| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackers to access notification images. |
| Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch arbitrary activities with SmartManagerCN privilege. |
| Improper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1 allows local attackers to manipulate VoWiFi related behaviors. |
| Use of implicit intent for sensitive communication in Wi-Fi P2P service prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. |
| Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileged api. |
| Improper handling of insufficient permission or privileges in sepunion service prior to SMR May-2025 Release 1 allows local privileged attackers to access files with system privilege. |
| Improper handling of insufficient permission in SpenGesture service prior to SMR May-2025 Release 1 allows local attackers to track the S Pen position. |
| Out-of-bounds write in memory initialization in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory. |
| Out-of-bounds write in parsing media files in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory. |
| Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. |
| Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code. |
| Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code. |
| Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability. |
| Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN. |
| Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory. |
| Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow. |
| Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege. |
| Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows local attackers to get sensitive information. |
| Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13) allows attackers to access sensitive information via implicit intent. |
| The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent. |
