Version 14.0

CVE-2024-49415

Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.

HIGH CVSS 8.1 Published Dec 03, 2024

CVE-2024-49414

Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list.

LOW CVSS 2.4 Published Dec 03, 2024

CVE-2024-49413

Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.

HIGH CVSS 7.1 Published Dec 03, 2024

CVE-2024-49411

Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege.

MEDIUM CVSS 4.3 Published Dec 03, 2024

CVE-2024-34669

Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

HIGH CVSS 7.5 Published Oct 08, 2024

CVE-2024-34652

Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to access information related to performance including app usage.

MEDIUM CVSS 4.0 Published Sep 04, 2024

CVE-2024-34651

Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access restricted data in My Files.

MEDIUM CVSS 6.2 Published Sep 04, 2024

CVE-2024-34650

Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to Edge panel.

MEDIUM CVSS 4.0 Published Sep 04, 2024

CVE-2024-34649

Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access an unlocked screen.

LOW CVSS 2.4 Published Sep 04, 2024

CVE-2024-34648

Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allows local attackers to access sensitive data.

MEDIUM CVSS 5.1 Published Sep 04, 2024

CVE-2024-34647

Incorrect use of privileged API in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to knox without proper license.

MEDIUM CVSS 4.0 Published Sep 04, 2024

CVE-2024-34646

Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to cause local permanent denial of service.

MEDIUM CVSS 6.6 Published Sep 04, 2024

CVE-2024-34644

Improper access control in item selection related in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability.

MEDIUM CVSS 4.4 Published Sep 04, 2024

CVE-2024-34643

Improper access control in key input related function in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability.

MEDIUM CVSS 4.4 Published Sep 04, 2024

CVE-2024-34642

Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access sensitive information.

MEDIUM CVSS 4.6 Published Sep 04, 2024

CVE-2024-34641

Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuration.

MEDIUM CVSS 5.1 Published Sep 04, 2024

CVE-2024-34639

Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows physical attackers to bypass proper validation.

MEDIUM CVSS 4.6 Published Sep 04, 2024

CVE-2024-34620

Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1 allows local attackers to start privileged service.

HIGH CVSS 8.4 Published Aug 07, 2024

CVE-2024-34610

Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1 allows local attackers to access protected data.

MEDIUM CVSS 5.1 Published Aug 07, 2024

CVE-2024-34595

Improper access control in clickAdapterItem of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.

HIGH CVSS 7.8 Published Jul 02, 2024

CVE-2024-34593

Improper input validation in parsing and distributing RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

HIGH CVSS 7.5 Published Jul 02, 2024

CVE-2024-34592

Improper input validation in parsing RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.

MEDIUM CVSS 5.3 Published Jul 02, 2024

CVE-2024-34585

Improper access control in launchApp of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.

HIGH CVSS 7.8 Published Jul 02, 2024

CVE-2024-20891

Improper access control in launchFullscreenIntent of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.

HIGH CVSS 7.8 Published Jul 02, 2024

CVE-2024-20889

Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair with devices.

MEDIUM CVSS 5.9 Published Jul 02, 2024

CVE-2024-20888

Improper access control in OneUIHome prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.

HIGH CVSS 7.8 Published Jul 02, 2024

CVE-2024-20878

Heap out-of-bound write vulnerability in parsing grid image in libsavscmn.so prior to SMR June-2024 Release 1 allows local attackers to execute arbitrary code.

HIGH CVSS 7.3 Published Jun 04, 2024

CVE-2024-20877

Heap out-of-bound write vulnerability in parsing grid image header in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers to execute arbitrary code.

HIGH CVSS 7.3 Published Jun 04, 2024

CVE-2024-20876

Improper input validation in libsheifdecadapter.so prior to SMR Jun-2024 Release 1 allows local attackers to lead to memory corruption.

MEDIUM CVSS 6.1 Published Jun 04, 2024

CVE-2024-20874

Improper access control vulnerability in SmartManagerCN prior to SMR Jun-2024 Release 1 allows local attackers to launch privileged activities.

HIGH CVSS 7.9 Published Jun 04, 2024

CVE-2024-20864

Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system resources.

MEDIUM CVSS 5.5 Published May 07, 2024

CVE-2024-20861

Use after free vulnerability in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to cause memory corruption.

MEDIUM CVSS 6.0 Published May 07, 2024

CVE-2024-20857

Improper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.

MEDIUM CVSS 4.0 Published May 07, 2024

CVE-2024-20847

Improper Access Control vulnerability in StorageManagerService prior to SMR Apr-2024 Release 1 allows local attackers to read sdcard information.

MEDIUM CVSS 4.0 Published Apr 02, 2024

CVE-2024-20835

Improper access control vulnerability in CustomFrequencyManagerService prior to SMR Mar-2024 Release 1 allows local attackers to execute privileged behaviors.

MEDIUM CVSS 4.0 Published Mar 05, 2024

CVE-2024-20831

Stack overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary code.

MEDIUM CVSS 6.4 Published Mar 05, 2024