Search criteria
12 vulnerabilities found for myfiles by samsung
FKIE_CVE-2025-20926
Vulnerability from fkie_nvd - Published: 2025-03-06 05:15 - Updated: 2025-10-03 00:35
Severity ?
Summary
Improper export of Android application components in My Files prior to version 15.0.07.5 in Android 14 allows local attackers to access files with My Files' privilege.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:myfiles:*:*:*:*:*:*:*:*",
"matchCriteriaId": "944DBB5D-0842-4E28-B244-A5209457E07B",
"versionEndExcluding": "15.0.07.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2700BCC5-634D-4EC6-AB67-5B678D5F951D",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper export of Android application components in My Files prior to version 15.0.07.5 in Android 14 allows local attackers to access files with My Files\u0027 privilege."
},
{
"lang": "es",
"value": "La exportaci\u00f3n incorrecta de componentes de aplicaciones de Android en Mis Archivos anteriores a la versi\u00f3n 15.0.07.5 en Android 14 permite a atacantes locales acceder a archivos con el privilegio de Mis Archivos."
}
],
"id": "CVE-2025-20926",
"lastModified": "2025-10-03T00:35:30.317",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "mobile.security@samsung.com",
"type": "Secondary"
}
]
},
"published": "2025-03-06T05:15:20.383",
"references": [
{
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=03"
}
],
"sourceIdentifier": "mobile.security@samsung.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-20805
Vulnerability from fkie_nvd - Published: 2024-01-04 01:15 - Updated: 2025-06-03 15:15
Severity ?
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:android:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "DA3806E2-A780-4BB5-B4DC-D015D841E4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-apr-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "8D2D0083-0A85-47F7-A42D-2040A3BEC132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-apr-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "0332BF16-0F1F-4733-ABCE-A1EA1366A5D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "D7120696-2440-44EC-B3A4-6FCBB4A60A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-aug-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "A3658A42-BCA9-4188-8B36-3C6599BBF83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-aug-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "D0E55E09-C2C9-43D1-8A1A-6D02F544E34A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-aug-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "693D72EF-1531-4C15-B105-2DEBE02D30F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-dec-2020-r1:*:*:*:*:*:*",
"matchCriteriaId": "C26195A5-31BE-4116-8F31-9F25BE57AB52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-dec-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "4C6114C5-C175-45E7-821E-6BA218F923DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "58BA232B-8D39-473A-91D0-D3AC03FDE8FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-dec-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "62105EDB-0A60-4153-9F3F-7635CC8756FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-feb-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "25B42CE0-67DE-4611-8D70-DEEC975E32BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-feb-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "AF2EADA0-5976-4711-A7A5-61594F3E2FEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "6B59145B-5506-477C-8F9C-ABB0CE2CF631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jan-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "AC082E25-1B7D-473D-A066-1463E6321CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jan-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "655BEA94-9A83-4A56-8DDE-79ADC821C707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "B894D0C1-E66E-44B0-8FCA-2EE4290C4173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jul-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "2B088DE9-31F1-4737-8BC8-CC406F208ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jul-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "899F6BD2-47AF-4ADA-935D-90AB069E9BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jul-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "60281652-A1DF-4EA4-8CD3-6DCA43F6162F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jun-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "C2592B14-B3B7-4C85-88E8-5E12F6F50ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jun-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "40A783AA-91E7-426B-8A78-4EBE5D69A602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jun-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "4F46F8F7-0EBA-4D2F-AC53-4BB5956D7B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-mar-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "BA51F5D5-D18D-426C-B09F-EE12CE11E9FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-mar-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "53968A3C-6E71-42B8-8671-6730D8C85603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "FFB0F9B9-C60D-40CC-AC7D-FDB288EB2264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-may-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "6C946853-D56D-457C-A1CB-AD1A5BD56C41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-may-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "B35EB1D3-2F29-4A5C-AC9A-6ED72A2E22D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "1DD6CFD3-5341-4069-B4FC-A5E07F13A63F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-nov-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "9BD8E899-427B-47D2-9168-446B0249868F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "E923AF0F-34BA-40FE-AA20-B01366263B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-nov-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "16A17CC3-7BA2-497C-835B-907B629A1B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-oct-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "78B14D1F-C536-4816-A076-B074E41EB0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "AF2D00F4-B521-4D8F-84F8-DCE45B6349A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-oct-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "644444DC-1247-45FC-A2B9-223D9ED55AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-sep-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "548BCC15-C6D8-4AE7-B167-4DD74382097B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-sep-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "9C2B6E53-CC07-4590-ADFA-CEF7DB0F4EB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-sep-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "9BF31CC5-E850-4B7E-BA43-6B1ED560DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D757450C-270E-4FB2-A50C-7F769FED558A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-apr-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "EC4A2EBA-038B-44D5-84F3-FF326CD1C62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "40EB3FC1-D79A-40C7-9E2B-573E20780982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-aug-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "0ABFBBDB-E935-4C54-865A-0E607497DA87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-aug-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "7B738B6B-78CE-4618-B70D-6BC9ED453105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "3899E3E7-1284-4223-A258-DA691F5D62FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "ECD961EA-6881-4A14-83DE-C6972F6F681C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "18940389-1FBD-48B2-BCF0-1D709C2C3045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-feb-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "011CC4F5-6701-41E9-BC7D-CFE6EFF682AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "13E145E2-CE11-4EE5-9085-B4960FE4F52F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jan-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "A3BBC8B6-1D2B-47C9-93EE-3D3DC43062F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "02600CDD-6862-4146-88E8-A2E73B7ED534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jul-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "35F40D59-034B-44FB-8DCD-D469B50DE7E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jul-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "CC84021B-9846-40FB-834B-7C5BECEFFEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jun-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "BC3F8572-578B-4D19-9453-1D03DA55EF70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jun-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "EEABF42E-578E-4689-B80D-B305467AA72D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-mar-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "9137C66C-4966-4C90-ABE9-7E22F7E29BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "E261C9D8-1E74-44B8-9F11-F5769CF8B7FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-may-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "18CD523B-530E-4187-8BFF-729CDAC69282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "4C28D3CD-DD34-4334-B03F-794B31A4BF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "5A81C86D-F1FE-4166-8F37-D7170E6B30FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "A3D80783-523A-455E-B1AD-0961086F79E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "D5EF09DB-023A-40CB-9C94-020172383EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "89BE2958-0BEE-4CFD-A0BA-494DE62E7F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-oct-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "5C5B44E9-BA5B-4CFB-8452-B52B6CC833F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-sep-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "B0329C50-B904-480D-8EBB-F2757049FC81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-sep-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "E1553CEA-FCF4-4A9C-85FE-F7DB7A500443",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:myfiles:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C2B965-082D-49FE-9621-B406845409AB",
"versionEndExcluding": "14.5.00.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A123EDB1-3048-44B0-8D4D-39A2B24B5F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "70825981-F895-4BFD-9B6E-92BFF0D67023",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-aug-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "88DC0A82-CAF3-4E88-8A4D-8AF79D0C226D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "299284DA-85AB-4162-B858-E67E5C6C14F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "38B7AB56-AB65-4557-A91C-40CA2FD12351",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "D98F307E-3B01-4C17-86E5-1C6299919417",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "7D7DA96D-9C25-4DDA-A6BF-D998AC346B89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jul-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "34114DDC-DCDA-4306-8D23-2E628873171F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jun-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "85E4E8C1-749F-4A1C-8333-6BAFBF8B64D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "5F73D594-178F-4FC8-9F40-0E545E2647B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "3F3EF3F1-4E54-46E3-A308-69656A29FBD2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "D2B24866-2B3A-4A1A-8B75-EF7A7541797A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-nov-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "3D30C02C-91FB-4D29-AF49-7903158E8FEB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "EBB29F18-A929-432B-B20C-365401E6CA12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-oct-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "2B6D9064-844B-4D3F-AAE4-D170DF45EF8D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-sep-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "C581B7EE-CD08-4D6E-8858-EA8FA631F84C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file."
},
{
"lang": "es",
"value": "Vulnerabilidad de path traversal en ZipCompressor de MyFiles antes de SMR, enero de 2024, versi\u00f3n 1 en Android 11 y Android 12, y la versi\u00f3n 14.5.00.21 en Android 13, permite a los atacantes escribir archivos arbitrarios."
}
],
"id": "CVE-2024-20805",
"lastModified": "2025-06-03T15:15:55.220",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "mobile.security@samsung.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-04T01:15:09.550",
"references": [
{
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024\u0026month=01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024\u0026month=01"
}
],
"sourceIdentifier": "mobile.security@samsung.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-20804
Vulnerability from fkie_nvd - Published: 2024-01-04 01:15 - Updated: 2024-11-21 08:53
Severity ?
4.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Summary
Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:android:11.0:-:*:*:*:*:*:*",
"matchCriteriaId": "DA3806E2-A780-4BB5-B4DC-D015D841E4C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-apr-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "8D2D0083-0A85-47F7-A42D-2040A3BEC132",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-apr-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "0332BF16-0F1F-4733-ABCE-A1EA1366A5D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "D7120696-2440-44EC-B3A4-6FCBB4A60A12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-aug-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "A3658A42-BCA9-4188-8B36-3C6599BBF83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-aug-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "D0E55E09-C2C9-43D1-8A1A-6D02F544E34A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-aug-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "693D72EF-1531-4C15-B105-2DEBE02D30F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-dec-2020-r1:*:*:*:*:*:*",
"matchCriteriaId": "C26195A5-31BE-4116-8F31-9F25BE57AB52",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-dec-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "4C6114C5-C175-45E7-821E-6BA218F923DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "58BA232B-8D39-473A-91D0-D3AC03FDE8FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-dec-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "62105EDB-0A60-4153-9F3F-7635CC8756FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-feb-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "25B42CE0-67DE-4611-8D70-DEEC975E32BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-feb-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "AF2EADA0-5976-4711-A7A5-61594F3E2FEB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "6B59145B-5506-477C-8F9C-ABB0CE2CF631",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jan-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "AC082E25-1B7D-473D-A066-1463E6321CD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jan-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "655BEA94-9A83-4A56-8DDE-79ADC821C707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "B894D0C1-E66E-44B0-8FCA-2EE4290C4173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jul-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "2B088DE9-31F1-4737-8BC8-CC406F208ACB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jul-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "899F6BD2-47AF-4ADA-935D-90AB069E9BA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jul-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "60281652-A1DF-4EA4-8CD3-6DCA43F6162F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jun-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "C2592B14-B3B7-4C85-88E8-5E12F6F50ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jun-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "40A783AA-91E7-426B-8A78-4EBE5D69A602",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-jun-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "4F46F8F7-0EBA-4D2F-AC53-4BB5956D7B87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-mar-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "BA51F5D5-D18D-426C-B09F-EE12CE11E9FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-mar-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "53968A3C-6E71-42B8-8671-6730D8C85603",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "FFB0F9B9-C60D-40CC-AC7D-FDB288EB2264",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-may-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "6C946853-D56D-457C-A1CB-AD1A5BD56C41",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-may-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "B35EB1D3-2F29-4A5C-AC9A-6ED72A2E22D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "1DD6CFD3-5341-4069-B4FC-A5E07F13A63F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-nov-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "9BD8E899-427B-47D2-9168-446B0249868F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "E923AF0F-34BA-40FE-AA20-B01366263B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-nov-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "16A17CC3-7BA2-497C-835B-907B629A1B05",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-oct-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "78B14D1F-C536-4816-A076-B074E41EB0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "AF2D00F4-B521-4D8F-84F8-DCE45B6349A1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-oct-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "644444DC-1247-45FC-A2B9-223D9ED55AB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-sep-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "548BCC15-C6D8-4AE7-B167-4DD74382097B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-sep-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "9C2B6E53-CC07-4590-ADFA-CEF7DB0F4EB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:11.0:smr-sep-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "9BF31CC5-E850-4B7E-BA43-6B1ED560DD45",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "D757450C-270E-4FB2-A50C-7F769FED558A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-apr-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "EC4A2EBA-038B-44D5-84F3-FF326CD1C62D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "40EB3FC1-D79A-40C7-9E2B-573E20780982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-aug-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "0ABFBBDB-E935-4C54-865A-0E607497DA87",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-aug-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "7B738B6B-78CE-4618-B70D-6BC9ED453105",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "3899E3E7-1284-4223-A258-DA691F5D62FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "ECD961EA-6881-4A14-83DE-C6972F6F681C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-dec-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "18940389-1FBD-48B2-BCF0-1D709C2C3045",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-feb-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "011CC4F5-6701-41E9-BC7D-CFE6EFF682AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "13E145E2-CE11-4EE5-9085-B4960FE4F52F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jan-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "A3BBC8B6-1D2B-47C9-93EE-3D3DC43062F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "02600CDD-6862-4146-88E8-A2E73B7ED534",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jul-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "35F40D59-034B-44FB-8DCD-D469B50DE7E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jul-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "CC84021B-9846-40FB-834B-7C5BECEFFEAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jun-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "BC3F8572-578B-4D19-9453-1D03DA55EF70",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-jun-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "EEABF42E-578E-4689-B80D-B305467AA72D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-mar-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "9137C66C-4966-4C90-ABE9-7E22F7E29BA7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "E261C9D8-1E74-44B8-9F11-F5769CF8B7FD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-may-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "18CD523B-530E-4187-8BFF-729CDAC69282",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "4C28D3CD-DD34-4334-B03F-794B31A4BF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2021-r1:*:*:*:*:*:*",
"matchCriteriaId": "5A81C86D-F1FE-4166-8F37-D7170E6B30FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "A3D80783-523A-455E-B1AD-0961086F79E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-nov-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "D5EF09DB-023A-40CB-9C94-020172383EEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "89BE2958-0BEE-4CFD-A0BA-494DE62E7F32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-oct-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "5C5B44E9-BA5B-4CFB-8452-B52B6CC833F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-sep-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "B0329C50-B904-480D-8EBB-F2757049FC81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:samsung:android:12.0:smr-sep-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "E1553CEA-FCF4-4A9C-85FE-F7DB7A500443",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:myfiles:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D9C2B965-082D-49FE-9621-B406845409AB",
"versionEndExcluding": "14.5.00.21",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*",
"matchCriteriaId": "A123EDB1-3048-44B0-8D4D-39A2B24B5F6B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-apr-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "70825981-F895-4BFD-9B6E-92BFF0D67023",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-aug-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "88DC0A82-CAF3-4E88-8A4D-8AF79D0C226D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "299284DA-85AB-4162-B858-E67E5C6C14F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-dec-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "38B7AB56-AB65-4557-A91C-40CA2FD12351",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-feb-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "D98F307E-3B01-4C17-86E5-1C6299919417",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jan-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "7D7DA96D-9C25-4DDA-A6BF-D998AC346B89",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jul-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "34114DDC-DCDA-4306-8D23-2E628873171F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-jun-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "85E4E8C1-749F-4A1C-8333-6BAFBF8B64D1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-mar-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "5F73D594-178F-4FC8-9F40-0E545E2647B0",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-may-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "3F3EF3F1-4E54-46E3-A308-69656A29FBD2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-nov-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "D2B24866-2B3A-4A1A-8B75-EF7A7541797A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-nov-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "3D30C02C-91FB-4D29-AF49-7903158E8FEB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-oct-2022-r1:*:*:*:*:*:*",
"matchCriteriaId": "EBB29F18-A929-432B-B20C-365401E6CA12",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-oct-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "2B6D9064-844B-4D3F-AAE4-D170DF45EF8D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:samsung:android:13.0:smr-sep-2023-r1:*:*:*:*:*:*",
"matchCriteriaId": "C581B7EE-CD08-4D6E-8858-EA8FA631F84C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file."
},
{
"lang": "es",
"value": "Vulnerabilidad de path traversal en FileUriConverter de MyFiles antes de SMR, enero de 2024, versi\u00f3n 1 en Android 11 y Android 12, y la versi\u00f3n 14.5.00.21 en Android 13, permite a los atacantes escribir archivos arbitrarios."
}
],
"id": "CVE-2024-20804",
"lastModified": "2024-11-21T08:53:10.523",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4,
"source": "mobile.security@samsung.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-01-04T01:15:09.390",
"references": [
{
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024\u0026month=01"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024\u0026month=01"
}
],
"sourceIdentifier": "mobile.security@samsung.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-21463
Vulnerability from fkie_nvd - Published: 2023-03-16 21:15 - Updated: 2024-11-21 07:42
Severity ?
4.0 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
3.3 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Summary
Improper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.03.0 in Android 13 allows local attacker to get sensitive information of secret mode in Samsung Internet application with specific conditions.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:myfiles:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A0474102-0758-44E9-AEA0-39EEBF07BA20",
"versionEndExcluding": "12.2.09.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "109DD7FD-3A48-4C3D-8E1A-4433B98E1E64",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:myfiles:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CD851584-4B9B-42D1-92AC-0A577AA6792F",
"versionEndExcluding": "13.1.03.501",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F8FB8EE9-FC56-4D5E-AE55-A5967634740C",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:myfiles:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5D1DE463-92C3-44B8-A54B-836EC2487FE9",
"versionEndExcluding": "14.1.03.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:google:android:13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "879FFD0C-9B38-4CAA-B057-1086D794D469",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.03.0 in Android 13 allows local attacker to get sensitive information of secret mode in Samsung Internet application with specific conditions."
}
],
"id": "CVE-2023-21463",
"lastModified": "2024-11-21T07:42:55.460",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.5,
"impactScore": 1.4,
"source": "mobile.security@samsung.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-03-16T21:15:12.673",
"references": [
{
"source": "mobile.security@samsung.com",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=03"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=03"
}
],
"sourceIdentifier": "mobile.security@samsung.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "mobile.security@samsung.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2025-20926 (GCVE-0-2025-20926)
Vulnerability from cvelistv5 – Published: 2025-03-06 05:04 – Updated: 2025-03-06 15:47
VLAI?
Summary
Improper export of Android application components in My Files prior to version 15.0.07.5 in Android 14 allows local attackers to access files with My Files' privilege.
Severity ?
5.5 (Medium)
CWE
- CWE-926 - Improper Export of Android Application Components
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung My Files |
Unaffected:
15.0.07.5
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20926",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T15:47:13.184223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T15:47:23.714Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung My Files",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "15.0.07.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper export of Android application components in My Files prior to version 15.0.07.5 in Android 14 allows local attackers to access files with My Files\u0027 privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-926 : Improper Export of Android Application Components",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T05:04:34.226Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=03"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-20926",
"datePublished": "2025-03-06T05:04:34.226Z",
"dateReserved": "2024-11-06T02:30:14.852Z",
"dateUpdated": "2025-03-06T15:47:23.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20805 (GCVE-0-2024-20805)
Vulnerability from cvelistv5 – Published: 2024-01-04 01:10 – Updated: 2025-06-03 14:42
VLAI?
Summary
Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.
Severity ?
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Unaffected:
SMR Jan-2024 Release in Android 11, 12 and MyFiles prior to version 14.5.00.21 in Android 13
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:06:36.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024\u0026month=01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20805",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T20:06:23.967719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:42:52.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Jan-2024 Release in Android 11, 12 and MyFiles prior to version 14.5.00.21 in Android 13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0026#39;Path Traversal\u0026#39;)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-02T00:37:44.324Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024\u0026month=01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2024-20805",
"datePublished": "2024-01-04T01:10:13.838Z",
"dateReserved": "2023-12-05T04:57:52.531Z",
"dateUpdated": "2025-06-03T14:42:52.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20804 (GCVE-0-2024-20804)
Vulnerability from cvelistv5 – Published: 2024-01-04 01:10 – Updated: 2025-04-17 18:22
VLAI?
Summary
Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.
Severity ?
4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Unaffected:
SMR Jan-2024 Release in Android 11, 12 and MyFiles prior to version 14.5.00.21 in Android 13
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:06:36.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024\u0026month=01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20804",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-08T17:20:19.785690Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T18:22:36.814Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Jan-2024 Release in Android 11, 12 and MyFiles prior to version 14.5.00.21 in Android 13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0026#39;Path Traversal\u0026#39;)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-02T00:37:43.276Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024\u0026month=01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2024-20804",
"datePublished": "2024-01-04T01:10:12.815Z",
"dateReserved": "2023-12-05T04:57:52.531Z",
"dateUpdated": "2025-04-17T18:22:36.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21463 (GCVE-0-2023-21463)
Vulnerability from cvelistv5 – Published: 2023-03-16 00:00 – Updated: 2024-08-02 09:36
VLAI?
Summary
Improper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.03.0 in Android 13 allows local attacker to get sensitive information of secret mode in Samsung Internet application with specific conditions.
Severity ?
4 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | MyFiles |
Affected:
unspecified , < 12.2.09.0 in Android 11, 13.1.03.501 in Android12 and 14.1.03.0 in Android 13
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:34.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MyFiles",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "12.2.09.0 in Android 11, 13.1.03.501 in Android12 and 14.1.03.0 in Android 13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.03.0 in Android 13 allows local attacker to get sensitive information of secret mode in Samsung Internet application with specific conditions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-16T00:00:00",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=03"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2023-21463",
"datePublished": "2023-03-16T00:00:00",
"dateReserved": "2022-11-14T00:00:00",
"dateUpdated": "2024-08-02T09:36:34.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-20926 (GCVE-0-2025-20926)
Vulnerability from nvd – Published: 2025-03-06 05:04 – Updated: 2025-03-06 15:47
VLAI?
Summary
Improper export of Android application components in My Files prior to version 15.0.07.5 in Android 14 allows local attackers to access files with My Files' privilege.
Severity ?
5.5 (Medium)
CWE
- CWE-926 - Improper Export of Android Application Components
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung My Files |
Unaffected:
15.0.07.5
|
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-20926",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-06T15:47:13.184223Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T15:47:23.714Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung My Files",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "15.0.07.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper export of Android application components in My Files prior to version 15.0.07.5 in Android 14 allows local attackers to access files with My Files\u0027 privilege."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-926 : Improper Export of Android Application Components",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-06T05:04:34.226Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=03"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2025-20926",
"datePublished": "2025-03-06T05:04:34.226Z",
"dateReserved": "2024-11-06T02:30:14.852Z",
"dateUpdated": "2025-03-06T15:47:23.714Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20805 (GCVE-0-2024-20805)
Vulnerability from nvd – Published: 2024-01-04 01:10 – Updated: 2025-06-03 14:42
VLAI?
Summary
Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.
Severity ?
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Unaffected:
SMR Jan-2024 Release in Android 11, 12 and MyFiles prior to version 14.5.00.21 in Android 13
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:06:36.263Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024\u0026month=01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20805",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T20:06:23.967719Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-06-03T14:42:52.558Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Jan-2024 Release in Android 11, 12 and MyFiles prior to version 14.5.00.21 in Android 13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0026#39;Path Traversal\u0026#39;)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-02T00:37:44.324Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024\u0026month=01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2024-20805",
"datePublished": "2024-01-04T01:10:13.838Z",
"dateReserved": "2023-12-05T04:57:52.531Z",
"dateUpdated": "2025-06-03T14:42:52.558Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-20804 (GCVE-0-2024-20804)
Vulnerability from nvd – Published: 2024-01-04 01:10 – Updated: 2025-04-17 18:22
VLAI?
Summary
Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.
Severity ?
4 (Medium)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
Unaffected:
SMR Jan-2024 Release in Android 11, 12 and MyFiles prior to version 14.5.00.21 in Android 13
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:06:36.241Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024\u0026month=01"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-20804",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-01-08T17:20:19.785690Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T18:22:36.814Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "affected",
"product": "Samsung Mobile Devices",
"vendor": "Samsung Mobile",
"versions": [
{
"status": "unaffected",
"version": "SMR Jan-2024 Release in Android 11, 12 and MyFiles prior to version 14.5.00.21 in Android 13"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0026#39;Path Traversal\u0026#39;)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-02T00:37:43.276Z",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "SamsungMobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2024\u0026month=01"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "SamsungMobile",
"cveId": "CVE-2024-20804",
"datePublished": "2024-01-04T01:10:12.815Z",
"dateReserved": "2023-12-05T04:57:52.531Z",
"dateUpdated": "2025-04-17T18:22:36.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21463 (GCVE-0-2023-21463)
Vulnerability from nvd – Published: 2023-03-16 00:00 – Updated: 2024-08-02 09:36
VLAI?
Summary
Improper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.03.0 in Android 13 allows local attacker to get sensitive information of secret mode in Samsung Internet application with specific conditions.
Severity ?
4 (Medium)
CWE
- CWE-284 - Improper Access Control
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | MyFiles |
Affected:
unspecified , < 12.2.09.0 in Android 11, 13.1.03.501 in Android12 and 14.1.03.0 in Android 13
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:36:34.502Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=03"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MyFiles",
"vendor": "Samsung Mobile",
"versions": [
{
"lessThan": "12.2.09.0 in Android 11, 13.1.03.501 in Android12 and 14.1.03.0 in Android 13",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Improper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.03.0 in Android 13 allows local attacker to get sensitive information of secret mode in Samsung Internet application with specific conditions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-16T00:00:00",
"orgId": "3af57064-a867-422c-b2ad-40307b65c458",
"shortName": "Samsung Mobile"
},
"references": [
{
"url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2023\u0026month=03"
}
],
"source": {
"discovery": "UNKNOWN"
}
}
},
"cveMetadata": {
"assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
"assignerShortName": "Samsung Mobile",
"cveId": "CVE-2023-21463",
"datePublished": "2023-03-16T00:00:00",
"dateReserved": "2022-11-14T00:00:00",
"dateUpdated": "2024-08-02T09:36:34.502Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}