Action not permitted
Modal body text goes here.
wid-sec-w-2023-2272
Vulnerability from csaf_certbund
Published
2023-09-05 22:00
Modified
2023-09-05 22:00
Summary
Samsung Android: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das Android Betriebssystem ist eine quelloffene Plattform für mobile Geräte. Die Basis bildet der Linux-Kernel.
Angriff
Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Samsung Android ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen.
Betroffene Betriebssysteme
- Android
{ "document": { "aggregate_severity": { "text": "hoch" }, "category": "csaf_base", "csaf_version": "2.0", "distribution": { "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "de-DE", "notes": [ { "category": "legal_disclaimer", "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen." }, { "category": "description", "text": "Das Android Betriebssystem ist eine quelloffene Plattform f\u00fcr mobile Ger\u00e4te. Die Basis bildet der Linux-Kernel.", "title": "Produktbeschreibung" }, { "category": "summary", "text": "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Samsung Android ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren.", "title": "Angriff" }, { "category": "general", "text": "- Android", "title": "Betroffene Betriebssysteme" } ], "publisher": { "category": "other", "contact_details": "csaf-provider@cert-bund.de", "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik", "namespace": "https://www.bsi.bund.de" }, "references": [ { "category": "self", "summary": "WID-SEC-W-2023-2272 - CSAF Version", "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2272.json" }, { "category": "self", "summary": "WID-SEC-2023-2272 - Portal Version", "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2272" }, { "category": "external", "summary": "Samsung Security Advisory vom 2023-09-05", "url": "https://security.samsungmobile.com/securityUpdate.smsb" } ], "source_lang": "en-US", "title": "Samsung Android: Mehrere Schwachstellen", "tracking": { "current_release_date": "2023-09-05T22:00:00.000+00:00", "generator": { "date": "2024-02-15T17:43:07.869+00:00", "engine": { "name": "BSI-WID", "version": "1.3.0" } }, "id": "WID-SEC-W-2023-2272", "initial_release_date": "2023-09-05T22:00:00.000+00:00", "revision_history": [ { "date": "2023-09-05T22:00:00.000+00:00", "number": "1", "summary": "Initiale Fassung" } ], "status": "final", "version": "1" } }, "product_tree": { "branches": [ { "branches": [ { "category": "product_name", "name": "Samsung Android \u003c= 13", "product": { "name": "Samsung Android \u003c= 13", "product_id": "T029730", "product_identification_helper": { "cpe": "cpe:/o:samsung:android:13" } } } ], "category": "vendor", "name": "Samsung" } ] }, "vulnerabilities": [ { "cve": "CVE-2023-40353", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-40353" }, { "cve": "CVE-2023-37377", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-37377" }, { "cve": "CVE-2023-37368", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-37368" }, { "cve": "CVE-2023-37367", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-37367" }, { "cve": "CVE-2023-35687", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-35687" }, { "cve": "CVE-2023-35684", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-35684" }, { "cve": "CVE-2023-35683", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-35683" }, { "cve": "CVE-2023-35682", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-35682" }, { "cve": "CVE-2023-35681", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-35681" }, { "cve": "CVE-2023-35679", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-35679" }, { "cve": "CVE-2023-35677", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-35677" }, { "cve": "CVE-2023-35676", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-35676" }, { "cve": "CVE-2023-35675", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-35675" }, { "cve": "CVE-2023-35674", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-35674" }, { "cve": "CVE-2023-35673", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-35673" }, { "cve": "CVE-2023-35671", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-35671" }, { "cve": "CVE-2023-35670", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-35670" }, { "cve": "CVE-2023-35669", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-35669" }, { "cve": "CVE-2023-35667", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-35667" }, { "cve": "CVE-2023-35666", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-35666" }, { "cve": "CVE-2023-35658", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-35658" }, { "cve": "CVE-2023-30721", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-30721" }, { "cve": "CVE-2023-30720", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-30720" }, { "cve": "CVE-2023-30719", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-30719" }, { "cve": "CVE-2023-30718", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-30718" }, { "cve": "CVE-2023-30717", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-30717" }, { "cve": "CVE-2023-30716", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-30716" }, { "cve": "CVE-2023-30715", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-30715" }, { "cve": "CVE-2023-30714", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-30714" }, { "cve": "CVE-2023-30713", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-30713" }, { "cve": "CVE-2023-30712", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-30712" }, { "cve": "CVE-2023-30711", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-30711" }, { "cve": "CVE-2023-30710", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-30710" }, { "cve": "CVE-2023-30709", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-30709" }, { "cve": "CVE-2023-30708", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-30708" }, { "cve": "CVE-2023-30707", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-30707" }, { "cve": "CVE-2023-30706", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-30706" }, { "cve": "CVE-2023-21626", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-21626" }, { "cve": "CVE-2023-21135", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-21135" }, { "cve": "CVE-2023-21118", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-21118" }, { "cve": "CVE-2023-20780", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2023-20780" }, { "cve": "CVE-2022-40510", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2022-40510" }, { "cve": "CVE-2020-29374", "notes": [ { "category": "description", "text": "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschl\u00e4gen, One UI Home und Wetter aufgrund einer unsachgem\u00e4\u00dfen Autorisierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung, einer unsachgem\u00e4\u00dfen Authentifizierung, einer unsachgem\u00e4\u00dfen Eingabevalidierung und einer unsachgem\u00e4\u00dfen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuf\u00fchren. F\u00fcr eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein." } ], "product_status": { "last_affected": [ "T029730" ] }, "release_date": "2023-09-05T22:00:00Z", "title": "CVE-2020-29374" } ] }
cve-2023-30719
Vulnerability from cvelistv5
Published
2023-09-06 03:12
Modified
2024-09-26 15:25
Severity ?
EPSS score ?
Summary
Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Samsung Mobile | Samsung Mobile Devices |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:37:14.617Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-30719", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T14:59:00.460258Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T15:25:55.803Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Samsung Mobile Devices", "vendor": "Samsung Mobile", "versions": [ { "status": "unaffected", "version": "SMR Sep-2023 Release in Android 11, 12, 13" } ] } ], "descriptions": [ { "lang": "en", "value": "Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-06T03:12:06.098Z", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile" }, "references": [ { "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ] } }, "cveMetadata": { "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2023-30719", "datePublished": "2023-09-06T03:12:06.098Z", "dateReserved": "2023-04-14T01:59:51.137Z", "dateUpdated": "2024-09-26T15:25:55.803Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35666
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-09-26 14:40
Severity ?
EPSS score ?
Summary
In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:30:44.309Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b7ea57f620436c83a9766f928437ddadaa232e3a" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-09-01" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "android", "vendor": "google", "versions": [ { "status": "affected", "version": "11" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "12l" }, { "status": "affected", "version": "13" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-35666", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T14:39:06.598682Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T14:40:39.522Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-11T20:16:40.173Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b7ea57f620436c83a9766f928437ddadaa232e3a" }, { "url": "https://source.android.com/security/bulletin/2023-09-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-35666", "datePublished": "2023-09-11T20:09:52.427Z", "dateReserved": "2023-06-15T02:50:29.819Z", "dateUpdated": "2024-09-26T14:40:39.522Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-37368
Vulnerability from cvelistv5
Published
2023-09-08 00:00
Modified
2024-09-26 18:16
Severity ?
EPSS score ?
Summary
An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123). In the Shannon MM Task, Missing validation of a NULL pointer can cause abnormal termination via a malformed NR MM packet.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:09:34.196Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-37368", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T18:15:54.711271Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T18:16:06.387Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123). In the Shannon MM Task, Missing validation of a NULL pointer can cause abnormal termination via a malformed NR MM packet." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-08T02:05:13.922904", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-37368", "datePublished": "2023-09-08T00:00:00", "dateReserved": "2023-06-30T00:00:00", "dateUpdated": "2024-09-26T18:16:06.387Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30709
Vulnerability from cvelistv5
Published
2023-09-06 03:11
Modified
2024-09-26 15:26
Severity ?
EPSS score ?
Summary
Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers launch activity with system privilege.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Samsung Mobile | Samsung Mobile Devices |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:37:15.107Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-30709", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T15:10:10.916419Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T15:26:49.516Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Samsung Mobile Devices", "vendor": "Samsung Mobile", "versions": [ { "status": "unaffected", "version": "SMR Sep-2023 Release in Android 11, 12, 13" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers launch activity with system privilege." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.9, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-284: Improper Access Control", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-06T03:11:55.448Z", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile" }, "references": [ { "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ] } }, "cveMetadata": { "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2023-30709", "datePublished": "2023-09-06T03:11:55.448Z", "dateReserved": "2023-04-14T01:59:51.135Z", "dateUpdated": "2024-09-26T15:26:49.516Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21626
Vulnerability from cvelistv5
Published
2023-08-08 09:14
Modified
2024-10-24 18:59
Severity ?
EPSS score ?
Summary
Improper Authentication in HLOS.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Qualcomm, Inc. | Snapdragon |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:44:01.518Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:h:qualcomm:snapdragon:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "snapdragon", "vendor": "qualcomm", "versions": [ { "status": "affected", "version": "APQ8009" }, { "status": "affected", "version": "APQ8017" }, { "status": "affected", "version": "APQ8037" }, { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "CSRA6620" }, { "status": "affected", "version": "CSRA6640" }, { "status": "affected", "version": "CSRB31024" }, { "status": "affected", "version": "FSM10056" }, { "status": "affected", "version": "MDM8207" }, { "status": "affected", "version": "MDM9205" }, { "status": "affected", "version": "MDM9206" }, { "status": "affected", "version": "MDM9207" }, { "status": "affected", "version": "MDM9607" }, { "status": "affected", "version": "MDM9628" }, { "status": "affected", "version": "MSM8108" }, { "status": "affected", "version": "MSM8208" }, { "status": "affected", "version": "MSM8209" }, { "status": "affected", "version": "MSM8608" }, { "status": "affected", "version": "MSM8917" }, { "status": "affected", "version": "MSM8920" }, { "status": "affected", "version": "MSM8937" }, { "status": "affected", "version": "MSM8940" }, { "status": "affected", "version": "PM8937" }, { "status": "affected", "version": "QAM8295P" }, { "status": "affected", "version": "QCA4004" }, { "status": "affected", "version": "QCA4020" }, { "status": "affected", "version": "QCA6174A" }, { "status": "affected", "version": "QCA6310" }, { "status": "affected", "version": "QCA6320" }, { "status": "affected", "version": "QCA6335" }, { "status": "affected", "version": "QCA6390" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6420" }, { "status": "affected", "version": "QCA6421" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6430" }, { "status": "affected", "version": "QCA6431" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6564" }, { "status": "affected", "version": "QCA6564A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6595" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCA9367" }, { "status": "affected", "version": "QCA9377" }, { "status": "affected", "version": "QCA9379" }, { "status": "affected", "version": "QCM2290" }, { "status": "affected", "version": "QCM4290" }, { "status": "affected", "version": "QCM6125" }, { "status": "affected", "version": "QCM6490" }, { "status": "affected", "version": "QCN7606" }, { "status": "affected", "version": "QCS2290" }, { "status": "affected", "version": "QCS405" }, { "status": "affected", "version": "QCS410" }, { "status": "affected", "version": "QCS4290" }, { "status": "affected", "version": "QCS603" }, { "status": "affected", "version": "QCS605" }, { "status": "affected", "version": "QCS610" }, { "status": "affected", "version": "QCS6125" }, { "status": "affected", "version": "QCS6490" }, { "status": "affected", "version": "QCS8155" }, { "status": "affected", "version": "QCX315" }, { "status": "affected", "version": "QSM8350" }, { "status": "affected", "version": "Qualcomm215" }, { "status": "affected", "version": "SA4150P" }, { "status": "affected", "version": "SA4155P" }, { "status": "affected", "version": "SA415M" }, { "status": "affected", "version": "SA515M" }, { "status": "affected", "version": "SA6145P" }, { "status": "affected", "version": "SA6150P" }, { "status": "affected", "version": "SA6155" }, { "status": "affected", "version": "SA6155P" }, { "status": "affected", "version": "SA8145P" }, { "status": "affected", "version": "SA8150P" }, { "status": "affected", "version": "SA8155" }, { "status": "affected", "version": "SA8155P" }, { "status": "affected", "version": "SA8195P" }, { "status": "affected", "version": "SA8295P" }, { "status": "affected", "version": "SA8540P" }, { "status": "affected", "version": "SA9000P" }, { "status": "affected", "version": "SC8180X+SDX55" }, { "status": "affected", "version": "SD 455" }, { "status": "affected", "version": "SD 636" }, { "status": "affected", "version": "SD 675" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD 8cx Gen2" }, { "status": "affected", "version": "SD 8cx Gen3" }, { "status": "affected", "version": "SD205" }, { "status": "affected", "version": "SD210" }, { "status": "affected", "version": "SD429" }, { "status": "affected", "version": "SD439" }, { "status": "affected", "version": "SD450" }, { "status": "affected", "version": "SD460" }, { "status": "affected", "version": "SD480" }, { "status": "affected", "version": "SD625" }, { "status": "affected", "version": "SD626" }, { "status": "affected", "version": "SD632" }, { "status": "affected", "version": "SD660" }, { "status": "affected", "version": "SD662" }, { "status": "affected", "version": "SD665" }, { "status": "affected", "version": "SD670" }, { "status": "affected", "version": "SD675" }, { "status": "affected", "version": "SD678" }, { "status": "affected", "version": "SD680" }, { "status": "affected", "version": "SD690 5G" }, { "status": "affected", "version": "SD695" }, { "status": "affected", "version": "SD710" }, { "status": "affected", "version": "SD720G" }, { "status": "affected", "version": "SD730" }, { "status": "affected", "version": "SD750G" }, { "status": "affected", "version": "SD765" }, { "status": "affected", "version": "SD765G" }, { "status": "affected", "version": "SD768G" }, { "status": "affected", "version": "SD778G" }, { "status": "affected", "version": "SD780G" }, { "status": "affected", "version": "SD7c" }, { "status": "affected", "version": "SD835" }, { "status": "affected", "version": "SD845" }, { "status": "affected", "version": "SD850" }, { "status": "affected", "version": "SD855" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD870" }, { "status": "affected", "version": "SD888" }, { "status": "affected", "version": "SD888 5G" }, { "status": "affected", "version": "SDA429W" }, { "status": "affected", "version": "SDM429W" }, { "status": "affected", "version": "SDM630" }, { "status": "affected", "version": "SDX24" }, { "status": "affected", "version": "SDX50M" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SDX55M" }, { "status": "affected", "version": "SDX65" }, { "status": "affected", "version": "SDXR1" }, { "status": "affected", "version": "SDXR2 5G" }, { "status": "affected", "version": "SM4125" }, { "status": "affected", "version": "SM4375" }, { "status": "affected", "version": "SM6250" }, { "status": "affected", "version": "SM6250P" }, { "status": "affected", "version": "SM7250P" }, { "status": "affected", "version": "SM7315" }, { "status": "affected", "version": "SM7325P" }, { "status": "affected", "version": "SXR2150P" }, { "status": "affected", "version": "WCD9306" }, { "status": "affected", "version": "WCD9326" }, { "status": "affected", "version": "WCD9330" }, { "status": "affected", "version": "WCD9335" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9360" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9371" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3610" }, { "status": "affected", "version": "WCN3615" }, { "status": "affected", "version": "WCN3620" }, { "status": "affected", "version": "WCN3660" }, { "status": "affected", "version": "WCN3660B" }, { "status": "affected", "version": "WCN3680" }, { "status": "affected", "version": "WCN3680B" }, { "status": "affected", "version": "WCN3910" }, { "status": "affected", "version": "WCN3950" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3988" }, { "status": "affected", "version": "WCN3990" }, { "status": "affected", "version": "WCN3991" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WCN6750" }, { "status": "affected", "version": "WCN6850" }, { "status": "affected", "version": "WCN6851" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-21626", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-10-24T18:51:18.709645Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-24T18:59:08.395Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Connectivity", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon IoT", "Snapdragon Mobile", "Snapdragon Voice \u0026 Music", "Snapdragon Wearables" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "APQ8009" }, { "status": "affected", "version": "APQ8017" }, { "status": "affected", "version": "APQ8037" }, { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "CSRA6620" }, { "status": "affected", "version": "CSRA6640" }, { "status": "affected", "version": "CSRB31024" }, { "status": "affected", "version": "FSM10056" }, { "status": "affected", "version": "MDM8207" }, { "status": "affected", "version": "MDM9205" }, { "status": "affected", "version": "MDM9206" }, { "status": "affected", "version": "MDM9207" }, { "status": "affected", "version": "MDM9607" }, { "status": "affected", "version": "MDM9628" }, { "status": "affected", "version": "MSM8108" }, { "status": "affected", "version": "MSM8208" }, { "status": "affected", "version": "MSM8209" }, { "status": "affected", "version": "MSM8608" }, { "status": "affected", "version": "MSM8917" }, { "status": "affected", "version": "MSM8920" }, { "status": "affected", "version": "MSM8937" }, { "status": "affected", "version": "MSM8940" }, { "status": "affected", "version": "PM8937" }, { "status": "affected", "version": "QAM8295P" }, { "status": "affected", "version": "QCA4004" }, { "status": "affected", "version": "QCA4020" }, { "status": "affected", "version": "QCA6174A" }, { "status": "affected", "version": "QCA6310" }, { "status": "affected", "version": "QCA6320" }, { "status": "affected", "version": "QCA6335" }, { "status": "affected", "version": "QCA6390" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6420" }, { "status": "affected", "version": "QCA6421" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6430" }, { "status": "affected", "version": "QCA6431" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6564" }, { "status": "affected", "version": "QCA6564A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6595" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCA9367" }, { "status": "affected", "version": "QCA9377" }, { "status": "affected", "version": "QCA9379" }, { "status": "affected", "version": "QCM2290" }, { "status": "affected", "version": "QCM4290" }, { "status": "affected", "version": "QCM6125" }, { "status": "affected", "version": "QCM6490" }, { "status": "affected", "version": "QCN7606" }, { "status": "affected", "version": "QCS2290" }, { "status": "affected", "version": "QCS405" }, { "status": "affected", "version": "QCS410" }, { "status": "affected", "version": "QCS4290" }, { "status": "affected", "version": "QCS603" }, { "status": "affected", "version": "QCS605" }, { "status": "affected", "version": "QCS610" }, { "status": "affected", "version": "QCS6125" }, { "status": "affected", "version": "QCS6490" }, { "status": "affected", "version": "QCS8155" }, { "status": "affected", "version": "QCX315" }, { "status": "affected", "version": "QSM8350" }, { "status": "affected", "version": "Qualcomm215" }, { "status": "affected", "version": "SA4150P" }, { "status": "affected", "version": "SA4155P" }, { "status": "affected", "version": "SA415M" }, { "status": "affected", "version": "SA515M" }, { "status": "affected", "version": "SA6145P" }, { "status": "affected", "version": "SA6150P" }, { "status": "affected", "version": "SA6155" }, { "status": "affected", "version": "SA6155P" }, { "status": "affected", "version": "SA8145P" }, { "status": "affected", "version": "SA8150P" }, { "status": "affected", "version": "SA8155" }, { "status": "affected", "version": "SA8155P" }, { "status": "affected", "version": "SA8195P" }, { "status": "affected", "version": "SA8295P" }, { "status": "affected", "version": "SA8540P" }, { "status": "affected", "version": "SA9000P" }, { "status": "affected", "version": "SC8180X+SDX55" }, { "status": "affected", "version": "SD 455" }, { "status": "affected", "version": "SD 636" }, { "status": "affected", "version": "SD 675" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD 8cx Gen2" }, { "status": "affected", "version": "SD 8cx Gen3" }, { "status": "affected", "version": "SD205" }, { "status": "affected", "version": "SD210" }, { "status": "affected", "version": "SD429" }, { "status": "affected", "version": "SD439" }, { "status": "affected", "version": "SD450" }, { "status": "affected", "version": "SD460" }, { "status": "affected", "version": "SD480" }, { "status": "affected", "version": "SD625" }, { "status": "affected", "version": "SD626" }, { "status": "affected", "version": "SD632" }, { "status": "affected", "version": "SD660" }, { "status": "affected", "version": "SD662" }, { "status": "affected", "version": "SD665" }, { "status": "affected", "version": "SD670" }, { "status": "affected", "version": "SD675" }, { "status": "affected", "version": "SD678" }, { "status": "affected", "version": "SD680" }, { "status": "affected", "version": "SD690 5G" }, { "status": "affected", "version": "SD695" }, { "status": "affected", "version": "SD710" }, { "status": "affected", "version": "SD720G" }, { "status": "affected", "version": "SD730" }, { "status": "affected", "version": "SD750G" }, { "status": "affected", "version": "SD765" }, { "status": "affected", "version": "SD765G" }, { "status": "affected", "version": "SD768G" }, { "status": "affected", "version": "SD778G" }, { "status": "affected", "version": "SD780G" }, { "status": "affected", "version": "SD7c" }, { "status": "affected", "version": "SD835" }, { "status": "affected", "version": "SD845" }, { "status": "affected", "version": "SD850" }, { "status": "affected", "version": "SD855" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD870" }, { "status": "affected", "version": "SD888" }, { "status": "affected", "version": "SD888 5G" }, { "status": "affected", "version": "SDA429W" }, { "status": "affected", "version": "SDM429W" }, { "status": "affected", "version": "SDM630" }, { "status": "affected", "version": "SDX24" }, { "status": "affected", "version": "SDX50M" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SDX55M" }, { "status": "affected", "version": "SDX65" }, { "status": "affected", "version": "SDXR1" }, { "status": "affected", "version": "SDXR2 5G" }, { "status": "affected", "version": "SM4125" }, { "status": "affected", "version": "SM4375" }, { "status": "affected", "version": "SM6250" }, { "status": "affected", "version": "SM6250P" }, { "status": "affected", "version": "SM7250P" }, { "status": "affected", "version": "SM7315" }, { "status": "affected", "version": "SM7325P" }, { "status": "affected", "version": "SXR2150P" }, { "status": "affected", "version": "WCD9306" }, { "status": "affected", "version": "WCD9326" }, { "status": "affected", "version": "WCD9330" }, { "status": "affected", "version": "WCD9335" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9360" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9371" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3610" }, { "status": "affected", "version": "WCN3615" }, { "status": "affected", "version": "WCN3620" }, { "status": "affected", "version": "WCN3660" }, { "status": "affected", "version": "WCN3660B" }, { "status": "affected", "version": "WCN3680" }, { "status": "affected", "version": "WCN3680B" }, { "status": "affected", "version": "WCN3910" }, { "status": "affected", "version": "WCN3950" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3988" }, { "status": "affected", "version": "WCN3990" }, { "status": "affected", "version": "WCN3991" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WCN6750" }, { "status": "affected", "version": "WCN6850" }, { "status": "affected", "version": "WCN6851" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-320", "description": "CWE-320 Key Management Errors", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-12T16:23:26.915Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin" } ], "title": "Improper Authentication in HLOS." } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2023-21626", "datePublished": "2023-08-08T09:14:50.487Z", "dateReserved": "2022-12-07T02:58:25.864Z", "dateUpdated": "2024-10-24T18:59:08.395Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-20780
Vulnerability from cvelistv5
Published
2023-08-07 03:21
Modified
2024-10-17 14:41
Severity ?
EPSS score ?
Summary
In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS08017756.
References
Impacted products
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:14:41.005Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://corp.mediatek.com/product-security-bulletin/August-2023" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-20780", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-10-17T14:41:07.970344Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-10-17T14:41:18.229Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", "vendor": "MediaTek, Inc.", "versions": [ { "status": "affected", "version": "Android 11.0, 12.0, 13.0" } ] } ], "descriptions": [ { "lang": "en", "value": "In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS08017756." } ], "problemTypes": [ { "descriptions": [ { "description": "Information Disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-08-07T03:21:00.627Z", "orgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "shortName": "MediaTek" }, "references": [ { "url": "https://corp.mediatek.com/product-security-bulletin/August-2023" } ] } }, "cveMetadata": { "assignerOrgId": "ee979b05-11f8-4f25-a7e0-a1fa9c190374", "assignerShortName": "MediaTek", "cveId": "CVE-2023-20780", "datePublished": "2023-08-07T03:21:00.627Z", "dateReserved": "2022-10-28T02:03:10.776Z", "dateUpdated": "2024-10-17T14:41:18.229Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30707
Vulnerability from cvelistv5
Published
2023-09-06 03:11
Modified
2024-09-26 15:27
Severity ?
EPSS score ?
Summary
Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows local attackers to delete arbitrary files with Samsung Keyboard privilege.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Samsung Mobile | Samsung Mobile Devices |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:37:14.134Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-30707", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T15:10:26.796533Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T15:27:19.225Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Samsung Mobile Devices", "vendor": "Samsung Mobile", "versions": [ { "status": "unaffected", "version": "SMR Sep-2023 Release in Android 12" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows local attackers to delete arbitrary files with Samsung Keyboard privilege." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-20: Improper Input Validation", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-06T03:11:53.437Z", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile" }, "references": [ { "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ] } }, "cveMetadata": { "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2023-30707", "datePublished": "2023-09-06T03:11:53.437Z", "dateReserved": "2023-04-14T01:59:51.129Z", "dateUpdated": "2024-09-26T15:27:19.225Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-37377
Vulnerability from cvelistv5
Published
2023-09-08 00:00
Modified
2024-09-26 18:12
Severity ?
EPSS score ?
Summary
An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor (Exynos 980, Exynos 850, Exynos 2100, and Exynos W920). Improper handling of length parameter inconsistency can cause incorrect packet filtering.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:09:34.221Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:a:samsung:mobile_processor_wearable_processor:*:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mobile_processor_wearable_processor", "vendor": "samsung", "versions": [ { "lessThan": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-37377", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T18:11:06.687223Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T18:12:57.503Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor (Exynos 980, Exynos 850, Exynos 2100, and Exynos W920). Improper handling of length parameter inconsistency can cause incorrect packet filtering." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AC:L/AV:L/A:L/C:N/I:N/PR:H/S:U/UI:R", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-08T02:05:22.871798", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-37377", "datePublished": "2023-09-08T00:00:00", "dateReserved": "2023-07-03T00:00:00", "dateUpdated": "2024-09-26T18:12:57.503Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30716
Vulnerability from cvelistv5
Published
2023-09-06 03:12
Modified
2024-09-26 15:26
Severity ?
EPSS score ?
Summary
Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Samsung Mobile | Samsung Mobile Devices |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:37:14.563Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-30716", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T15:02:53.462289Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T15:26:37.312Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Samsung Mobile Devices", "vendor": "Samsung Mobile", "versions": [ { "status": "unaffected", "version": "SMR Sep-2023 Release in Android 11, 12, 13" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-269 Improper Privilege Management", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-06T03:12:02.855Z", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile" }, "references": [ { "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ] } }, "cveMetadata": { "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2023-30716", "datePublished": "2023-09-06T03:12:02.855Z", "dateReserved": "2023-04-14T01:59:51.136Z", "dateUpdated": "2024-09-26T15:26:37.312Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35670
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-08-02 16:30
Severity ?
EPSS score ?
Summary
In computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps' external private directories due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:30:43.944Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/db3c69afcb0a45c8aa2f333fcde36217889899fe" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps\u0027 external private directories due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-11T20:16:41.312Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/db3c69afcb0a45c8aa2f333fcde36217889899fe" }, { "url": "https://source.android.com/security/bulletin/2023-09-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-35670", "datePublished": "2023-09-11T20:09:52.999Z", "dateReserved": "2023-06-15T02:50:29.819Z", "dateUpdated": "2024-08-02T16:30:43.944Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21118
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2024-08-02 09:28
Severity ?
EPSS score ?
Summary
In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-269014004
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:28:26.107Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-05-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-269014004" } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-05-15T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2023-05-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21118", "datePublished": "2023-05-15T00:00:00", "dateReserved": "2022-11-03T00:00:00", "dateUpdated": "2024-08-02T09:28:26.107Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30706
Vulnerability from cvelistv5
Published
2023-09-06 03:11
Modified
2024-09-26 20:45
Severity ?
EPSS score ?
Summary
Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Samsung Mobile | Samsung Mobile Devices |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:37:14.969Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-30706", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T20:45:27.541993Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T20:45:42.822Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Samsung Mobile Devices", "vendor": "Samsung Mobile", "versions": [ { "status": "unaffected", "version": "SMR Sep-2023 Release in Android 12" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-285: Improper Authorization", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-06T03:11:52.376Z", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile" }, "references": [ { "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ] } }, "cveMetadata": { "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2023-30706", "datePublished": "2023-09-06T03:11:52.376Z", "dateReserved": "2023-04-14T01:59:51.129Z", "dateUpdated": "2024-09-26T20:45:42.822Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35684
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-09-26 15:47
Severity ?
EPSS score ?
Summary
In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:30:44.483Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/668bbca29797728004d88db4c9b69102f3939008" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-09-01" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-35684", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T15:47:19.045836Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T15:47:27.807Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-11T20:16:45.658Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/668bbca29797728004d88db4c9b69102f3939008" }, { "url": "https://source.android.com/security/bulletin/2023-09-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-35684", "datePublished": "2023-09-11T20:09:55.266Z", "dateReserved": "2023-06-15T02:50:31.873Z", "dateUpdated": "2024-09-26T15:47:27.807Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35658
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-09-26 14:51
Severity ?
EPSS score ?
Summary
In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible privilege escalation due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:30:43.908Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/d03a3020de69143b1fe8129d75e55f14951dd192" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-09-01" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "android", "vendor": "google", "versions": [ { "status": "affected", "version": "11" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "12l" }, { "status": "affected", "version": "13" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-35658", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T14:50:27.908286Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T14:51:50.005Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible privilege escalation due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-11T20:16:39.115Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/d03a3020de69143b1fe8129d75e55f14951dd192" }, { "url": "https://source.android.com/security/bulletin/2023-09-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-35658", "datePublished": "2023-09-11T20:09:51.810Z", "dateReserved": "2023-06-15T02:50:10.272Z", "dateUpdated": "2024-09-26T14:51:50.005Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35674
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-09-26 14:31
Severity ?
EPSS score ?
Summary
In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:30:44.419Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/7428962d3b064ce1122809d87af65099d1129c9e" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-09-01" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "android", "vendor": "google", "versions": [ { "status": "affected", "version": "11" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "12l" }, { "status": "affected", "version": "13" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-35674", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T14:15:36.373187Z", "version": "2.0.3" }, "type": "ssvc" } }, { "other": { "content": { "dateAdded": "2023-09-13", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-35674" }, "type": "kev" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-26T14:31:47.277Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-11T20:16:42.390Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/7428962d3b064ce1122809d87af65099d1129c9e" }, { "url": "https://source.android.com/security/bulletin/2023-09-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-35674", "datePublished": "2023-09-11T20:09:53.580Z", "dateReserved": "2023-06-15T02:50:29.820Z", "dateUpdated": "2024-09-26T14:31:47.277Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35687
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-09-26 15:49
Severity ?
EPSS score ?
Summary
In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:30:44.386Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/ea6131efa76a0b2a12724ffd157909e2c6fb4036" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-09-01" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-35687", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T15:49:05.405485Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T15:49:16.654Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-11T20:16:46.031Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/frameworks/av/+/ea6131efa76a0b2a12724ffd157909e2c6fb4036" }, { "url": "https://source.android.com/security/bulletin/2023-09-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-35687", "datePublished": "2023-09-11T20:09:55.452Z", "dateReserved": "2023-06-15T02:50:33.961Z", "dateUpdated": "2024-09-26T15:49:16.654Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35683
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-09-26 15:47
Severity ?
EPSS score ?
Summary
In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:30:44.641Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/23d156ed1bed6d2c2b325f0be540d0afca510c49" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-09-01" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-35683", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T15:46:44.085863Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T15:47:01.584Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-11T20:16:45.309Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/23d156ed1bed6d2c2b325f0be540d0afca510c49" }, { "url": "https://source.android.com/security/bulletin/2023-09-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-35683", "datePublished": "2023-09-11T20:09:55.077Z", "dateReserved": "2023-06-15T02:50:31.873Z", "dateUpdated": "2024-09-26T15:47:01.584Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2020-29374
Vulnerability from cvelistv5
Published
2020-11-28 06:18
Modified
2024-08-04 16:48
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.
References
▼ | URL | Tags |
---|---|---|
https://bugs.chromium.org/p/project-zero/issues/detail?id=2045 | x_refsource_MISC | |
https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3 | x_refsource_MISC | |
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f | x_refsource_MISC | |
https://security.netapp.com/advisory/ntap-20210115-0002/ | x_refsource_CONFIRM | |
http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html | x_refsource_MISC | |
https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html | mailing-list, x_refsource_MLIST | |
https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html | mailing-list, x_refsource_MLIST | |
https://www.debian.org/security/2022/dsa-5096 | vendor-advisory, x_refsource_DEBIAN |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-04T16:48:01.979Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://security.netapp.com/advisory/ntap-20210115-0002/" }, { "tags": [ "x_refsource_MISC", "x_transferred" ], "url": "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html" }, { "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html" }, { "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html" }, { "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html" }, { "name": "DSA-5096", "tags": [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred" ], "url": "https://www.debian.org/security/2022/dsa-5096" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58." } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2022-03-10T02:06:28", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "tags": [ "x_refsource_MISC" ], "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045" }, { "tags": [ "x_refsource_MISC" ], "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3" }, { "tags": [ "x_refsource_MISC" ], "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://security.netapp.com/advisory/ntap-20210115-0002/" }, { "tags": [ "x_refsource_MISC" ], "url": "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html" }, { "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html" }, { "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html" }, { "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html" }, { "name": "DSA-5096", "tags": [ "vendor-advisory", "x_refsource_DEBIAN" ], "url": "https://www.debian.org/security/2022/dsa-5096" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-29374", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045", "refsource": "MISC", "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045" }, { "name": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3", "refsource": "MISC", "url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3" }, { "name": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f", "refsource": "MISC", "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f" }, { "name": "https://security.netapp.com/advisory/ntap-20210115-0002/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20210115-0002/" }, { "name": "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html" }, { "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html" }, { "name": "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html" }, { "name": "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html" }, { "name": "DSA-5096", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2022/dsa-5096" } ] } } } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-29374", "datePublished": "2020-11-28T06:18:56", "dateReserved": "2020-11-28T00:00:00", "dateUpdated": "2024-08-04T16:48:01.979Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-21135
Vulnerability from cvelistv5
Published
2023-06-15 00:00
Modified
2024-08-02 09:28
Severity ?
EPSS score ?
Summary
In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260570119
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T09:28:25.892Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-06-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Android", "vendor": "n/a", "versions": [ { "status": "affected", "version": "Android-11 Android-12 Android-12L Android-13" } ] } ], "descriptions": [ { "lang": "en", "value": "In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260570119" } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-06-15T00:00:00", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://source.android.com/security/bulletin/2023-06-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-21135", "datePublished": "2023-06-15T00:00:00", "dateReserved": "2022-11-03T00:00:00", "dateUpdated": "2024-08-02T09:28:25.892Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-37367
Vulnerability from cvelistv5
Published
2023-09-08 00:00
Modified
2024-09-26 18:38
Severity ?
EPSS score ?
Summary
An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. In the NAS Task, an improperly implemented security check for standard can disallow desired services for a while via consecutive NAS messages.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T17:09:34.050Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-37367", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T18:38:48.263245Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T18:38:57.179Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. In the NAS Task, an improperly implemented security check for standard can disallow desired services for a while via consecutive NAS messages." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AC:L/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:N", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-08T02:05:03.793215", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-37367", "datePublished": "2023-09-08T00:00:00", "dateReserved": "2023-06-30T00:00:00", "dateUpdated": "2024-09-26T18:38:57.179Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35676
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-09-26 14:28
Severity ?
EPSS score ?
Summary
In createQuickShareAction of SaveImageInBackgroundTask.java, there is a possible way to trigger a background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:30:44.629Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/109e58b62dc9fedcee93983678ef9d4931e72afa" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-09-01" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "android", "vendor": "google", "versions": [ { "status": "affected", "version": "12" }, { "status": "affected", "version": "12l" }, { "status": "affected", "version": "13" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-35676", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T14:12:12.416325Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-26T14:28:34.798Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" } ] } ], "descriptions": [ { "lang": "en", "value": "In createQuickShareAction of SaveImageInBackgroundTask.java, there is a possible way to trigger a background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-11T20:16:43.088Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/109e58b62dc9fedcee93983678ef9d4931e72afa" }, { "url": "https://source.android.com/security/bulletin/2023-09-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-35676", "datePublished": "2023-09-11T20:09:53.971Z", "dateReserved": "2023-06-15T02:50:31.872Z", "dateUpdated": "2024-09-26T14:28:34.798Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30720
Vulnerability from cvelistv5
Published
2023-09-06 03:12
Modified
2024-09-26 15:25
Severity ?
EPSS score ?
Summary
PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Samsung Mobile | Samsung Mobile Devices |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:37:14.607Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-30720", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T14:58:42.916644Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T15:25:39.849Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Samsung Mobile Devices", "vendor": "Samsung Mobile", "versions": [ { "status": "unaffected", "version": "SMR Sep-2023 Release in Android 11, 12, 13" } ] } ], "descriptions": [ { "lang": "en", "value": "PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-284: Improper Access Control", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-06T03:12:07.151Z", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile" }, "references": [ { "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ] } }, "cveMetadata": { "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2023-30720", "datePublished": "2023-09-06T03:12:07.151Z", "dateReserved": "2023-04-14T01:59:51.137Z", "dateUpdated": "2024-09-26T15:25:39.849Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30715
Vulnerability from cvelistv5
Published
2023-09-06 03:12
Modified
2024-09-26 15:30
Severity ?
EPSS score ?
Summary
Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Samsung Mobile | Samsung Mobile Devices |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:37:14.598Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-30715", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T15:02:58.944660Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T15:30:01.225Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Samsung Mobile Devices", "vendor": "Samsung Mobile", "versions": [ { "status": "unaffected", "version": "SMR Sep-2023 Release in Android 11, 12, 13" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-284: Improper Access Control", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-06T03:12:01.797Z", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile" }, "references": [ { "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ] } }, "cveMetadata": { "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2023-30715", "datePublished": "2023-09-06T03:12:01.797Z", "dateReserved": "2023-04-14T01:59:51.136Z", "dateUpdated": "2024-09-26T15:30:01.225Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30711
Vulnerability from cvelistv5
Published
2023-09-06 03:11
Modified
2024-09-26 15:32
Severity ?
EPSS score ?
Summary
Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Samsung Mobile | Samsung Mobile Devices |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:37:15.130Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-30711", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T15:06:24.700603Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T15:32:33.325Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Samsung Mobile Devices", "vendor": "Samsung Mobile", "versions": [ { "status": "unaffected", "version": "SMR Sep-2023 Release in Android 11, 12, 13" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-287: Improper Authentication", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-06T03:11:57.479Z", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile" }, "references": [ { "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ] } }, "cveMetadata": { "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2023-30711", "datePublished": "2023-09-06T03:11:57.479Z", "dateReserved": "2023-04-14T01:59:51.136Z", "dateUpdated": "2024-09-26T15:32:33.325Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30714
Vulnerability from cvelistv5
Published
2023-09-06 03:12
Modified
2024-09-26 15:30
Severity ?
EPSS score ?
Summary
Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Samsung Mobile | Samsung Mobile Devices |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:37:14.705Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-30714", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T15:03:14.768389Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T15:30:49.580Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Samsung Mobile Devices", "vendor": "Samsung Mobile", "versions": [ { "status": "unaffected", "version": "SMR Sep-2023 Release in Selected Android 11, 12, 13 devices" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "NONE", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-285: Improper Authorization", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-06T03:12:00.735Z", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile" }, "references": [ { "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ] } }, "cveMetadata": { "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2023-30714", "datePublished": "2023-09-06T03:12:00.735Z", "dateReserved": "2023-04-14T01:59:51.136Z", "dateUpdated": "2024-09-26T15:30:49.580Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30710
Vulnerability from cvelistv5
Published
2023-09-06 03:11
Modified
2024-09-26 15:32
Severity ?
EPSS score ?
Summary
Improper input validation vulnerability in Knox AI prior to SMR Sep-2023 Release 1 allows local attackers to launch privileged activities.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Samsung Mobile | Samsung Mobile Devices |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:37:14.793Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-30710", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T15:10:04.632783Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T15:32:49.840Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Samsung Mobile Devices", "vendor": "Samsung Mobile", "versions": [ { "status": "unaffected", "version": "SMR Sep-2023 Release in Android 13" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper input validation vulnerability in Knox AI prior to SMR Sep-2023 Release 1 allows local attackers to launch privileged activities." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-20 Improper Input Validation", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-06T03:11:56.455Z", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile" }, "references": [ { "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ] } }, "cveMetadata": { "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2023-30710", "datePublished": "2023-09-06T03:11:56.455Z", "dateReserved": "2023-04-14T01:59:51.136Z", "dateUpdated": "2024-09-26T15:32:49.840Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35675
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-09-26 14:30
Severity ?
EPSS score ?
Summary
In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:30:44.580Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/c1cf4b9746c9641190730172522324ccd5b8c914" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-09-01" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "android", "vendor": "google", "versions": [ { "status": "affected", "version": "11" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "12l" }, { "status": "affected", "version": "13" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-35675", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T14:14:21.302181Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T14:30:04.570Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-11T20:16:42.742Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/c1cf4b9746c9641190730172522324ccd5b8c914" }, { "url": "https://source.android.com/security/bulletin/2023-09-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-35675", "datePublished": "2023-09-11T20:09:53.771Z", "dateReserved": "2023-06-15T02:50:31.872Z", "dateUpdated": "2024-09-26T14:30:04.570Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30717
Vulnerability from cvelistv5
Published
2023-09-06 03:12
Modified
2024-09-26 15:26
Severity ?
EPSS score ?
Summary
Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Samsung Mobile | Samsung Mobile Devices |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:37:14.709Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-30717", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T15:02:46.260302Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T15:26:25.466Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Samsung Mobile Devices", "vendor": "Samsung Mobile", "versions": [ { "status": "unaffected", "version": "SMR Sep-2023 Release in Android 11, 12, 13" } ] } ], "descriptions": [ { "lang": "en", "value": "Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-269 Improper Privilege Management", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-06T03:12:03.892Z", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile" }, "references": [ { "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ] } }, "cveMetadata": { "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2023-30717", "datePublished": "2023-09-06T03:12:03.892Z", "dateReserved": "2023-04-14T01:59:51.136Z", "dateUpdated": "2024-09-26T15:26:25.466Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30712
Vulnerability from cvelistv5
Published
2023-09-06 03:11
Modified
2024-09-26 15:32
Severity ?
EPSS score ?
Summary
Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Samsung Mobile | Samsung Mobile Devices |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:37:14.823Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-30712", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T15:06:14.744234Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T15:32:09.914Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Samsung Mobile Devices", "vendor": "Samsung Mobile", "versions": [ { "status": "unaffected", "version": "SMR Sep-2023 Release in Android 13" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-20: Improper Input Validation", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-06T03:11:58.480Z", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile" }, "references": [ { "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ] } }, "cveMetadata": { "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2023-30712", "datePublished": "2023-09-06T03:11:58.480Z", "dateReserved": "2023-04-14T01:59:51.136Z", "dateUpdated": "2024-09-26T15:32:09.914Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30718
Vulnerability from cvelistv5
Published
2023-09-06 03:12
Modified
2024-09-26 15:26
Severity ?
EPSS score ?
Summary
Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Samsung Mobile | Samsung Mobile Devices |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:37:14.788Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-30718", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T15:02:37.336328Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T15:26:12.131Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Samsung Mobile Devices", "vendor": "Samsung Mobile", "versions": [ { "status": "unaffected", "version": "SMR Sep-2023 Release in Android 13" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-926: Improper Export of Android Application Components", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-06T03:12:04.918Z", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile" }, "references": [ { "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ] } }, "cveMetadata": { "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2023-30718", "datePublished": "2023-09-06T03:12:04.918Z", "dateReserved": "2023-04-14T01:59:51.137Z", "dateUpdated": "2024-09-26T15:26:12.131Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35671
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-09-26 14:34
Severity ?
EPSS score ?
Summary
In onHostEmulationData of HostEmulationManager.java, there is a possible way for a general purpose NFC reader to read the full card number and expiry details when the device is in locked screen mode due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:30:43.985Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/packages/apps/Nfc/+/745632835f3d97513a9c2a96e56e1dc06c4e4176" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-09-01" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "android", "vendor": "google", "versions": [ { "status": "affected", "version": "11" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "12l" }, { "status": "affected", "version": "13" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-35671", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T14:20:23.873620Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-26T14:34:53.613Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In onHostEmulationData of HostEmulationManager.java, there is a possible way for a general purpose NFC reader to read the full card number and expiry details when the device is in locked screen mode due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-11T20:16:41.672Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/packages/apps/Nfc/+/745632835f3d97513a9c2a96e56e1dc06c4e4176" }, { "url": "https://source.android.com/security/bulletin/2023-09-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-35671", "datePublished": "2023-09-11T20:09:53.198Z", "dateReserved": "2023-06-15T02:50:29.819Z", "dateUpdated": "2024-09-26T14:34:53.613Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35673
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-09-26 14:33
Severity ?
EPSS score ?
Summary
In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:30:44.602Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/8770c07c102c7fdc74626dc717acc8f6dd1c92cc" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-09-01" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "android", "vendor": "google", "versions": [ { "status": "affected", "version": "11" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "12l" }, { "status": "affected", "version": "13" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-35673", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T14:17:07.882223Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T14:33:31.585Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-11T20:16:42.035Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/8770c07c102c7fdc74626dc717acc8f6dd1c92cc" }, { "url": "https://source.android.com/security/bulletin/2023-09-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-35673", "datePublished": "2023-09-11T20:09:53.391Z", "dateReserved": "2023-06-15T02:50:29.820Z", "dateUpdated": "2024-09-26T14:33:31.585Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30708
Vulnerability from cvelistv5
Published
2023-09-06 03:11
Modified
2024-09-26 15:27
Severity ?
EPSS score ?
Summary
Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 allows attacker to access Captive Portal Wi-Fi in Reactivation Lock status.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Samsung Mobile | Samsung Mobile Devices |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:37:15.564Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-30708", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T15:10:18.364327Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T15:27:02.874Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Samsung Mobile Devices", "vendor": "Samsung Mobile", "versions": [ { "status": "unaffected", "version": "SMR Sep-2023 Release in Android 11, 12, 13" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 allows attacker to access Captive Portal Wi-Fi in Reactivation Lock status." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "PHYSICAL", "availabilityImpact": "HIGH", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-287: Improper Authentication", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-06T03:11:54.441Z", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile" }, "references": [ { "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ] } }, "cveMetadata": { "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2023-30708", "datePublished": "2023-09-06T03:11:54.441Z", "dateReserved": "2023-04-14T01:59:51.130Z", "dateUpdated": "2024-09-26T15:27:02.874Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35679
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-09-26 15:45
Severity ?
EPSS score ?
Summary
In MtpPropertyValue of MtpProperty.h, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:30:44.354Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/av/+/ea6131efa76a0b2a12724ffd157909e2c6fb4036" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-09-01" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-35679", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T15:45:10.737790Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T15:45:20.974Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In MtpPropertyValue of MtpProperty.h, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Information disclosure", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-11T20:16:43.809Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/frameworks/av/+/ea6131efa76a0b2a12724ffd157909e2c6fb4036" }, { "url": "https://source.android.com/security/bulletin/2023-09-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-35679", "datePublished": "2023-09-11T20:09:54.343Z", "dateReserved": "2023-06-15T02:50:31.872Z", "dateUpdated": "2024-09-26T15:45:20.974Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-40353
Vulnerability from cvelistv5
Published
2023-09-08 00:00
Modified
2024-09-26 17:52
Severity ?
EPSS score ?
Summary
An issue was discovered in Exynos Mobile Processor 980 and 2100. An integer overflow at a buffer index can prevent the execution of requested services via a crafted application.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T18:31:53.590Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-40353", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T17:52:07.923037Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T17:52:15.819Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "product": "n/a", "vendor": "n/a", "versions": [ { "status": "affected", "version": "n/a" } ] } ], "descriptions": [ { "lang": "en", "value": "An issue was discovered in Exynos Mobile Processor 980 and 2100. An integer overflow at a buffer index can prevent the execution of requested services via a crafted application." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AC:L/AV:L/A:L/C:N/I:N/PR:H/S:U/UI:R", "version": "3.1" } } ], "problemTypes": [ { "descriptions": [ { "description": "n/a", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-08T02:05:30.635208", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre" }, "references": [ { "url": "https://semiconductor.samsung.com/support/quality-support/product-security-updates/" } ] } }, "cveMetadata": { "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2023-40353", "datePublished": "2023-09-08T00:00:00", "dateReserved": "2023-08-14T00:00:00", "dateUpdated": "2024-09-26T17:52:15.819Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35669
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-09-26 14:25
Severity ?
EPSS score ?
Summary
In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:30:44.426Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/frameworks/base/+/f810d81839af38ee121c446105ca67cb12992fc6" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-09-01" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "android", "vendor": "google", "versions": [ { "status": "affected", "version": "11" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "12l" }, { "status": "affected", "version": "13" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-35669", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T14:22:25.092966Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T14:25:51.263Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-11T20:16:40.959Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/frameworks/base/+/f810d81839af38ee121c446105ca67cb12992fc6" }, { "url": "https://source.android.com/security/bulletin/2023-09-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-35669", "datePublished": "2023-09-11T20:09:52.808Z", "dateReserved": "2023-06-15T02:50:29.819Z", "dateUpdated": "2024-09-26T14:25:51.263Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2022-40510
Vulnerability from cvelistv5
Published
2023-08-08 09:14
Modified
2024-08-03 12:21
Severity ?
EPSS score ?
Summary
Buffer copy without checking size of input in Audio.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Qualcomm, Inc. | Snapdragon |
{ "containers": { "adp": [ { "affected": [ { "cpes": [ "cpe:2.3:o:qualcomm:apq8009_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "apq8009_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:apq8009w_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "apq8009w_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:apq8017_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "apq8017_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:apq8037_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "apq8037_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:apq8064au_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "apq8064au_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:apq8076_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "apq8076_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "apq8096au_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "aqt1000_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:ar8031_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ar8031_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "ar8035_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:csra6620_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "csra6620_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:csra6640_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "csra6640_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:csrb31024_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "csrb31024_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mdm8207_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mdm9150_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mdm9206_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:mdm9207_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mdm9207_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:mdm9250_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mdm9250_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mdm9607_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:mdm9628_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mdm9628_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mdm9640_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "mdm9650_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:msm8108_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "msm8108_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:msm8208_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "msm8208_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:msm8209_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "msm8209_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:msm8608_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "msm8608_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "msm8909w_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:msm8917_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "msm8917_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:msm8920_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "msm8920_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:msm8937_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "msm8937_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:msm8940_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "msm8940_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "msm8996au_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:pm8937_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "pm8937_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qam8295p_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca4020_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca4020_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6174a_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6310_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6310_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6320_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6320_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6335_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6335_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6390_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6391_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6420_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6420_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6421_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6421_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6426_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6430_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6430_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6431_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6431_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6436_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6564a_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6564a_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6564au_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6564au_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6574_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6574_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6574a_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6574au_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6584au_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6595_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6595au_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca6696_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca8081_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca8337_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca9367_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca9367_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca9377_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca9379_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca9379_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qca9984_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qca9984_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qcc5100_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qcc5100_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qcm2290_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qcm2290_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qcm4290_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qcm6125_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qcm6490_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qcn6024_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qcn6024_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qcn9011_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qcn9011_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qcn9012_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qcn9012_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qcn9024_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qcn9024_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qcn9074_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qcn9074_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qcs2290_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qcs2290_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qcs405_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qcs410_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qcs4290_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qcs603_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qcs603_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qcs605_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qcs610_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qcs6125_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qcs6490_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qcx315_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qcx315_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qrb5165_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qrb5165_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qrb5165m_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qrb5165m_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qrb5165n_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qrb5165n_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qsm8250_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qsm8250_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:qualcomm215_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "qualcomm215_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sa415m_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sa415m_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sa515m_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sa515m_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sa6145p_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sa6155_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sa6155p_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sa8150p_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sa8155_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sa8155_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sa8155p_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sa8195p_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sa8295p_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd_455_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd_455_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd_636_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd_675_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd_8_gen1_5g_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd_8cx_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd_8cx_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd_8cx_gen2_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd_8cx_gen2_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd_8cx_gen3_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd_8cx_gen3_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd205_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd210_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd429_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd429_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd439_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd439_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd450_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd450_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd460_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd460_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd480_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd480_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd625_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd625_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd626_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd626_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd632_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd632_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd660_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd660_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd662_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd662_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd665_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd665_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd670_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd670_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd675_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd675_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd678_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd678_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd680_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd680_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd690_5g_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd690_5g_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd695_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd695_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd710_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd710_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd712_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd712_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd720g_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd720g_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd730_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd730_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd750g_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd750g_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd765_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd765_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd765g_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd765g_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd768g_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd768g_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd778g_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd778g_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd780g_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd780g_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd7c_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd7c_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd820_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd820_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd835_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd835_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd845_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd845_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd850_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd850_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd855_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd855_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd865_5g_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd870_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd870_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sd888_5g_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sd888_5g_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sda429w_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sda429w_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sdm429w_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sdm630_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sdw2500_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sdw2500_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sdx12_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sdx12_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sdx20_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sdx24_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sdx50m_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sdx50m_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sdx55_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sdx55m_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sdx65_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sdx65_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sdxr1_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sdxr1_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sdxr2_5g_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sdxr2_5g_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sm4125_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sm4125_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sm4375_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sm4375_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sm6250_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sm6250p_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sm6250p_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sm7250p_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sm7325p_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sm7325p_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sw5100_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sw5100p_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:sxr2150p_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "sxr2150p_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcd9306_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcd9326_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcd9326_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcd9330_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcd9335_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcd9335_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcd9340_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcd9341_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcd9360_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcd9360_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcd9370_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcd9371_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcd9371_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcd9375_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcd9380_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcd9385_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn3610_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn3610_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn3615_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn3615_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn3620_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn3620_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn3660_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn3660_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn3660b_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn3680_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn3680_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn3680b_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn3680b_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn3910_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn3910_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn3950_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn3980_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn3988_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn3990_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn3990_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn3991_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn3998_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn3999_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn3999_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn6740_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn6740_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn6750_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn6850_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn6851_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn6855_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn6856_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn7850_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn7850_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wcn7851_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wcn7851_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wsa8810_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wsa8815_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wsa8830_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] }, { "cpes": [ "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "wsa8835_firmware", "vendor": "qualcomm", "versions": [ { "lessThanOrEqual": "*", "status": "affected", "version": "0", "versionType": "custom" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2022-40510", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-07-11T20:14:19.816575Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-07-11T20:14:29.686Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" }, { "providerMetadata": { "dateUpdated": "2024-08-03T12:21:46.162Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "platforms": [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Connectivity", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon IoT", "Snapdragon Mobile", "Snapdragon Voice \u0026 Music", "Snapdragon Wearables", "Snapdragon Wired Infrastructure and Networking" ], "product": "Snapdragon", "vendor": "Qualcomm, Inc.", "versions": [ { "status": "affected", "version": "APQ8009" }, { "status": "affected", "version": "APQ8009W" }, { "status": "affected", "version": "APQ8017" }, { "status": "affected", "version": "APQ8037" }, { "status": "affected", "version": "APQ8064AU" }, { "status": "affected", "version": "APQ8076" }, { "status": "affected", "version": "APQ8096AU" }, { "status": "affected", "version": "AQT1000" }, { "status": "affected", "version": "AR8031" }, { "status": "affected", "version": "AR8035" }, { "status": "affected", "version": "CSRA6620" }, { "status": "affected", "version": "CSRA6640" }, { "status": "affected", "version": "CSRB31024" }, { "status": "affected", "version": "MDM8207" }, { "status": "affected", "version": "MDM9150" }, { "status": "affected", "version": "MDM9206" }, { "status": "affected", "version": "MDM9207" }, { "status": "affected", "version": "MDM9250" }, { "status": "affected", "version": "MDM9607" }, { "status": "affected", "version": "MDM9628" }, { "status": "affected", "version": "MDM9640" }, { "status": "affected", "version": "MDM9650" }, { "status": "affected", "version": "MSM8108" }, { "status": "affected", "version": "MSM8208" }, { "status": "affected", "version": "MSM8209" }, { "status": "affected", "version": "MSM8608" }, { "status": "affected", "version": "MSM8909W" }, { "status": "affected", "version": "MSM8917" }, { "status": "affected", "version": "MSM8920" }, { "status": "affected", "version": "MSM8937" }, { "status": "affected", "version": "MSM8940" }, { "status": "affected", "version": "MSM8996AU" }, { "status": "affected", "version": "PM8937" }, { "status": "affected", "version": "QAM8295P" }, { "status": "affected", "version": "QCA4020" }, { "status": "affected", "version": "QCA6174A" }, { "status": "affected", "version": "QCA6310" }, { "status": "affected", "version": "QCA6320" }, { "status": "affected", "version": "QCA6335" }, { "status": "affected", "version": "QCA6390" }, { "status": "affected", "version": "QCA6391" }, { "status": "affected", "version": "QCA6420" }, { "status": "affected", "version": "QCA6421" }, { "status": "affected", "version": "QCA6426" }, { "status": "affected", "version": "QCA6430" }, { "status": "affected", "version": "QCA6431" }, { "status": "affected", "version": "QCA6436" }, { "status": "affected", "version": "QCA6564A" }, { "status": "affected", "version": "QCA6564AU" }, { "status": "affected", "version": "QCA6574" }, { "status": "affected", "version": "QCA6574A" }, { "status": "affected", "version": "QCA6574AU" }, { "status": "affected", "version": "QCA6584AU" }, { "status": "affected", "version": "QCA6595" }, { "status": "affected", "version": "QCA6595AU" }, { "status": "affected", "version": "QCA6696" }, { "status": "affected", "version": "QCA8081" }, { "status": "affected", "version": "QCA8337" }, { "status": "affected", "version": "QCA9367" }, { "status": "affected", "version": "QCA9377" }, { "status": "affected", "version": "QCA9379" }, { "status": "affected", "version": "QCA9984" }, { "status": "affected", "version": "QCC5100" }, { "status": "affected", "version": "QCM2290" }, { "status": "affected", "version": "QCM4290" }, { "status": "affected", "version": "QCM6125" }, { "status": "affected", "version": "QCM6490" }, { "status": "affected", "version": "QCN6024" }, { "status": "affected", "version": "QCN9011" }, { "status": "affected", "version": "QCN9012" }, { "status": "affected", "version": "QCN9024" }, { "status": "affected", "version": "QCN9074" }, { "status": "affected", "version": "QCS2290" }, { "status": "affected", "version": "QCS405" }, { "status": "affected", "version": "QCS410" }, { "status": "affected", "version": "QCS4290" }, { "status": "affected", "version": "QCS603" }, { "status": "affected", "version": "QCS605" }, { "status": "affected", "version": "QCS610" }, { "status": "affected", "version": "QCS6125" }, { "status": "affected", "version": "QCS6490" }, { "status": "affected", "version": "QCX315" }, { "status": "affected", "version": "QRB5165" }, { "status": "affected", "version": "QRB5165M" }, { "status": "affected", "version": "QRB5165N" }, { "status": "affected", "version": "QSM8250" }, { "status": "affected", "version": "Qualcomm215" }, { "status": "affected", "version": "SA415M" }, { "status": "affected", "version": "SA515M" }, { "status": "affected", "version": "SA6145P" }, { "status": "affected", "version": "SA6155" }, { "status": "affected", "version": "SA6155P" }, { "status": "affected", "version": "SA8150P" }, { "status": "affected", "version": "SA8155" }, { "status": "affected", "version": "SA8155P" }, { "status": "affected", "version": "SA8195P" }, { "status": "affected", "version": "SA8295P" }, { "status": "affected", "version": "SC8180X+SDX55" }, { "status": "affected", "version": "SD 455" }, { "status": "affected", "version": "SD 636" }, { "status": "affected", "version": "SD 675" }, { "status": "affected", "version": "SD 8 Gen1 5G" }, { "status": "affected", "version": "SD 8CX" }, { "status": "affected", "version": "SD 8cx Gen2" }, { "status": "affected", "version": "SD 8cx Gen3" }, { "status": "affected", "version": "SD205" }, { "status": "affected", "version": "SD210" }, { "status": "affected", "version": "SD429" }, { "status": "affected", "version": "SD439" }, { "status": "affected", "version": "SD450" }, { "status": "affected", "version": "SD460" }, { "status": "affected", "version": "SD480" }, { "status": "affected", "version": "SD625" }, { "status": "affected", "version": "SD626" }, { "status": "affected", "version": "SD632" }, { "status": "affected", "version": "SD660" }, { "status": "affected", "version": "SD662" }, { "status": "affected", "version": "SD665" }, { "status": "affected", "version": "SD670" }, { "status": "affected", "version": "SD675" }, { "status": "affected", "version": "SD678" }, { "status": "affected", "version": "SD680" }, { "status": "affected", "version": "SD690 5G" }, { "status": "affected", "version": "SD695" }, { "status": "affected", "version": "SD710" }, { "status": "affected", "version": "SD712" }, { "status": "affected", "version": "SD720G" }, { "status": "affected", "version": "SD730" }, { "status": "affected", "version": "SD750G" }, { "status": "affected", "version": "SD765" }, { "status": "affected", "version": "SD765G" }, { "status": "affected", "version": "SD768G" }, { "status": "affected", "version": "SD778G" }, { "status": "affected", "version": "SD780G" }, { "status": "affected", "version": "SD7c" }, { "status": "affected", "version": "SD820" }, { "status": "affected", "version": "SD835" }, { "status": "affected", "version": "SD845" }, { "status": "affected", "version": "SD850" }, { "status": "affected", "version": "SD855" }, { "status": "affected", "version": "SD865 5G" }, { "status": "affected", "version": "SD870" }, { "status": "affected", "version": "SD888 5G" }, { "status": "affected", "version": "SDA429W" }, { "status": "affected", "version": "SDM429W" }, { "status": "affected", "version": "SDM630" }, { "status": "affected", "version": "SDW2500" }, { "status": "affected", "version": "SDX12" }, { "status": "affected", "version": "SDX20" }, { "status": "affected", "version": "SDX24" }, { "status": "affected", "version": "SDX50M" }, { "status": "affected", "version": "SDX55" }, { "status": "affected", "version": "SDX55M" }, { "status": "affected", "version": "SDX65" }, { "status": "affected", "version": "SDXR1" }, { "status": "affected", "version": "SDXR2 5G" }, { "status": "affected", "version": "SM4125" }, { "status": "affected", "version": "SM4375" }, { "status": "affected", "version": "SM6250" }, { "status": "affected", "version": "SM6250P" }, { "status": "affected", "version": "SM7250P" }, { "status": "affected", "version": "SM7325P" }, { "status": "affected", "version": "SW5100" }, { "status": "affected", "version": "SW5100P" }, { "status": "affected", "version": "SXR2150P" }, { "status": "affected", "version": "WCD9306" }, { "status": "affected", "version": "WCD9326" }, { "status": "affected", "version": "WCD9330" }, { "status": "affected", "version": "WCD9335" }, { "status": "affected", "version": "WCD9340" }, { "status": "affected", "version": "WCD9341" }, { "status": "affected", "version": "WCD9360" }, { "status": "affected", "version": "WCD9370" }, { "status": "affected", "version": "WCD9371" }, { "status": "affected", "version": "WCD9375" }, { "status": "affected", "version": "WCD9380" }, { "status": "affected", "version": "WCD9385" }, { "status": "affected", "version": "WCN3610" }, { "status": "affected", "version": "WCN3615" }, { "status": "affected", "version": "WCN3620" }, { "status": "affected", "version": "WCN3660" }, { "status": "affected", "version": "WCN3660B" }, { "status": "affected", "version": "WCN3680" }, { "status": "affected", "version": "WCN3680B" }, { "status": "affected", "version": "WCN3910" }, { "status": "affected", "version": "WCN3950" }, { "status": "affected", "version": "WCN3980" }, { "status": "affected", "version": "WCN3988" }, { "status": "affected", "version": "WCN3990" }, { "status": "affected", "version": "WCN3991" }, { "status": "affected", "version": "WCN3998" }, { "status": "affected", "version": "WCN3999" }, { "status": "affected", "version": "WCN6740" }, { "status": "affected", "version": "WCN6750" }, { "status": "affected", "version": "WCN6850" }, { "status": "affected", "version": "WCN6851" }, { "status": "affected", "version": "WCN6855" }, { "status": "affected", "version": "WCN6856" }, { "status": "affected", "version": "WCN7850" }, { "status": "affected", "version": "WCN7851" }, { "status": "affected", "version": "WSA8810" }, { "status": "affected", "version": "WSA8815" }, { "status": "affected", "version": "WSA8830" }, { "status": "affected", "version": "WSA8835" } ] } ], "descriptions": [ { "lang": "en", "value": "Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "format": "CVSS", "scenarios": [ { "lang": "en", "value": "GENERAL" } ] } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-457", "description": "CWE-457 Use of Uninitialized Variable", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-04-12T16:23:19.699Z", "orgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "shortName": "qualcomm" }, "references": [ { "url": "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin" } ], "title": "Buffer copy without checking size of input in Audio." } }, "cveMetadata": { "assignerOrgId": "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", "assignerShortName": "qualcomm", "cveId": "CVE-2022-40510", "datePublished": "2023-08-08T09:14:48.400Z", "dateReserved": "2022-09-12T09:37:28.414Z", "dateUpdated": "2024-08-03T12:21:46.162Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30721
Vulnerability from cvelistv5
Published
2023-09-06 03:12
Modified
2024-09-26 15:25
Severity ?
EPSS score ?
Summary
Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Samsung Mobile | Samsung Mobile Devices |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:37:14.872Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-30721", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T14:57:04.216557Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T15:25:23.654Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Samsung Mobile Devices", "vendor": "Samsung Mobile", "versions": [ { "status": "unaffected", "version": "SMR Sep-2023 Release in Android 11, 12, 13" } ] } ], "descriptions": [ { "lang": "en", "value": "Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-532 Insertion of Sensitive Information into Log File", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-06T03:12:08.181Z", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile" }, "references": [ { "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ] } }, "cveMetadata": { "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2023-30721", "datePublished": "2023-09-06T03:12:08.181Z", "dateReserved": "2023-04-14T01:59:51.137Z", "dateUpdated": "2024-09-26T15:25:23.654Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35677
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-10-29 17:52
Severity ?
EPSS score ?
Summary
In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:30:44.175Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/packages/apps/Settings/+/846180c19f68f6fb1b0653356401d3235fef846e" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-09-01" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-35677", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T15:44:29.953339Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-10-29T17:52:42.588Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Denial of service", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-11T20:16:43.440Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/packages/apps/Settings/+/846180c19f68f6fb1b0653356401d3235fef846e" }, { "url": "https://source.android.com/security/bulletin/2023-09-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-35677", "datePublished": "2023-09-11T20:09:54.167Z", "dateReserved": "2023-06-15T02:50:31.872Z", "dateUpdated": "2024-10-29T17:52:42.588Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35682
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-08-02 16:30
Severity ?
EPSS score ?
Summary
In hasPermissionForActivity of PackageManagerHelper.java, there is a possible way to start arbitrary components due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:30:44.577Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/packages/apps/Launcher3/+/09f8b0e52e45a0b39bab457534ba2e5ae91ffad0" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-09-01" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In hasPermissionForActivity of PackageManagerHelper.java, there is a possible way to start arbitrary components due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-11T20:16:44.869Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/packages/apps/Launcher3/+/09f8b0e52e45a0b39bab457534ba2e5ae91ffad0" }, { "url": "https://source.android.com/security/bulletin/2023-09-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-35682", "datePublished": "2023-09-11T20:09:54.893Z", "dateReserved": "2023-06-15T02:50:31.873Z", "dateUpdated": "2024-08-02T16:30:44.577Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35681
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-09-26 15:46
Severity ?
EPSS score ?
Summary
In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:30:43.905Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/d8d95291f16a8f18f8ffbd6322c14686897c5730" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-09-01" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-35681", "options": [ { "Exploitation": "none" }, { "Automatable": "yes" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T15:46:14.631547Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T15:46:22.621Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" } ] } ], "descriptions": [ { "lang": "en", "value": "In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Remote code execution", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-11T20:16:44.515Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/d8d95291f16a8f18f8ffbd6322c14686897c5730" }, { "url": "https://source.android.com/security/bulletin/2023-09-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-35681", "datePublished": "2023-09-11T20:09:54.702Z", "dateReserved": "2023-06-15T02:50:31.873Z", "dateUpdated": "2024-09-26T15:46:22.621Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-35667
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-09-26 14:47
Severity ?
EPSS score ?
Summary
In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T16:30:43.949Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://android.googlesource.com/platform/packages/apps/Settings/+/d8355ac47e068ad20c6a7b1602e72f0585ec0085" }, { "tags": [ "x_transferred" ], "url": "https://source.android.com/security/bulletin/2023-09-01" } ], "title": "CVE Program Container" }, { "affected": [ { "cpes": [ "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*" ], "defaultStatus": "unknown", "product": "android", "vendor": "google", "versions": [ { "status": "affected", "version": "11" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "12l" }, { "status": "affected", "version": "13" } ] } ], "metrics": [ { "other": { "content": { "id": "CVE-2023-35667", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "total" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T14:37:12.151553Z", "version": "2.0.3" }, "type": "ssvc" } } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-269", "description": "CWE-269 Improper Privilege Management", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2024-09-26T14:47:51.656Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "unaffected", "product": "Android", "vendor": "Google", "versions": [ { "status": "affected", "version": "13" }, { "status": "affected", "version": "12L" }, { "status": "affected", "version": "12" }, { "status": "affected", "version": "11" } ] } ], "descriptions": [ { "lang": "en", "value": "In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation." } ], "problemTypes": [ { "descriptions": [ { "description": "Elevation of privilege", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-11T20:16:40.586Z", "orgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "shortName": "google_android" }, "references": [ { "url": "https://android.googlesource.com/platform/packages/apps/Settings/+/d8355ac47e068ad20c6a7b1602e72f0585ec0085" }, { "url": "https://source.android.com/security/bulletin/2023-09-01" } ] } }, "cveMetadata": { "assignerOrgId": "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", "assignerShortName": "google_android", "cveId": "CVE-2023-35667", "datePublished": "2023-09-11T20:09:52.613Z", "dateReserved": "2023-06-15T02:50:29.819Z", "dateUpdated": "2024-09-26T14:47:51.656Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2023-30713
Vulnerability from cvelistv5
Published
2023-09-06 03:11
Modified
2024-09-26 15:31
Severity ?
EPSS score ?
Summary
Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock.
References
Impacted products
▼ | Vendor | Product |
---|---|---|
Samsung Mobile | Samsung Mobile Devices |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-02T14:37:14.608Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_transferred" ], "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ], "title": "CVE Program Container" }, { "metrics": [ { "other": { "content": { "id": "CVE-2023-30713", "options": [ { "Exploitation": "none" }, { "Automatable": "no" }, { "Technical Impact": "partial" } ], "role": "CISA Coordinator", "timestamp": "2024-09-26T15:03:28.588370Z", "version": "2.0.3" }, "type": "ssvc" } } ], "providerMetadata": { "dateUpdated": "2024-09-26T15:31:06.371Z", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP" }, "title": "CISA ADP Vulnrichment" } ], "cna": { "affected": [ { "defaultStatus": "affected", "product": "Samsung Mobile Devices", "vendor": "Samsung Mobile", "versions": [ { "status": "unaffected", "version": "SMR Sep-2023 Release in Selected Android 11, 12, 13 devices" } ] } ], "descriptions": [ { "lang": "en", "value": "Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock." } ], "metrics": [ { "cvssV3_1": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "format": "CVSS" } ], "problemTypes": [ { "descriptions": [ { "description": "CWE-269: Improper Privilege Management", "lang": "en" } ] } ], "providerMetadata": { "dateUpdated": "2023-09-06T03:11:59.465Z", "orgId": "3af57064-a867-422c-b2ad-40307b65c458", "shortName": "Samsung Mobile" }, "references": [ { "url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2023\u0026month=09" } ] } }, "cveMetadata": { "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458", "assignerShortName": "Samsung Mobile", "cveId": "CVE-2023-30713", "datePublished": "2023-09-06T03:11:59.465Z", "dateReserved": "2023-04-14T01:59:51.136Z", "dateUpdated": "2024-09-26T15:31:06.371Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
Loading...
Loading...
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.