_ndp_confirm_event_handler and wma_ndp_indication_event_handler, ndp_cfg len and num_ndp_app_info is from fw. If they are not checked, it may cause buffer over-read once the value is too large. |
