Action not permitted
Modal body text goes here.
Modal Title
Modal Body
WID-SEC-W-2023-2272
Vulnerability from csaf_certbund
Published
2023-09-05 22:00
Modified
2023-09-05 22:00
Summary
Samsung Android: Mehrere Schwachstellen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Das Android Betriebssystem ist eine quelloffene Plattform für mobile Geräte. Die Basis bildet der Linux-Kernel.
Angriff
Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Samsung Android ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen.
Betroffene Betriebssysteme
- Android
{ document: { aggregate_severity: { text: "hoch", }, category: "csaf_base", csaf_version: "2.0", distribution: { tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "de-DE", notes: [ { category: "legal_disclaimer", text: "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.", }, { category: "description", text: "Das Android Betriebssystem ist eine quelloffene Plattform für mobile Geräte. Die Basis bildet der Linux-Kernel.", title: "Produktbeschreibung", }, { category: "summary", text: "Ein entfernter anonymer Angreifer kann mehrere Schwachstellen in Samsung Android ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen.", title: "Angriff", }, { category: "general", text: "- Android", title: "Betroffene Betriebssysteme", }, ], publisher: { category: "other", contact_details: "csaf-provider@cert-bund.de", name: "Bundesamt für Sicherheit in der Informationstechnik", namespace: "https://www.bsi.bund.de", }, references: [ { category: "self", summary: "WID-SEC-W-2023-2272 - CSAF Version", url: "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2272.json", }, { category: "self", summary: "WID-SEC-2023-2272 - Portal Version", url: "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2272", }, { category: "external", summary: "Samsung Security Advisory vom 2023-09-05", url: "https://security.samsungmobile.com/securityUpdate.smsb", }, ], source_lang: "en-US", title: "Samsung Android: Mehrere Schwachstellen", tracking: { current_release_date: "2023-09-05T22:00:00.000+00:00", generator: { date: "2024-08-15T17:58:05.198+00:00", engine: { name: "BSI-WID", version: "1.3.5", }, }, id: "WID-SEC-W-2023-2272", initial_release_date: "2023-09-05T22:00:00.000+00:00", revision_history: [ { date: "2023-09-05T22:00:00.000+00:00", number: "1", summary: "Initiale Fassung", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { category: "product_name", name: "Samsung Android <= 13", product: { name: "Samsung Android <= 13", product_id: "T029730", product_identification_helper: { cpe: "cpe:/o:samsung:android:13", }, }, }, ], category: "vendor", name: "Samsung", }, ], }, vulnerabilities: [ { cve: "CVE-2023-40353", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-40353", }, { cve: "CVE-2023-37377", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-37377", }, { cve: "CVE-2023-37368", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-37368", }, { cve: "CVE-2023-37367", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-37367", }, { cve: "CVE-2023-35687", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-35687", }, { cve: "CVE-2023-35684", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-35684", }, { cve: "CVE-2023-35683", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-35683", }, { cve: "CVE-2023-35682", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-35682", }, { cve: "CVE-2023-35681", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-35681", }, { cve: "CVE-2023-35679", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-35679", }, { cve: "CVE-2023-35677", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-35677", }, { cve: "CVE-2023-35676", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-35676", }, { cve: "CVE-2023-35675", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-35675", }, { cve: "CVE-2023-35674", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-35674", }, { cve: "CVE-2023-35673", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-35673", }, { cve: "CVE-2023-35671", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-35671", }, { cve: "CVE-2023-35670", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-35670", }, { cve: "CVE-2023-35669", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-35669", }, { cve: "CVE-2023-35667", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-35667", }, { cve: "CVE-2023-35666", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-35666", }, { cve: "CVE-2023-35658", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-35658", }, { cve: "CVE-2023-30721", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-30721", }, { cve: "CVE-2023-30720", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-30720", }, { cve: "CVE-2023-30719", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-30719", }, { cve: "CVE-2023-30718", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-30718", }, { cve: "CVE-2023-30717", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-30717", }, { cve: "CVE-2023-30716", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-30716", }, { cve: "CVE-2023-30715", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-30715", }, { cve: "CVE-2023-30714", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-30714", }, { cve: "CVE-2023-30713", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-30713", }, { cve: "CVE-2023-30712", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-30712", }, { cve: "CVE-2023-30711", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-30711", }, { cve: "CVE-2023-30710", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-30710", }, { cve: "CVE-2023-30709", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-30709", }, { cve: "CVE-2023-30708", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-30708", }, { cve: "CVE-2023-30707", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-30707", }, { cve: "CVE-2023-30706", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-30706", }, { cve: "CVE-2023-21626", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-21626", }, { cve: "CVE-2023-21135", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-21135", }, { cve: "CVE-2023-21118", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-21118", }, { cve: "CVE-2023-20780", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2023-20780", }, { cve: "CVE-2022-40510", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2022-40510", }, { cve: "CVE-2020-29374", notes: [ { category: "description", text: "Es bestehen mehrere Schwachstellen in Samsung Android. Diese Fehler bestehen unter anderem in Tastatur, SecSettings, Dual Messenger, Knox AI, Telefon- und Nachrichtenspeicher, Einstellungsvorschlägen, One UI Home und Wetter aufgrund einer unsachgemäßen Autorisierung, einer unsachgemäßen Eingabevalidierung, einer unsachgemäßen Authentifizierung, einer unsachgemäßen Eingabevalidierung und einer unsachgemäßen Zugriffskontrolle. Ein Angreifer kann diese Schwachstellen ausnutzen, um Dateien zu manipulieren, seine Privilegien zu erweitern, einen Denial-of-Service-Zustand zu verursachen, vertrauliche Informationen offenzulegen und beliebigen Code auszuführen. Für eine erfolgreiche Ausnutzung kann eine Benutzerinteraktion erforderlich sein.", }, ], product_status: { last_affected: [ "T029730", ], }, release_date: "2023-09-05T22:00:00.000+00:00", title: "CVE-2020-29374", }, ], }
cve-2023-30715
Vulnerability from cvelistv5
Published
2023-09-06 03:12
Modified
2024-09-26 15:30
Severity ?
EPSS score ?
Summary
Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:37:14.598Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-30715", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T15:02:58.944660Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:30:01.225Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Samsung Mobile Devices", vendor: "Samsung Mobile", versions: [ { status: "unaffected", version: "SMR Sep-2023 Release in Android 11, 12, 13", }, ], }, ], descriptions: [ { lang: "en", value: "Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { description: "CWE-284: Improper Access Control", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-06T03:12:01.797Z", orgId: "3af57064-a867-422c-b2ad-40307b65c458", shortName: "Samsung Mobile", }, references: [ { url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], }, }, cveMetadata: { assignerOrgId: "3af57064-a867-422c-b2ad-40307b65c458", assignerShortName: "Samsung Mobile", cveId: "CVE-2023-30715", datePublished: "2023-09-06T03:12:01.797Z", dateReserved: "2023-04-14T01:59:51.136Z", dateUpdated: "2024-09-26T15:30:01.225Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30713
Vulnerability from cvelistv5
Published
2023-09-06 03:11
Modified
2024-09-26 15:31
Severity ?
EPSS score ?
Summary
Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:37:14.608Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-30713", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T15:03:28.588370Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:31:06.371Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Samsung Mobile Devices", vendor: "Samsung Mobile", versions: [ { status: "unaffected", version: "SMR Sep-2023 Release in Selected Android 11, 12, 13 devices", }, ], }, ], descriptions: [ { lang: "en", value: "Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { description: "CWE-269: Improper Privilege Management", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-06T03:11:59.465Z", orgId: "3af57064-a867-422c-b2ad-40307b65c458", shortName: "Samsung Mobile", }, references: [ { url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], }, }, cveMetadata: { assignerOrgId: "3af57064-a867-422c-b2ad-40307b65c458", assignerShortName: "Samsung Mobile", cveId: "CVE-2023-30713", datePublished: "2023-09-06T03:11:59.465Z", dateReserved: "2023-04-14T01:59:51.136Z", dateUpdated: "2024-09-26T15:31:06.371Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30714
Vulnerability from cvelistv5
Published
2023-09-06 03:12
Modified
2024-09-26 15:30
Severity ?
EPSS score ?
Summary
Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:37:14.705Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-30714", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T15:03:14.768389Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:30:49.580Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Samsung Mobile Devices", vendor: "Samsung Mobile", versions: [ { status: "unaffected", version: "SMR Sep-2023 Release in Selected Android 11, 12, 13 devices", }, ], }, ], descriptions: [ { lang: "en", value: "Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "NONE", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { description: "CWE-285: Improper Authorization", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-06T03:12:00.735Z", orgId: "3af57064-a867-422c-b2ad-40307b65c458", shortName: "Samsung Mobile", }, references: [ { url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], }, }, cveMetadata: { assignerOrgId: "3af57064-a867-422c-b2ad-40307b65c458", assignerShortName: "Samsung Mobile", cveId: "CVE-2023-30714", datePublished: "2023-09-06T03:12:00.735Z", dateReserved: "2023-04-14T01:59:51.136Z", dateUpdated: "2024-09-26T15:30:49.580Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30710
Vulnerability from cvelistv5
Published
2023-09-06 03:11
Modified
2024-09-26 15:32
Severity ?
EPSS score ?
Summary
Improper input validation vulnerability in Knox AI prior to SMR Sep-2023 Release 1 allows local attackers to launch privileged activities.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:37:14.793Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-30710", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T15:10:04.632783Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:32:49.840Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Samsung Mobile Devices", vendor: "Samsung Mobile", versions: [ { status: "unaffected", version: "SMR Sep-2023 Release in Android 13", }, ], }, ], descriptions: [ { lang: "en", value: "Improper input validation vulnerability in Knox AI prior to SMR Sep-2023 Release 1 allows local attackers to launch privileged activities.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 8.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:L", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { description: "CWE-20 Improper Input Validation", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-06T03:11:56.455Z", orgId: "3af57064-a867-422c-b2ad-40307b65c458", shortName: "Samsung Mobile", }, references: [ { url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], }, }, cveMetadata: { assignerOrgId: "3af57064-a867-422c-b2ad-40307b65c458", assignerShortName: "Samsung Mobile", cveId: "CVE-2023-30710", datePublished: "2023-09-06T03:11:56.455Z", dateReserved: "2023-04-14T01:59:51.136Z", dateUpdated: "2024-09-26T15:32:49.840Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30711
Vulnerability from cvelistv5
Published
2023-09-06 03:11
Modified
2024-09-26 15:32
Severity ?
EPSS score ?
Summary
Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:37:15.130Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-30711", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T15:06:24.700603Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:32:33.325Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Samsung Mobile Devices", vendor: "Samsung Mobile", versions: [ { status: "unaffected", version: "SMR Sep-2023 Release in Android 11, 12, 13", }, ], }, ], descriptions: [ { lang: "en", value: "Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { description: "CWE-287: Improper Authentication", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-06T03:11:57.479Z", orgId: "3af57064-a867-422c-b2ad-40307b65c458", shortName: "Samsung Mobile", }, references: [ { url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], }, }, cveMetadata: { assignerOrgId: "3af57064-a867-422c-b2ad-40307b65c458", assignerShortName: "Samsung Mobile", cveId: "CVE-2023-30711", datePublished: "2023-09-06T03:11:57.479Z", dateReserved: "2023-04-14T01:59:51.136Z", dateUpdated: "2024-09-26T15:32:33.325Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30718
Vulnerability from cvelistv5
Published
2023-09-06 03:12
Modified
2024-09-26 15:26
Severity ?
EPSS score ?
Summary
Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:37:14.788Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-30718", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T15:02:37.336328Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:26:12.131Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Samsung Mobile Devices", vendor: "Samsung Mobile", versions: [ { status: "unaffected", version: "SMR Sep-2023 Release in Android 13", }, ], }, ], descriptions: [ { lang: "en", value: "Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { description: "CWE-926: Improper Export of Android Application Components", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-06T03:12:04.918Z", orgId: "3af57064-a867-422c-b2ad-40307b65c458", shortName: "Samsung Mobile", }, references: [ { url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], }, }, cveMetadata: { assignerOrgId: "3af57064-a867-422c-b2ad-40307b65c458", assignerShortName: "Samsung Mobile", cveId: "CVE-2023-30718", datePublished: "2023-09-06T03:12:04.918Z", dateReserved: "2023-04-14T01:59:51.137Z", dateUpdated: "2024-09-26T15:26:12.131Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35683
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-09-26 15:47
Severity ?
EPSS score ?
Summary
In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:30:44.641Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/23d156ed1bed6d2c2b325f0be540d0afca510c49", }, { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-09-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-35683", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T15:46:44.085863Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:47:01.584Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Android", vendor: "Google", versions: [ { status: "affected", version: "13", }, { status: "affected", version: "12L", }, { status: "affected", version: "12", }, { status: "affected", version: "11", }, ], }, ], descriptions: [ { lang: "en", value: "In bindSelection of DatabaseUtils.java, there is a possible way to access files from other applications due to SQL injection. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", }, ], problemTypes: [ { descriptions: [ { description: "Information disclosure", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-11T20:16:45.309Z", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/23d156ed1bed6d2c2b325f0be540d0afca510c49", }, { url: "https://source.android.com/security/bulletin/2023-09-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-35683", datePublished: "2023-09-11T20:09:55.077Z", dateReserved: "2023-06-15T02:50:31.873Z", dateUpdated: "2024-09-26T15:47:01.584Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35679
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-09-26 15:45
Severity ?
EPSS score ?
Summary
In MtpPropertyValue of MtpProperty.h, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:30:44.354Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://android.googlesource.com/platform/frameworks/av/+/ea6131efa76a0b2a12724ffd157909e2c6fb4036", }, { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-09-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-35679", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T15:45:10.737790Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:45:20.974Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Android", vendor: "Google", versions: [ { status: "affected", version: "13", }, { status: "affected", version: "12L", }, { status: "affected", version: "12", }, { status: "affected", version: "11", }, ], }, ], descriptions: [ { lang: "en", value: "In MtpPropertyValue of MtpProperty.h, there is a possible out of bounds read due to uninitialized data. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.", }, ], problemTypes: [ { descriptions: [ { description: "Information disclosure", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-11T20:16:43.809Z", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://android.googlesource.com/platform/frameworks/av/+/ea6131efa76a0b2a12724ffd157909e2c6fb4036", }, { url: "https://source.android.com/security/bulletin/2023-09-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-35679", datePublished: "2023-09-11T20:09:54.343Z", dateReserved: "2023-06-15T02:50:31.872Z", dateUpdated: "2024-09-26T15:45:20.974Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30717
Vulnerability from cvelistv5
Published
2023-09-06 03:12
Modified
2024-09-26 15:26
Severity ?
EPSS score ?
Summary
Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:37:14.709Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-30717", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T15:02:46.260302Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:26:25.466Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Samsung Mobile Devices", vendor: "Samsung Mobile", versions: [ { status: "unaffected", version: "SMR Sep-2023 Release in Android 11, 12, 13", }, ], }, ], descriptions: [ { lang: "en", value: "Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { description: "CWE-269 Improper Privilege Management", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-06T03:12:03.892Z", orgId: "3af57064-a867-422c-b2ad-40307b65c458", shortName: "Samsung Mobile", }, references: [ { url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], }, }, cveMetadata: { assignerOrgId: "3af57064-a867-422c-b2ad-40307b65c458", assignerShortName: "Samsung Mobile", cveId: "CVE-2023-30717", datePublished: "2023-09-06T03:12:03.892Z", dateReserved: "2023-04-14T01:59:51.136Z", dateUpdated: "2024-09-26T15:26:25.466Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30716
Vulnerability from cvelistv5
Published
2023-09-06 03:12
Modified
2024-09-26 15:26
Severity ?
EPSS score ?
Summary
Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:37:14.563Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-30716", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T15:02:53.462289Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:26:37.312Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Samsung Mobile Devices", vendor: "Samsung Mobile", versions: [ { status: "unaffected", version: "SMR Sep-2023 Release in Android 11, 12, 13", }, ], }, ], descriptions: [ { lang: "en", value: "Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { description: "CWE-269 Improper Privilege Management", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-06T03:12:02.855Z", orgId: "3af57064-a867-422c-b2ad-40307b65c458", shortName: "Samsung Mobile", }, references: [ { url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], }, }, cveMetadata: { assignerOrgId: "3af57064-a867-422c-b2ad-40307b65c458", assignerShortName: "Samsung Mobile", cveId: "CVE-2023-30716", datePublished: "2023-09-06T03:12:02.855Z", dateReserved: "2023-04-14T01:59:51.136Z", dateUpdated: "2024-09-26T15:26:37.312Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2020-29374
Vulnerability from cvelistv5
Published
2020-11-28 06:18
Modified
2024-08-04 16:48
Severity ?
EPSS score ?
Summary
An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugs.chromium.org/p/project-zero/issues/detail?id=2045 | x_refsource_MISC | |
| https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3 | x_refsource_MISC | |
| https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f | x_refsource_MISC | |
| https://security.netapp.com/advisory/ntap-20210115-0002/ | x_refsource_CONFIRM | |
| http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html | mailing-list, x_refsource_MLIST | |
| https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html | mailing-list, x_refsource_MLIST | |
| https://www.debian.org/security/2022/dsa-5096 | vendor-advisory, x_refsource_DEBIAN |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T16:48:01.979Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f", }, { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://security.netapp.com/advisory/ntap-20210115-0002/", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html", }, { name: "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", }, { name: "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", }, { name: "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", "x_transferred", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html", }, { name: "DSA-5096", tags: [ "vendor-advisory", "x_refsource_DEBIAN", "x_transferred", ], url: "https://www.debian.org/security/2022/dsa-5096", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-10T02:06:28", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045", }, { tags: [ "x_refsource_MISC", ], url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3", }, { tags: [ "x_refsource_MISC", ], url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f", }, { tags: [ "x_refsource_CONFIRM", ], url: "https://security.netapp.com/advisory/ntap-20210115-0002/", }, { tags: [ "x_refsource_MISC", ], url: "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html", }, { name: "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", }, { name: "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", }, { name: "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", tags: [ "mailing-list", "x_refsource_MLIST", ], url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html", }, { name: "DSA-5096", tags: [ "vendor-advisory", "x_refsource_DEBIAN", ], url: "https://www.debian.org/security/2022/dsa-5096", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2020-29374", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "An issue was discovered in the Linux kernel before 5.7.3, related to mm/gup.c and mm/huge_memory.c. The get_user_pages (aka gup) implementation, when used for a copy-on-write page, does not properly consider the semantics of read operations and therefore can grant unintended write access, aka CID-17839856fd58.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045", refsource: "MISC", url: "https://bugs.chromium.org/p/project-zero/issues/detail?id=2045", }, { name: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3", refsource: "MISC", url: "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.7.3", }, { name: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f", refsource: "MISC", url: "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=17839856fd588f4ab6b789f482ed3ffd7c403e1f", }, { name: "https://security.netapp.com/advisory/ntap-20210115-0002/", refsource: "CONFIRM", url: "https://security.netapp.com/advisory/ntap-20210115-0002/", }, { name: "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html", refsource: "MISC", url: "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html", }, { name: "[debian-lts-announce] 20210623 [SECURITY] [DLA 2689-1] linux security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00020.html", }, { name: "[debian-lts-announce] 20210623 [SECURITY] [DLA 2690-1] linux-4.19 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2021/06/msg00019.html", }, { name: "[debian-lts-announce] 20220309 [SECURITY] [DLA 2941-1] linux-4.19 security update", refsource: "MLIST", url: "https://lists.debian.org/debian-lts-announce/2022/03/msg00012.html", }, { name: "DSA-5096", refsource: "DEBIAN", url: "https://www.debian.org/security/2022/dsa-5096", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2020-29374", datePublished: "2020-11-28T06:18:56", dateReserved: "2020-11-28T00:00:00", dateUpdated: "2024-08-04T16:48:01.979Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30709
Vulnerability from cvelistv5
Published
2023-09-06 03:11
Modified
2024-09-26 15:26
Severity ?
EPSS score ?
Summary
Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers launch activity with system privilege.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:37:15.107Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-30709", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T15:10:10.916419Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:26:49.516Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Samsung Mobile Devices", vendor: "Samsung Mobile", versions: [ { status: "unaffected", version: "SMR Sep-2023 Release in Android 11, 12, 13", }, ], }, ], descriptions: [ { lang: "en", value: "Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers launch activity with system privilege.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 7.9, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:H/I:L/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { description: "CWE-284: Improper Access Control", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-06T03:11:55.448Z", orgId: "3af57064-a867-422c-b2ad-40307b65c458", shortName: "Samsung Mobile", }, references: [ { url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], }, }, cveMetadata: { assignerOrgId: "3af57064-a867-422c-b2ad-40307b65c458", assignerShortName: "Samsung Mobile", cveId: "CVE-2023-30709", datePublished: "2023-09-06T03:11:55.448Z", dateReserved: "2023-04-14T01:59:51.135Z", dateUpdated: "2024-09-26T15:26:49.516Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35669
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-09-26 14:25
Severity ?
EPSS score ?
Summary
In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:30:44.426Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://android.googlesource.com/platform/frameworks/base/+/f810d81839af38ee121c446105ca67cb12992fc6", }, { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-09-01", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "11", }, { status: "affected", version: "12", }, { status: "affected", version: "12l", }, { status: "affected", version: "13", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-35669", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T14:22:25.092966Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T14:25:51.263Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Android", vendor: "Google", versions: [ { status: "affected", version: "13", }, { status: "affected", version: "12L", }, { status: "affected", version: "12", }, { status: "affected", version: "11", }, ], }, ], descriptions: [ { lang: "en", value: "In checkKeyIntentParceledCorrectly of AccountManagerService.java, there is a possible way to control other running activities due to unsafe deserialization. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of privilege", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-11T20:16:40.959Z", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://android.googlesource.com/platform/frameworks/base/+/f810d81839af38ee121c446105ca67cb12992fc6", }, { url: "https://source.android.com/security/bulletin/2023-09-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-35669", datePublished: "2023-09-11T20:09:52.808Z", dateReserved: "2023-06-15T02:50:29.819Z", dateUpdated: "2024-09-26T14:25:51.263Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35677
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-10-29 17:52
Severity ?
EPSS score ?
Summary
In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:30:44.175Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://android.googlesource.com/platform/packages/apps/Settings/+/846180c19f68f6fb1b0653356401d3235fef846e", }, { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-09-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-35677", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T15:44:29.953339Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-862", description: "CWE-862 Missing Authorization", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-10-29T17:52:42.588Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Android", vendor: "Google", versions: [ { status: "affected", version: "13", }, { status: "affected", version: "12L", }, { status: "affected", version: "12", }, { status: "affected", version: "11", }, ], }, ], descriptions: [ { lang: "en", value: "In onCreate of DeviceAdminAdd.java, there is a possible way to forcibly add a device admin due to a missing permission check. This could lead to local denial of service (factory reset or continuous locking) with no additional execution privileges needed. User interaction is not needed for exploitation.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of service", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-11T20:16:43.440Z", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://android.googlesource.com/platform/packages/apps/Settings/+/846180c19f68f6fb1b0653356401d3235fef846e", }, { url: "https://source.android.com/security/bulletin/2023-09-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-35677", datePublished: "2023-09-11T20:09:54.167Z", dateReserved: "2023-06-15T02:50:31.872Z", dateUpdated: "2024-10-29T17:52:42.588Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35674
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2025-02-04 16:16
Severity ?
EPSS score ?
Summary
In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:30:44.419Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://android.googlesource.com/platform/frameworks/base/+/7428962d3b064ce1122809d87af65099d1129c9e", }, { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-09-01", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "11", }, { status: "affected", version: "12", }, { status: "affected", version: "12l", }, { status: "affected", version: "13", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-35674", options: [ { Exploitation: "active", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2025-01-27T22:22:11.518471Z", version: "2.0.3", }, type: "ssvc", }, }, { other: { content: { dateAdded: "2023-09-13", reference: "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2023-35674", }, type: "kev", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-02-04T16:16:26.062Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Android", vendor: "Google", versions: [ { status: "affected", version: "13", }, { status: "affected", version: "12L", }, { status: "affected", version: "12", }, { status: "affected", version: "11", }, ], }, ], descriptions: [ { lang: "en", value: "In onCreate of WindowState.java, there is a possible way to launch a background activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of privilege", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-11T20:16:42.390Z", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://android.googlesource.com/platform/frameworks/base/+/7428962d3b064ce1122809d87af65099d1129c9e", }, { url: "https://source.android.com/security/bulletin/2023-09-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-35674", datePublished: "2023-09-11T20:09:53.580Z", dateReserved: "2023-06-15T02:50:29.820Z", dateUpdated: "2025-02-04T16:16:26.062Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35676
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-09-26 14:28
Severity ?
EPSS score ?
Summary
In createQuickShareAction of SaveImageInBackgroundTask.java, there is a possible way to trigger a background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:30:44.629Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://android.googlesource.com/platform/frameworks/base/+/109e58b62dc9fedcee93983678ef9d4931e72afa", }, { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-09-01", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "12", }, { status: "affected", version: "12l", }, { status: "affected", version: "13", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-35676", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T14:12:12.416325Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-26T14:28:34.798Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Android", vendor: "Google", versions: [ { status: "affected", version: "13", }, { status: "affected", version: "12L", }, { status: "affected", version: "12", }, ], }, ], descriptions: [ { lang: "en", value: "In createQuickShareAction of SaveImageInBackgroundTask.java, there is a possible way to trigger a background activity launch due to an unsafe PendingIntent. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of privilege", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-11T20:16:43.088Z", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://android.googlesource.com/platform/frameworks/base/+/109e58b62dc9fedcee93983678ef9d4931e72afa", }, { url: "https://source.android.com/security/bulletin/2023-09-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-35676", datePublished: "2023-09-11T20:09:53.971Z", dateReserved: "2023-06-15T02:50:31.872Z", dateUpdated: "2024-09-26T14:28:34.798Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37367
Vulnerability from cvelistv5
Published
2023-09-08 00:00
Modified
2024-09-26 18:38
Severity ?
EPSS score ?
Summary
An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. In the NAS Task, an improperly implemented security check for standard can disallow desired services for a while via consecutive NAS messages.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:09:34.050Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-37367", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T18:38:48.263245Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T18:38:57.179Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. In the NAS Task, an improperly implemented security check for standard can disallow desired services for a while via consecutive NAS messages.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:L/AV:N/A:L/C:N/I:N/PR:N/S:U/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-08T02:05:03.793215", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-37367", datePublished: "2023-09-08T00:00:00", dateReserved: "2023-06-30T00:00:00", dateUpdated: "2024-09-26T18:38:57.179Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21135
Vulnerability from cvelistv5
Published
2023-06-15 00:00
Modified
2024-12-18 18:34
Severity ?
EPSS score ?
Summary
In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260570119
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:28:25.892Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-06-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-21135", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-12-18T18:33:20.272773Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-120", description: "CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-12-18T18:34:12.523Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android-11 Android-12 Android-12L Android-13", }, ], }, ], descriptions: [ { lang: "en", value: "In onCreate of NotificationAccessSettings.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-260570119", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of privilege", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-06-15T00:00:00", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-06-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-21135", datePublished: "2023-06-15T00:00:00", dateReserved: "2022-11-03T00:00:00", dateUpdated: "2024-12-18T18:34:12.523Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35666
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-09-26 14:40
Severity ?
EPSS score ?
Summary
In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:30:44.309Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b7ea57f620436c83a9766f928437ddadaa232e3a", }, { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-09-01", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "11", }, { status: "affected", version: "12", }, { status: "affected", version: "12l", }, { status: "affected", version: "13", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-35666", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T14:39:06.598682Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T14:40:39.522Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Android", vendor: "Google", versions: [ { status: "affected", version: "13", }, { status: "affected", version: "12L", }, { status: "affected", version: "12", }, { status: "affected", version: "11", }, ], }, ], descriptions: [ { lang: "en", value: "In bta_av_rc_msg of bta_av_act.cc, there is a possible use after free due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of privilege", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-11T20:16:40.173Z", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/b7ea57f620436c83a9766f928437ddadaa232e3a", }, { url: "https://source.android.com/security/bulletin/2023-09-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-35666", datePublished: "2023-09-11T20:09:52.427Z", dateReserved: "2023-06-15T02:50:29.819Z", dateUpdated: "2024-09-26T14:40:39.522Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35681
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-09-26 15:46
Severity ?
EPSS score ?
Summary
In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:30:43.905Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/d8d95291f16a8f18f8ffbd6322c14686897c5730", }, { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-09-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-35681", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T15:46:14.631547Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:46:22.621Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Android", vendor: "Google", versions: [ { status: "affected", version: "13", }, ], }, ], descriptions: [ { lang: "en", value: "In eatt_l2cap_reconfig_completed of eatt_impl.h, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.", }, ], problemTypes: [ { descriptions: [ { description: "Remote code execution", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-11T20:16:44.515Z", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/d8d95291f16a8f18f8ffbd6322c14686897c5730", }, { url: "https://source.android.com/security/bulletin/2023-09-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-35681", datePublished: "2023-09-11T20:09:54.702Z", dateReserved: "2023-06-15T02:50:31.873Z", dateUpdated: "2024-09-26T15:46:22.621Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21118
Vulnerability from cvelistv5
Published
2023-05-15 00:00
Modified
2025-01-31 13:41
Severity ?
EPSS score ?
Summary
In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-269014004
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:28:26.107Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-05-01", }, ], title: "CVE Program Container", }, { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.2, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2023-21118", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2025-01-23T20:19:12.912076Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-01-31T13:41:15.263Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "Android", vendor: "n/a", versions: [ { status: "affected", version: "Android-11 Android-12 Android-12L Android-13", }, ], }, ], descriptions: [ { lang: "en", value: "In unflattenString8 of Sensor.cpp, there is a possible out of bounds read due to a heap buffer overflow. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11 Android-12 Android-12L Android-13Android ID: A-269014004", }, ], problemTypes: [ { descriptions: [ { description: "Information disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-05-15T00:00:00.000Z", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://source.android.com/security/bulletin/2023-05-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-21118", datePublished: "2023-05-15T00:00:00.000Z", dateReserved: "2022-11-03T00:00:00.000Z", dateUpdated: "2025-01-31T13:41:15.263Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30707
Vulnerability from cvelistv5
Published
2023-09-06 03:11
Modified
2024-09-26 15:27
Severity ?
EPSS score ?
Summary
Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows local attackers to delete arbitrary files with Samsung Keyboard privilege.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:37:14.134Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-30707", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T15:10:26.796533Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:27:19.225Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Samsung Mobile Devices", vendor: "Samsung Mobile", versions: [ { status: "unaffected", version: "SMR Sep-2023 Release in Android 12", }, ], }, ], descriptions: [ { lang: "en", value: "Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows local attackers to delete arbitrary files with Samsung Keyboard privilege.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { description: "CWE-20: Improper Input Validation", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-06T03:11:53.437Z", orgId: "3af57064-a867-422c-b2ad-40307b65c458", shortName: "Samsung Mobile", }, references: [ { url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], }, }, cveMetadata: { assignerOrgId: "3af57064-a867-422c-b2ad-40307b65c458", assignerShortName: "Samsung Mobile", cveId: "CVE-2023-30707", datePublished: "2023-09-06T03:11:53.437Z", dateReserved: "2023-04-14T01:59:51.129Z", dateUpdated: "2024-09-26T15:27:19.225Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35658
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-09-26 14:51
Severity ?
EPSS score ?
Summary
In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible privilege escalation due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:30:43.908Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/d03a3020de69143b1fe8129d75e55f14951dd192", }, { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-09-01", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "11", }, { status: "affected", version: "12", }, { status: "affected", version: "12l", }, { status: "affected", version: "13", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-35658", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T14:50:27.908286Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T14:51:50.005Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Android", vendor: "Google", versions: [ { status: "affected", version: "13", }, { status: "affected", version: "12L", }, { status: "affected", version: "12", }, { status: "affected", version: "11", }, ], }, ], descriptions: [ { lang: "en", value: "In gatt_process_prep_write_rsp of gatt_cl.cc, there is a possible privilege escalation due to a use after free. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.", }, ], problemTypes: [ { descriptions: [ { description: "Remote code execution", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-11T20:16:39.115Z", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/d03a3020de69143b1fe8129d75e55f14951dd192", }, { url: "https://source.android.com/security/bulletin/2023-09-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-35658", datePublished: "2023-09-11T20:09:51.810Z", dateReserved: "2023-06-15T02:50:10.272Z", dateUpdated: "2024-09-26T14:51:50.005Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35682
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-08-02 16:30
Severity ?
EPSS score ?
Summary
In hasPermissionForActivity of PackageManagerHelper.java, there is a possible way to start arbitrary components due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:30:44.577Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://android.googlesource.com/platform/packages/apps/Launcher3/+/09f8b0e52e45a0b39bab457534ba2e5ae91ffad0", }, { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-09-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Android", vendor: "Google", versions: [ { status: "affected", version: "13", }, { status: "affected", version: "12L", }, { status: "affected", version: "12", }, { status: "affected", version: "11", }, ], }, ], descriptions: [ { lang: "en", value: "In hasPermissionForActivity of PackageManagerHelper.java, there is a possible way to start arbitrary components due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of privilege", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-11T20:16:44.869Z", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://android.googlesource.com/platform/packages/apps/Launcher3/+/09f8b0e52e45a0b39bab457534ba2e5ae91ffad0", }, { url: "https://source.android.com/security/bulletin/2023-09-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-35682", datePublished: "2023-09-11T20:09:54.893Z", dateReserved: "2023-06-15T02:50:31.873Z", dateUpdated: "2024-08-02T16:30:44.577Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35684
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-09-26 15:47
Severity ?
EPSS score ?
Summary
In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:30:44.483Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/668bbca29797728004d88db4c9b69102f3939008", }, { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-09-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-35684", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T15:47:19.045836Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:47:27.807Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Android", vendor: "Google", versions: [ { status: "affected", version: "13", }, { status: "affected", version: "12L", }, { status: "affected", version: "12", }, { status: "affected", version: "11", }, ], }, ], descriptions: [ { lang: "en", value: "In avdt_msg_asmbl of avdt_msg.cc, there is a possible out of bounds write due to an integer overflow. This could lead to paired device escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of privilege", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-11T20:16:45.658Z", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/668bbca29797728004d88db4c9b69102f3939008", }, { url: "https://source.android.com/security/bulletin/2023-09-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-35684", datePublished: "2023-09-11T20:09:55.266Z", dateReserved: "2023-06-15T02:50:31.873Z", dateUpdated: "2024-09-26T15:47:27.807Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-40353
Vulnerability from cvelistv5
Published
2023-09-08 00:00
Modified
2024-09-26 17:52
Severity ?
EPSS score ?
Summary
An issue was discovered in Exynos Mobile Processor 980 and 2100. An integer overflow at a buffer index can prevent the execution of requested services via a crafted application.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T18:31:53.590Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-40353", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T17:52:07.923037Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T17:52:15.819Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Exynos Mobile Processor 980 and 2100. An integer overflow at a buffer index can prevent the execution of requested services via a crafted application.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 2, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AC:L/AV:L/A:L/C:N/I:N/PR:H/S:U/UI:R", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-08T02:05:30.635208", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-40353", datePublished: "2023-09-08T00:00:00", dateReserved: "2023-08-14T00:00:00", dateUpdated: "2024-09-26T17:52:15.819Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-40510
Vulnerability from cvelistv5
Published
2023-08-08 09:14
Modified
2024-08-03 12:21
Severity ?
EPSS score ?
Summary
Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Version: APQ8009 Version: APQ8009W Version: APQ8017 Version: APQ8037 Version: APQ8064AU Version: APQ8076 Version: APQ8096AU Version: AQT1000 Version: AR8031 Version: AR8035 Version: CSRA6620 Version: CSRA6640 Version: CSRB31024 Version: MDM8207 Version: MDM9150 Version: MDM9206 Version: MDM9207 Version: MDM9250 Version: MDM9607 Version: MDM9628 Version: MDM9640 Version: MDM9650 Version: MSM8108 Version: MSM8208 Version: MSM8209 Version: MSM8608 Version: MSM8909W Version: MSM8917 Version: MSM8920 Version: MSM8937 Version: MSM8940 Version: MSM8996AU Version: PM8937 Version: QAM8295P Version: QCA4020 Version: QCA6174A Version: QCA6310 Version: QCA6320 Version: QCA6335 Version: QCA6390 Version: QCA6391 Version: QCA6420 Version: QCA6421 Version: QCA6426 Version: QCA6430 Version: QCA6431 Version: QCA6436 Version: QCA6564A Version: QCA6564AU Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6584AU Version: QCA6595 Version: QCA6595AU Version: QCA6696 Version: QCA8081 Version: QCA8337 Version: QCA9367 Version: QCA9377 Version: QCA9379 Version: QCA9984 Version: QCC5100 Version: QCM2290 Version: QCM4290 Version: QCM6125 Version: QCM6490 Version: QCN6024 Version: QCN9011 Version: QCN9012 Version: QCN9024 Version: QCN9074 Version: QCS2290 Version: QCS405 Version: QCS410 Version: QCS4290 Version: QCS603 Version: QCS605 Version: QCS610 Version: QCS6125 Version: QCS6490 Version: QCX315 Version: QRB5165 Version: QRB5165M Version: QRB5165N Version: QSM8250 Version: Qualcomm215 Version: SA415M Version: SA515M Version: SA6145P Version: SA6155 Version: SA6155P Version: SA8150P Version: SA8155 Version: SA8155P Version: SA8195P Version: SA8295P Version: SC8180X+SDX55 Version: SD 455 Version: SD 636 Version: SD 675 Version: SD 8 Gen1 5G Version: SD 8CX Version: SD 8cx Gen2 Version: SD 8cx Gen3 Version: SD205 Version: SD210 Version: SD429 Version: SD439 Version: SD450 Version: SD460 Version: SD480 Version: SD625 Version: SD626 Version: SD632 Version: SD660 Version: SD662 Version: SD665 Version: SD670 Version: SD675 Version: SD678 Version: SD680 Version: SD690 5G Version: SD695 Version: SD710 Version: SD712 Version: SD720G Version: SD730 Version: SD750G Version: SD765 Version: SD765G Version: SD768G Version: SD778G Version: SD780G Version: SD7c Version: SD820 Version: SD835 Version: SD845 Version: SD850 Version: SD855 Version: SD865 5G Version: SD870 Version: SD888 5G Version: SDA429W Version: SDM429W Version: SDM630 Version: SDW2500 Version: SDX12 Version: SDX20 Version: SDX24 Version: SDX50M Version: SDX55 Version: SDX55M Version: SDX65 Version: SDXR1 Version: SDXR2 5G Version: SM4125 Version: SM4375 Version: SM6250 Version: SM6250P Version: SM7250P Version: SM7325P Version: SW5100 Version: SW5100P Version: SXR2150P Version: WCD9306 Version: WCD9326 Version: WCD9330 Version: WCD9335 Version: WCD9340 Version: WCD9341 Version: WCD9360 Version: WCD9370 Version: WCD9371 Version: WCD9375 Version: WCD9380 Version: WCD9385 Version: WCN3610 Version: WCN3615 Version: WCN3620 Version: WCN3660 Version: WCN3660B Version: WCN3680 Version: WCN3680B Version: WCN3910 Version: WCN3950 Version: WCN3980 Version: WCN3988 Version: WCN3990 Version: WCN3991 Version: WCN3998 Version: WCN3999 Version: WCN6740 Version: WCN6750 Version: WCN6850 Version: WCN6851 Version: WCN6855 Version: WCN6856 Version: WCN7850 Version: WCN7851 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8835 |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:qualcomm:apq8009_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "apq8009_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:apq8009w_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "apq8009w_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:apq8017_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "apq8017_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:apq8037_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "apq8037_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:apq8064au_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "apq8064au_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:apq8076_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "apq8076_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:apq8096au_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "apq8096au_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:aqt1000_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "aqt1000_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:ar8031_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ar8031_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:ar8035_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "ar8035_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:csra6620_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "csra6620_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:csra6640_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "csra6640_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:csrb31024_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "csrb31024_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:mdm8207_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mdm8207_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:mdm9150_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mdm9150_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mdm9206_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:mdm9207_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mdm9207_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:mdm9250_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mdm9250_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mdm9607_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:mdm9628_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mdm9628_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mdm9640_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mdm9650_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:msm8108_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "msm8108_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:msm8208_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "msm8208_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:msm8209_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "msm8209_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:msm8608_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "msm8608_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "msm8909w_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:msm8917_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "msm8917_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:msm8920_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "msm8920_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:msm8937_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "msm8937_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:msm8940_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "msm8940_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:msm8996au_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "msm8996au_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:pm8937_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "pm8937_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qam8295p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qam8295p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca4020_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca4020_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6174a_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6174a_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6310_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6310_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6320_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6320_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6335_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6335_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6390_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6390_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6391_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6391_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6420_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6420_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6421_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6421_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6426_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6426_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6430_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6430_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6431_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6431_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6436_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6436_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6564a_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6564a_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6564au_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6564au_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6574_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6574_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6574a_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6574a_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6574au_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6574au_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6584au_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6584au_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6595_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6595_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6595au_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6595au_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca6696_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca6696_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca8081_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca8081_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca8337_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca8337_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca9367_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca9367_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca9377_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca9377_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca9379_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca9379_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qca9984_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qca9984_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcc5100_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcc5100_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcm2290_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcm2290_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcm4290_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcm4290_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcm6125_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcm6125_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcm6490_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcm6490_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcn6024_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcn6024_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcn9011_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcn9011_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcn9012_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcn9012_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcn9024_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcn9024_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcn9074_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcn9074_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcs2290_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcs2290_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcs405_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcs405_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcs410_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcs410_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcs4290_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcs4290_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcs603_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcs603_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcs605_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcs605_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcs610_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcs610_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcs6125_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcs6125_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcs6490_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcs6490_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qcx315_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qcx315_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qrb5165_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qrb5165_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qrb5165m_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qrb5165m_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qrb5165n_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qrb5165n_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qsm8250_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qsm8250_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:qualcomm215_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "qualcomm215_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sa415m_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sa415m_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sa515m_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sa515m_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sa6145p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sa6145p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sa6155_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sa6155_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sa6155p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sa6155p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sa8150p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sa8150p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sa8155_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sa8155_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sa8155p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sa8155p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sa8195p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sa8195p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sa8295p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sa8295p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd_455_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd_455_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd_636_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd_636_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd_675_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd_675_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd_8_gen1_5g_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd_8_gen1_5g_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd_8cx_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd_8cx_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd_8cx_gen2_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd_8cx_gen2_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd_8cx_gen3_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd_8cx_gen3_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd205_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd205_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd210_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd210_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd429_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd429_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd439_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd439_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd450_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd450_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd460_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd460_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd480_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd480_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd625_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd625_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd626_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd626_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd632_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd632_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd660_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd660_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd662_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd662_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd665_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd665_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd670_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd670_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd675_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd675_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd678_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd678_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd680_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd680_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd690_5g_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd690_5g_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd695_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd695_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd710_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd710_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd712_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd712_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd720g_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd720g_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd730_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd730_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd750g_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd750g_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd765_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd765_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd765g_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd765g_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd768g_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd768g_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd778g_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd778g_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd780g_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd780g_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd7c_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd7c_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd820_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd820_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd835_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd835_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd845_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd845_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd850_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd850_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd855_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd855_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd865_5g_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd865_5g_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd870_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd870_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sd888_5g_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sd888_5g_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sda429w_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sda429w_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sdm429w_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sdm429w_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sdm630_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sdm630_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sdw2500_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sdw2500_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sdx12_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sdx12_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sdx20_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sdx24_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sdx24_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sdx50m_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sdx50m_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sdx55_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sdx55_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sdx55m_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sdx55m_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sdx65_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sdx65_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sdxr1_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sdxr1_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sdxr2_5g_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sdxr2_5g_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sm4125_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sm4125_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sm4375_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sm4375_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sm6250_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sm6250_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sm6250p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sm6250p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sm7250p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sm7250p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sm7325p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sm7325p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sw5100_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sw5100_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sw5100p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sw5100p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:sxr2150p_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "sxr2150p_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9306_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9306_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9326_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9326_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9330_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9330_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9335_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9335_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9340_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9340_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9341_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9341_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9360_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9360_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9370_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9370_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9371_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9371_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9375_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9375_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9380_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9380_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcd9385_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcd9385_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3610_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3610_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3615_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3615_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3620_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3620_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3660_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3660_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3660b_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3660b_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3680_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3680_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3680b_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3680b_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3910_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3910_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3950_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3950_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3980_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3980_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3988_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3988_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3990_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3990_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3991_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3991_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3998_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3998_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn3999_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn3999_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn6740_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn6740_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn6750_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn6750_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn6850_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn6850_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn6851_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn6851_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn6855_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn6855_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn6856_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn6856_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn7850_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn7850_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wcn7851_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wcn7851_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wsa8810_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wsa8810_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wsa8815_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wsa8815_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wsa8830_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wsa8830_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, { cpes: [ "cpe:2.3:o:qualcomm:wsa8835_firmware:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "wsa8835_firmware", vendor: "qualcomm", versions: [ { lessThanOrEqual: "*", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2022-40510", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-11T20:14:19.816575Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-07-11T20:14:29.686Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-03T12:21:46.162Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Connectivity", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon IoT", "Snapdragon Mobile", "Snapdragon Voice & Music", "Snapdragon Wearables", "Snapdragon Wired Infrastructure and Networking", ], product: "Snapdragon", vendor: "Qualcomm, Inc.", versions: [ { status: "affected", version: "APQ8009", }, { status: "affected", version: "APQ8009W", }, { status: "affected", version: "APQ8017", }, { status: "affected", version: "APQ8037", }, { status: "affected", version: "APQ8064AU", }, { status: "affected", version: "APQ8076", }, { status: "affected", version: "APQ8096AU", }, { status: "affected", version: "AQT1000", }, { status: "affected", version: "AR8031", }, { status: "affected", version: "AR8035", }, { status: "affected", version: "CSRA6620", }, { status: "affected", version: "CSRA6640", }, { status: "affected", version: "CSRB31024", }, { status: "affected", version: "MDM8207", }, { status: "affected", version: "MDM9150", }, { status: "affected", version: "MDM9206", }, { status: "affected", version: "MDM9207", }, { status: "affected", version: "MDM9250", }, { status: "affected", version: "MDM9607", }, { status: "affected", version: "MDM9628", }, { status: "affected", version: "MDM9640", }, { status: "affected", version: "MDM9650", }, { status: "affected", version: "MSM8108", }, { status: "affected", version: "MSM8208", }, { status: "affected", version: "MSM8209", }, { status: "affected", version: "MSM8608", }, { status: "affected", version: "MSM8909W", }, { status: "affected", version: "MSM8917", }, { status: "affected", version: "MSM8920", }, { status: "affected", version: "MSM8937", }, { status: "affected", version: "MSM8940", }, { status: "affected", version: "MSM8996AU", }, { status: "affected", version: "PM8937", }, { status: "affected", version: "QAM8295P", }, { status: "affected", version: "QCA4020", }, { status: "affected", version: "QCA6174A", }, { status: "affected", version: "QCA6310", }, { status: "affected", version: "QCA6320", }, { status: "affected", version: "QCA6335", }, { status: "affected", version: "QCA6390", }, { status: "affected", version: "QCA6391", }, { status: "affected", version: "QCA6420", }, { status: "affected", version: "QCA6421", }, { status: "affected", version: "QCA6426", }, { status: "affected", version: "QCA6430", }, { status: "affected", version: "QCA6431", }, { status: "affected", version: "QCA6436", }, { status: "affected", version: "QCA6564A", }, { status: "affected", version: "QCA6564AU", }, { status: "affected", version: "QCA6574", }, { status: "affected", version: "QCA6574A", }, { status: "affected", version: "QCA6574AU", }, { status: "affected", version: "QCA6584AU", }, { status: "affected", version: "QCA6595", }, { status: "affected", version: "QCA6595AU", }, { status: "affected", version: "QCA6696", }, { status: "affected", version: "QCA8081", }, { status: "affected", version: "QCA8337", }, { status: "affected", version: "QCA9367", }, { status: "affected", version: "QCA9377", }, { status: "affected", version: "QCA9379", }, { status: "affected", version: "QCA9984", }, { status: "affected", version: "QCC5100", }, { status: "affected", version: "QCM2290", }, { status: "affected", version: "QCM4290", }, { status: "affected", version: "QCM6125", }, { status: "affected", version: "QCM6490", }, { status: "affected", version: "QCN6024", }, { status: "affected", version: "QCN9011", }, { status: "affected", version: "QCN9012", }, { status: "affected", version: "QCN9024", }, { status: "affected", version: "QCN9074", }, { status: "affected", version: "QCS2290", }, { status: "affected", version: "QCS405", }, { status: "affected", version: "QCS410", }, { status: "affected", version: "QCS4290", }, { status: "affected", version: "QCS603", }, { status: "affected", version: "QCS605", }, { status: "affected", version: "QCS610", }, { status: "affected", version: "QCS6125", }, { status: "affected", version: "QCS6490", }, { status: "affected", version: "QCX315", }, { status: "affected", version: "QRB5165", }, { status: "affected", version: "QRB5165M", }, { status: "affected", version: "QRB5165N", }, { status: "affected", version: "QSM8250", }, { status: "affected", version: "Qualcomm215", }, { status: "affected", version: "SA415M", }, { status: "affected", version: "SA515M", }, { status: "affected", version: "SA6145P", }, { status: "affected", version: "SA6155", }, { status: "affected", version: "SA6155P", }, { status: "affected", version: "SA8150P", }, { status: "affected", version: "SA8155", }, { status: "affected", version: "SA8155P", }, { status: "affected", version: "SA8195P", }, { status: "affected", version: "SA8295P", }, { status: "affected", version: "SC8180X+SDX55", }, { status: "affected", version: "SD 455", }, { status: "affected", version: "SD 636", }, { status: "affected", version: "SD 675", }, { status: "affected", version: "SD 8 Gen1 5G", }, { status: "affected", version: "SD 8CX", }, { status: "affected", version: "SD 8cx Gen2", }, { status: "affected", version: "SD 8cx Gen3", }, { status: "affected", version: "SD205", }, { status: "affected", version: "SD210", }, { status: "affected", version: "SD429", }, { status: "affected", version: "SD439", }, { status: "affected", version: "SD450", }, { status: "affected", version: "SD460", }, { status: "affected", version: "SD480", }, { status: "affected", version: "SD625", }, { status: "affected", version: "SD626", }, { status: "affected", version: "SD632", }, { status: "affected", version: "SD660", }, { status: "affected", version: "SD662", }, { status: "affected", version: "SD665", }, { status: "affected", version: "SD670", }, { status: "affected", version: "SD675", }, { status: "affected", version: "SD678", }, { status: "affected", version: "SD680", }, { status: "affected", version: "SD690 5G", }, { status: "affected", version: "SD695", }, { status: "affected", version: "SD710", }, { status: "affected", version: "SD712", }, { status: "affected", version: "SD720G", }, { status: "affected", version: "SD730", }, { status: "affected", version: "SD750G", }, { status: "affected", version: "SD765", }, { status: "affected", version: "SD765G", }, { status: "affected", version: "SD768G", }, { status: "affected", version: "SD778G", }, { status: "affected", version: "SD780G", }, { status: "affected", version: "SD7c", }, { status: "affected", version: "SD820", }, { status: "affected", version: "SD835", }, { status: "affected", version: "SD845", }, { status: "affected", version: "SD850", }, { status: "affected", version: "SD855", }, { status: "affected", version: "SD865 5G", }, { status: "affected", version: "SD870", }, { status: "affected", version: "SD888 5G", }, { status: "affected", version: "SDA429W", }, { status: "affected", version: "SDM429W", }, { status: "affected", version: "SDM630", }, { status: "affected", version: "SDW2500", }, { status: "affected", version: "SDX12", }, { status: "affected", version: "SDX20", }, { status: "affected", version: "SDX24", }, { status: "affected", version: "SDX50M", }, { status: "affected", version: "SDX55", }, { status: "affected", version: "SDX55M", }, { status: "affected", version: "SDX65", }, { status: "affected", version: "SDXR1", }, { status: "affected", version: "SDXR2 5G", }, { status: "affected", version: "SM4125", }, { status: "affected", version: "SM4375", }, { status: "affected", version: "SM6250", }, { status: "affected", version: "SM6250P", }, { status: "affected", version: "SM7250P", }, { status: "affected", version: "SM7325P", }, { status: "affected", version: "SW5100", }, { status: "affected", version: "SW5100P", }, { status: "affected", version: "SXR2150P", }, { status: "affected", version: "WCD9306", }, { status: "affected", version: "WCD9326", }, { status: "affected", version: "WCD9330", }, { status: "affected", version: "WCD9335", }, { status: "affected", version: "WCD9340", }, { status: "affected", version: "WCD9341", }, { status: "affected", version: "WCD9360", }, { status: "affected", version: "WCD9370", }, { status: "affected", version: "WCD9371", }, { status: "affected", version: "WCD9375", }, { status: "affected", version: "WCD9380", }, { status: "affected", version: "WCD9385", }, { status: "affected", version: "WCN3610", }, { status: "affected", version: "WCN3615", }, { status: "affected", version: "WCN3620", }, { status: "affected", version: "WCN3660", }, { status: "affected", version: "WCN3660B", }, { status: "affected", version: "WCN3680", }, { status: "affected", version: "WCN3680B", }, { status: "affected", version: "WCN3910", }, { status: "affected", version: "WCN3950", }, { status: "affected", version: "WCN3980", }, { status: "affected", version: "WCN3988", }, { status: "affected", version: "WCN3990", }, { status: "affected", version: "WCN3991", }, { status: "affected", version: "WCN3998", }, { status: "affected", version: "WCN3999", }, { status: "affected", version: "WCN6740", }, { status: "affected", version: "WCN6750", }, { status: "affected", version: "WCN6850", }, { status: "affected", version: "WCN6851", }, { status: "affected", version: "WCN6855", }, { status: "affected", version: "WCN6856", }, { status: "affected", version: "WCN7850", }, { status: "affected", version: "WCN7851", }, { status: "affected", version: "WSA8810", }, { status: "affected", version: "WSA8815", }, { status: "affected", version: "WSA8830", }, { status: "affected", version: "WSA8835", }, ], }, ], descriptions: [ { lang: "en", value: "Memory corruption due to buffer copy without checking size of input in Audio while voice call with EVS vocoder.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-457", description: "CWE-457 Use of Uninitialized Variable", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-12T16:23:19.699Z", orgId: "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", shortName: "qualcomm", }, references: [ { url: "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin", }, ], title: "Buffer copy without checking size of input in Audio.", }, }, cveMetadata: { assignerOrgId: "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", assignerShortName: "qualcomm", cveId: "CVE-2022-40510", datePublished: "2023-08-08T09:14:48.400Z", dateReserved: "2022-09-12T09:37:28.414Z", dateUpdated: "2024-08-03T12:21:46.162Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30706
Vulnerability from cvelistv5
Published
2023-09-06 03:11
Modified
2024-09-26 20:45
Severity ?
EPSS score ?
Summary
Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:37:14.969Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-30706", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T20:45:27.541993Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T20:45:42.822Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Samsung Mobile Devices", vendor: "Samsung Mobile", versions: [ { status: "unaffected", version: "SMR Sep-2023 Release in Android 12", }, ], }, ], descriptions: [ { lang: "en", value: "Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { description: "CWE-285: Improper Authorization", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-06T03:11:52.376Z", orgId: "3af57064-a867-422c-b2ad-40307b65c458", shortName: "Samsung Mobile", }, references: [ { url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], }, }, cveMetadata: { assignerOrgId: "3af57064-a867-422c-b2ad-40307b65c458", assignerShortName: "Samsung Mobile", cveId: "CVE-2023-30706", datePublished: "2023-09-06T03:11:52.376Z", dateReserved: "2023-04-14T01:59:51.129Z", dateUpdated: "2024-09-26T20:45:42.822Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30719
Vulnerability from cvelistv5
Published
2023-09-06 03:12
Modified
2024-09-26 15:25
Severity ?
EPSS score ?
Summary
Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:37:14.617Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-30719", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T14:59:00.460258Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:25:55.803Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Samsung Mobile Devices", vendor: "Samsung Mobile", versions: [ { status: "unaffected", version: "SMR Sep-2023 Release in Android 11, 12, 13", }, ], }, ], descriptions: [ { lang: "en", value: "Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-06T03:12:06.098Z", orgId: "3af57064-a867-422c-b2ad-40307b65c458", shortName: "Samsung Mobile", }, references: [ { url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], }, }, cveMetadata: { assignerOrgId: "3af57064-a867-422c-b2ad-40307b65c458", assignerShortName: "Samsung Mobile", cveId: "CVE-2023-30719", datePublished: "2023-09-06T03:12:06.098Z", dateReserved: "2023-04-14T01:59:51.137Z", dateUpdated: "2024-09-26T15:25:55.803Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30712
Vulnerability from cvelistv5
Published
2023-09-06 03:11
Modified
2024-09-26 15:32
Severity ?
EPSS score ?
Summary
Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:37:14.823Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-30712", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T15:06:14.744234Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:32:09.914Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Samsung Mobile Devices", vendor: "Samsung Mobile", versions: [ { status: "unaffected", version: "SMR Sep-2023 Release in Android 13", }, ], }, ], descriptions: [ { lang: "en", value: "Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { description: "CWE-20: Improper Input Validation", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-06T03:11:58.480Z", orgId: "3af57064-a867-422c-b2ad-40307b65c458", shortName: "Samsung Mobile", }, references: [ { url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], }, }, cveMetadata: { assignerOrgId: "3af57064-a867-422c-b2ad-40307b65c458", assignerShortName: "Samsung Mobile", cveId: "CVE-2023-30712", datePublished: "2023-09-06T03:11:58.480Z", dateReserved: "2023-04-14T01:59:51.136Z", dateUpdated: "2024-09-26T15:32:09.914Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-20780
Vulnerability from cvelistv5
Published
2023-08-07 03:21
Modified
2024-10-17 14:41
Severity ?
EPSS score ?
Summary
In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS08017756.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:14:41.005Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-20780", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-10-17T14:41:07.970344Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-17T14:41:18.229Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "MT6580, MT6731, MT6735, MT6737, MT6739, MT6753, MT6757, MT6757C, MT6757CD, MT6757CH, MT6761, MT6762, MT6763, MT6765, MT6768, MT6769, MT6771, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6853T, MT6855, MT6873, MT6875, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6891, MT6893, MT6895, MT6983, MT6985, MT8185, MT8321, MT8385, MT8666, MT8673, MT8675, MT8765, MT8766, MT8768, MT8781, MT8786, MT8788, MT8789, MT8791, MT8791T, MT8797", vendor: "MediaTek, Inc.", versions: [ { status: "affected", version: "Android 11.0, 12.0, 13.0", }, ], }, ], descriptions: [ { lang: "en", value: "In keyinstall, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08017756; Issue ID: ALPS08017756.", }, ], problemTypes: [ { descriptions: [ { description: "Information Disclosure", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-08-07T03:21:00.627Z", orgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", shortName: "MediaTek", }, references: [ { url: "https://corp.mediatek.com/product-security-bulletin/August-2023", }, ], }, }, cveMetadata: { assignerOrgId: "ee979b05-11f8-4f25-a7e0-a1fa9c190374", assignerShortName: "MediaTek", cveId: "CVE-2023-20780", datePublished: "2023-08-07T03:21:00.627Z", dateReserved: "2022-10-28T02:03:10.776Z", dateUpdated: "2024-10-17T14:41:18.229Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35670
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-08-02 16:30
Severity ?
EPSS score ?
Summary
In computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps' external private directories due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:30:43.944Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/db3c69afcb0a45c8aa2f333fcde36217889899fe", }, { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-09-01", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Android", vendor: "Google", versions: [ { status: "affected", version: "13", }, { status: "affected", version: "12L", }, { status: "affected", version: "12", }, { status: "affected", version: "11", }, ], }, ], descriptions: [ { lang: "en", value: "In computeValuesFromData of FileUtils.java, there is a possible way to insert files to other apps' external private directories due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of privilege", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-11T20:16:41.312Z", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://android.googlesource.com/platform/packages/providers/MediaProvider/+/db3c69afcb0a45c8aa2f333fcde36217889899fe", }, { url: "https://source.android.com/security/bulletin/2023-09-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-35670", datePublished: "2023-09-11T20:09:52.999Z", dateReserved: "2023-06-15T02:50:29.819Z", dateUpdated: "2024-08-02T16:30:43.944Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35673
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-09-26 14:33
Severity ?
EPSS score ?
Summary
In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:30:44.602Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/8770c07c102c7fdc74626dc717acc8f6dd1c92cc", }, { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-09-01", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "11", }, { status: "affected", version: "12", }, { status: "affected", version: "12l", }, { status: "affected", version: "13", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-35673", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T14:17:07.882223Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T14:33:31.585Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Android", vendor: "Google", versions: [ { status: "affected", version: "13", }, { status: "affected", version: "12L", }, { status: "affected", version: "12", }, { status: "affected", version: "11", }, ], }, ], descriptions: [ { lang: "en", value: "In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to an integer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.", }, ], problemTypes: [ { descriptions: [ { description: "Remote code execution", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-11T20:16:42.035Z", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://android.googlesource.com/platform/packages/modules/Bluetooth/+/8770c07c102c7fdc74626dc717acc8f6dd1c92cc", }, { url: "https://source.android.com/security/bulletin/2023-09-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-35673", datePublished: "2023-09-11T20:09:53.391Z", dateReserved: "2023-06-15T02:50:29.820Z", dateUpdated: "2024-09-26T14:33:31.585Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35687
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-09-26 15:49
Severity ?
EPSS score ?
Summary
In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:30:44.386Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://android.googlesource.com/platform/frameworks/av/+/ea6131efa76a0b2a12724ffd157909e2c6fb4036", }, { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-09-01", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-35687", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T15:49:05.405485Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:49:16.654Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Android", vendor: "Google", versions: [ { status: "affected", version: "13", }, { status: "affected", version: "12L", }, { status: "affected", version: "12", }, { status: "affected", version: "11", }, ], }, ], descriptions: [ { lang: "en", value: "In MtpPropertyValue of MtpProperty.h, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of privilege", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-11T20:16:46.031Z", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://android.googlesource.com/platform/frameworks/av/+/ea6131efa76a0b2a12724ffd157909e2c6fb4036", }, { url: "https://source.android.com/security/bulletin/2023-09-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-35687", datePublished: "2023-09-11T20:09:55.452Z", dateReserved: "2023-06-15T02:50:33.961Z", dateUpdated: "2024-09-26T15:49:16.654Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35671
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-09-26 14:34
Severity ?
EPSS score ?
Summary
In onHostEmulationData of HostEmulationManager.java, there is a possible way for a general purpose NFC reader to read the full card number and expiry details when the device is in locked screen mode due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:30:43.985Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://android.googlesource.com/platform/packages/apps/Nfc/+/745632835f3d97513a9c2a96e56e1dc06c4e4176", }, { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-09-01", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "11", }, { status: "affected", version: "12", }, { status: "affected", version: "12l", }, { status: "affected", version: "13", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-35671", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T14:20:23.873620Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-26T14:34:53.613Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Android", vendor: "Google", versions: [ { status: "affected", version: "13", }, { status: "affected", version: "12L", }, { status: "affected", version: "12", }, { status: "affected", version: "11", }, ], }, ], descriptions: [ { lang: "en", value: "In onHostEmulationData of HostEmulationManager.java, there is a possible way for a general purpose NFC reader to read the full card number and expiry details when the device is in locked screen mode due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", }, ], problemTypes: [ { descriptions: [ { description: "Information disclosure", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-11T20:16:41.672Z", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://android.googlesource.com/platform/packages/apps/Nfc/+/745632835f3d97513a9c2a96e56e1dc06c4e4176", }, { url: "https://source.android.com/security/bulletin/2023-09-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-35671", datePublished: "2023-09-11T20:09:53.198Z", dateReserved: "2023-06-15T02:50:29.819Z", dateUpdated: "2024-09-26T14:34:53.613Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30720
Vulnerability from cvelistv5
Published
2023-09-06 03:12
Modified
2024-09-26 15:25
Severity ?
EPSS score ?
Summary
PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:37:14.607Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-30720", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T14:58:42.916644Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:25:39.849Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Samsung Mobile Devices", vendor: "Samsung Mobile", versions: [ { status: "unaffected", version: "SMR Sep-2023 Release in Android 11, 12, 13", }, ], }, ], descriptions: [ { lang: "en", value: "PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { description: "CWE-284: Improper Access Control", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-06T03:12:07.151Z", orgId: "3af57064-a867-422c-b2ad-40307b65c458", shortName: "Samsung Mobile", }, references: [ { url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], }, }, cveMetadata: { assignerOrgId: "3af57064-a867-422c-b2ad-40307b65c458", assignerShortName: "Samsung Mobile", cveId: "CVE-2023-30720", datePublished: "2023-09-06T03:12:07.151Z", dateReserved: "2023-04-14T01:59:51.137Z", dateUpdated: "2024-09-26T15:25:39.849Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37368
Vulnerability from cvelistv5
Published
2023-09-08 00:00
Modified
2024-09-26 18:16
Severity ?
EPSS score ?
Summary
An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123). In the Shannon MM Task, Missing validation of a NULL pointer can cause abnormal termination via a malformed NR MM packet.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:09:34.196Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-37368", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T18:15:54.711271Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T18:16:06.387Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123). In the Shannon MM Task, Missing validation of a NULL pointer can cause abnormal termination via a malformed NR MM packet.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AC:H/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-08T02:05:13.922904", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-37368", datePublished: "2023-09-08T00:00:00", dateReserved: "2023-06-30T00:00:00", dateUpdated: "2024-09-26T18:16:06.387Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-37377
Vulnerability from cvelistv5
Published
2023-09-08 00:00
Modified
2024-09-26 18:12
Severity ?
EPSS score ?
Summary
An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor (Exynos 980, Exynos 850, Exynos 2100, and Exynos W920). Improper handling of length parameter inconsistency can cause incorrect packet filtering.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T17:09:34.221Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:samsung:mobile_processor_wearable_processor:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "mobile_processor_wearable_processor", vendor: "samsung", versions: [ { lessThan: "*", status: "affected", version: "0", versionType: "custom", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-37377", options: [ { Exploitation: "none", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T18:11:06.687223Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T18:12:57.503Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor (Exynos 980, Exynos 850, Exynos 2100, and Exynos W920). Improper handling of length parameter inconsistency can cause incorrect packet filtering.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 2, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AC:L/AV:L/A:L/C:N/I:N/PR:H/S:U/UI:R", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-08T02:05:22.871798", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://semiconductor.samsung.com/support/quality-support/product-security-updates/", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2023-37377", datePublished: "2023-09-08T00:00:00", dateReserved: "2023-07-03T00:00:00", dateUpdated: "2024-09-26T18:12:57.503Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35675
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-09-26 14:30
Severity ?
EPSS score ?
Summary
In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:30:44.580Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://android.googlesource.com/platform/frameworks/base/+/c1cf4b9746c9641190730172522324ccd5b8c914", }, { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-09-01", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "11", }, { status: "affected", version: "12", }, { status: "affected", version: "12l", }, { status: "affected", version: "13", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-35675", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T14:14:21.302181Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T14:30:04.570Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Android", vendor: "Google", versions: [ { status: "affected", version: "13", }, { status: "affected", version: "12L", }, { status: "affected", version: "12", }, { status: "affected", version: "11", }, ], }, ], descriptions: [ { lang: "en", value: "In loadMediaResumptionControls of MediaResumeListener.kt, there is a possible way to play and listen to media files played by another user on the same device due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.", }, ], problemTypes: [ { descriptions: [ { description: "Information disclosure", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-11T20:16:42.742Z", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://android.googlesource.com/platform/frameworks/base/+/c1cf4b9746c9641190730172522324ccd5b8c914", }, { url: "https://source.android.com/security/bulletin/2023-09-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-35675", datePublished: "2023-09-11T20:09:53.771Z", dateReserved: "2023-06-15T02:50:31.872Z", dateUpdated: "2024-09-26T14:30:04.570Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30721
Vulnerability from cvelistv5
Published
2023-09-06 03:12
Modified
2024-09-26 15:25
Severity ?
EPSS score ?
Summary
Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:37:14.872Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-30721", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T14:57:04.216557Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:25:23.654Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Samsung Mobile Devices", vendor: "Samsung Mobile", versions: [ { status: "unaffected", version: "SMR Sep-2023 Release in Android 11, 12, 13", }, ], }, ], descriptions: [ { lang: "en", value: "Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 4.4, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { description: "CWE-532 Insertion of Sensitive Information into Log File", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-06T03:12:08.181Z", orgId: "3af57064-a867-422c-b2ad-40307b65c458", shortName: "Samsung Mobile", }, references: [ { url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], }, }, cveMetadata: { assignerOrgId: "3af57064-a867-422c-b2ad-40307b65c458", assignerShortName: "Samsung Mobile", cveId: "CVE-2023-30721", datePublished: "2023-09-06T03:12:08.181Z", dateReserved: "2023-04-14T01:59:51.137Z", dateUpdated: "2024-09-26T15:25:23.654Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-35667
Vulnerability from cvelistv5
Published
2023-09-11 20:09
Modified
2024-09-26 14:47
Severity ?
EPSS score ?
Summary
In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
References
Impacted products
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T16:30:43.949Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://android.googlesource.com/platform/packages/apps/Settings/+/d8355ac47e068ad20c6a7b1602e72f0585ec0085", }, { tags: [ "x_transferred", ], url: "https://source.android.com/security/bulletin/2023-09-01", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:o:google:android:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "android", vendor: "google", versions: [ { status: "affected", version: "11", }, { status: "affected", version: "12", }, { status: "affected", version: "12l", }, { status: "affected", version: "13", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-35667", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T14:37:12.151553Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-269", description: "CWE-269 Improper Privilege Management", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-26T14:47:51.656Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", product: "Android", vendor: "Google", versions: [ { status: "affected", version: "13", }, { status: "affected", version: "12L", }, { status: "affected", version: "12", }, { status: "affected", version: "11", }, ], }, ], descriptions: [ { lang: "en", value: "In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.", }, ], problemTypes: [ { descriptions: [ { description: "Elevation of privilege", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-11T20:16:40.586Z", orgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", shortName: "google_android", }, references: [ { url: "https://android.googlesource.com/platform/packages/apps/Settings/+/d8355ac47e068ad20c6a7b1602e72f0585ec0085", }, { url: "https://source.android.com/security/bulletin/2023-09-01", }, ], }, }, cveMetadata: { assignerOrgId: "baff130e-b8d5-4e15-b3d3-c3cf5d5545c6", assignerShortName: "google_android", cveId: "CVE-2023-35667", datePublished: "2023-09-11T20:09:52.613Z", dateReserved: "2023-06-15T02:50:29.819Z", dateUpdated: "2024-09-26T14:47:51.656Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-30708
Vulnerability from cvelistv5
Published
2023-09-06 03:11
Modified
2024-09-26 15:27
Severity ?
EPSS score ?
Summary
Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 allows attacker to access Captive Portal Wi-Fi in Reactivation Lock status.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Samsung Mobile | Samsung Mobile Devices |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T14:37:15.564Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], title: "CVE Program Container", }, { metrics: [ { other: { content: { id: "CVE-2023-30708", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-09-26T15:10:18.364327Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-26T15:27:02.874Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "affected", product: "Samsung Mobile Devices", vendor: "Samsung Mobile", versions: [ { status: "unaffected", version: "SMR Sep-2023 Release in Android 11, 12, 13", }, ], }, ], descriptions: [ { lang: "en", value: "Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 allows attacker to access Captive Portal Wi-Fi in Reactivation Lock status.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "PHYSICAL", availabilityImpact: "HIGH", baseScore: 4.6, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, format: "CVSS", }, ], problemTypes: [ { descriptions: [ { description: "CWE-287: Improper Authentication", lang: "en", }, ], }, ], providerMetadata: { dateUpdated: "2023-09-06T03:11:54.441Z", orgId: "3af57064-a867-422c-b2ad-40307b65c458", shortName: "Samsung Mobile", }, references: [ { url: "https://security.samsungmobile.com/securityUpdate.smsb?year=2023&month=09", }, ], }, }, cveMetadata: { assignerOrgId: "3af57064-a867-422c-b2ad-40307b65c458", assignerShortName: "Samsung Mobile", cveId: "CVE-2023-30708", datePublished: "2023-09-06T03:11:54.441Z", dateReserved: "2023-04-14T01:59:51.130Z", dateUpdated: "2024-09-26T15:27:02.874Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2023-21626
Vulnerability from cvelistv5
Published
2023-08-08 09:14
Modified
2024-10-24 18:59
Severity ?
EPSS score ?
Summary
Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Qualcomm, Inc. | Snapdragon |
Version: APQ8009 Version: APQ8017 Version: APQ8037 Version: AQT1000 Version: AR8035 Version: CSRA6620 Version: CSRA6640 Version: CSRB31024 Version: FSM10056 Version: MDM8207 Version: MDM9205 Version: MDM9206 Version: MDM9207 Version: MDM9607 Version: MDM9628 Version: MSM8108 Version: MSM8208 Version: MSM8209 Version: MSM8608 Version: MSM8917 Version: MSM8920 Version: MSM8937 Version: MSM8940 Version: PM8937 Version: QAM8295P Version: QCA4004 Version: QCA4020 Version: QCA6174A Version: QCA6310 Version: QCA6320 Version: QCA6335 Version: QCA6390 Version: QCA6391 Version: QCA6420 Version: QCA6421 Version: QCA6426 Version: QCA6430 Version: QCA6431 Version: QCA6436 Version: QCA6564 Version: QCA6564A Version: QCA6564AU Version: QCA6574 Version: QCA6574A Version: QCA6574AU Version: QCA6595 Version: QCA6595AU Version: QCA6696 Version: QCA8081 Version: QCA8337 Version: QCA9367 Version: QCA9377 Version: QCA9379 Version: QCM2290 Version: QCM4290 Version: QCM6125 Version: QCM6490 Version: QCN7606 Version: QCS2290 Version: QCS405 Version: QCS410 Version: QCS4290 Version: QCS603 Version: QCS605 Version: QCS610 Version: QCS6125 Version: QCS6490 Version: QCS8155 Version: QCX315 Version: QSM8350 Version: Qualcomm215 Version: SA4150P Version: SA4155P Version: SA415M Version: SA515M Version: SA6145P Version: SA6150P Version: SA6155 Version: SA6155P Version: SA8145P Version: SA8150P Version: SA8155 Version: SA8155P Version: SA8195P Version: SA8295P Version: SA8540P Version: SA9000P Version: SC8180X+SDX55 Version: SD 455 Version: SD 636 Version: SD 675 Version: SD 8 Gen1 5G Version: SD 8cx Gen2 Version: SD 8cx Gen3 Version: SD205 Version: SD210 Version: SD429 Version: SD439 Version: SD450 Version: SD460 Version: SD480 Version: SD625 Version: SD626 Version: SD632 Version: SD660 Version: SD662 Version: SD665 Version: SD670 Version: SD675 Version: SD678 Version: SD680 Version: SD690 5G Version: SD695 Version: SD710 Version: SD720G Version: SD730 Version: SD750G Version: SD765 Version: SD765G Version: SD768G Version: SD778G Version: SD780G Version: SD7c Version: SD835 Version: SD845 Version: SD850 Version: SD855 Version: SD865 5G Version: SD870 Version: SD888 Version: SD888 5G Version: SDA429W Version: SDM429W Version: SDM630 Version: SDX24 Version: SDX50M Version: SDX55 Version: SDX55M Version: SDX65 Version: SDXR1 Version: SDXR2 5G Version: SM4125 Version: SM4375 Version: SM6250 Version: SM6250P Version: SM7250P Version: SM7315 Version: SM7325P Version: SXR2150P Version: WCD9306 Version: WCD9326 Version: WCD9330 Version: WCD9335 Version: WCD9340 Version: WCD9341 Version: WCD9360 Version: WCD9370 Version: WCD9371 Version: WCD9375 Version: WCD9380 Version: WCD9385 Version: WCN3610 Version: WCN3615 Version: WCN3620 Version: WCN3660 Version: WCN3660B Version: WCN3680 Version: WCN3680B Version: WCN3910 Version: WCN3950 Version: WCN3980 Version: WCN3988 Version: WCN3990 Version: WCN3991 Version: WCN3998 Version: WCN6740 Version: WCN6750 Version: WCN6850 Version: WCN6851 Version: WCN6855 Version: WCN6856 Version: WSA8810 Version: WSA8815 Version: WSA8830 Version: WSA8835 |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T09:44:01.518Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:h:qualcomm:snapdragon:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "snapdragon", vendor: "qualcomm", versions: [ { status: "affected", version: "APQ8009", }, { status: "affected", version: "APQ8017", }, { status: "affected", version: "APQ8037", }, { status: "affected", version: "AQT1000", }, { status: "affected", version: "AR8035", }, { status: "affected", version: "CSRA6620", }, { status: "affected", version: "CSRA6640", }, { status: "affected", version: "CSRB31024", }, { status: "affected", version: "FSM10056", }, { status: "affected", version: "MDM8207", }, { status: "affected", version: "MDM9205", }, { status: "affected", version: "MDM9206", }, { status: "affected", version: "MDM9207", }, { status: "affected", version: "MDM9607", }, { status: "affected", version: "MDM9628", }, { status: "affected", version: "MSM8108", }, { status: "affected", version: "MSM8208", }, { status: "affected", version: "MSM8209", }, { status: "affected", version: "MSM8608", }, { status: "affected", version: "MSM8917", }, { status: "affected", version: "MSM8920", }, { status: "affected", version: "MSM8937", }, { status: "affected", version: "MSM8940", }, { status: "affected", version: "PM8937", }, { status: "affected", version: "QAM8295P", }, { status: "affected", version: "QCA4004", }, { status: "affected", version: "QCA4020", }, { status: "affected", version: "QCA6174A", }, { status: "affected", version: "QCA6310", }, { status: "affected", version: "QCA6320", }, { status: "affected", version: "QCA6335", }, { status: "affected", version: "QCA6390", }, { status: "affected", version: "QCA6391", }, { status: "affected", version: "QCA6420", }, { status: "affected", version: "QCA6421", }, { status: "affected", version: "QCA6426", }, { status: "affected", version: "QCA6430", }, { status: "affected", version: "QCA6431", }, { status: "affected", version: "QCA6436", }, { status: "affected", version: "QCA6564", }, { status: "affected", version: "QCA6564A", }, { status: "affected", version: "QCA6564AU", }, { status: "affected", version: "QCA6574", }, { status: "affected", version: "QCA6574A", }, { status: "affected", version: "QCA6574AU", }, { status: "affected", version: "QCA6595", }, { status: "affected", version: "QCA6595AU", }, { status: "affected", version: "QCA6696", }, { status: "affected", version: "QCA8081", }, { status: "affected", version: "QCA8337", }, { status: "affected", version: "QCA9367", }, { status: "affected", version: "QCA9377", }, { status: "affected", version: "QCA9379", }, { status: "affected", version: "QCM2290", }, { status: "affected", version: "QCM4290", }, { status: "affected", version: "QCM6125", }, { status: "affected", version: "QCM6490", }, { status: "affected", version: "QCN7606", }, { status: "affected", version: "QCS2290", }, { status: "affected", version: "QCS405", }, { status: "affected", version: "QCS410", }, { status: "affected", version: "QCS4290", }, { status: "affected", version: "QCS603", }, { status: "affected", version: "QCS605", }, { status: "affected", version: "QCS610", }, { status: "affected", version: "QCS6125", }, { status: "affected", version: "QCS6490", }, { status: "affected", version: "QCS8155", }, { status: "affected", version: "QCX315", }, { status: "affected", version: "QSM8350", }, { status: "affected", version: "Qualcomm215", }, { status: "affected", version: "SA4150P", }, { status: "affected", version: "SA4155P", }, { status: "affected", version: "SA415M", }, { status: "affected", version: "SA515M", }, { status: "affected", version: "SA6145P", }, { status: "affected", version: "SA6150P", }, { status: "affected", version: "SA6155", }, { status: "affected", version: "SA6155P", }, { status: "affected", version: "SA8145P", }, { status: "affected", version: "SA8150P", }, { status: "affected", version: "SA8155", }, { status: "affected", version: "SA8155P", }, { status: "affected", version: "SA8195P", }, { status: "affected", version: "SA8295P", }, { status: "affected", version: "SA8540P", }, { status: "affected", version: "SA9000P", }, { status: "affected", version: "SC8180X+SDX55", }, { status: "affected", version: "SD 455", }, { status: "affected", version: "SD 636", }, { status: "affected", version: "SD 675", }, { status: "affected", version: "SD 8 Gen1 5G", }, { status: "affected", version: "SD 8cx Gen2", }, { status: "affected", version: "SD 8cx Gen3", }, { status: "affected", version: "SD205", }, { status: "affected", version: "SD210", }, { status: "affected", version: "SD429", }, { status: "affected", version: "SD439", }, { status: "affected", version: "SD450", }, { status: "affected", version: "SD460", }, { status: "affected", version: "SD480", }, { status: "affected", version: "SD625", }, { status: "affected", version: "SD626", }, { status: "affected", version: "SD632", }, { status: "affected", version: "SD660", }, { status: "affected", version: "SD662", }, { status: "affected", version: "SD665", }, { status: "affected", version: "SD670", }, { status: "affected", version: "SD675", }, { status: "affected", version: "SD678", }, { status: "affected", version: "SD680", }, { status: "affected", version: "SD690 5G", }, { status: "affected", version: "SD695", }, { status: "affected", version: "SD710", }, { status: "affected", version: "SD720G", }, { status: "affected", version: "SD730", }, { status: "affected", version: "SD750G", }, { status: "affected", version: "SD765", }, { status: "affected", version: "SD765G", }, { status: "affected", version: "SD768G", }, { status: "affected", version: "SD778G", }, { status: "affected", version: "SD780G", }, { status: "affected", version: "SD7c", }, { status: "affected", version: "SD835", }, { status: "affected", version: "SD845", }, { status: "affected", version: "SD850", }, { status: "affected", version: "SD855", }, { status: "affected", version: "SD865 5G", }, { status: "affected", version: "SD870", }, { status: "affected", version: "SD888", }, { status: "affected", version: "SD888 5G", }, { status: "affected", version: "SDA429W", }, { status: "affected", version: "SDM429W", }, { status: "affected", version: "SDM630", }, { status: "affected", version: "SDX24", }, { status: "affected", version: "SDX50M", }, { status: "affected", version: "SDX55", }, { status: "affected", version: "SDX55M", }, { status: "affected", version: "SDX65", }, { status: "affected", version: "SDXR1", }, { status: "affected", version: "SDXR2 5G", }, { status: "affected", version: "SM4125", }, { status: "affected", version: "SM4375", }, { status: "affected", version: "SM6250", }, { status: "affected", version: "SM6250P", }, { status: "affected", version: "SM7250P", }, { status: "affected", version: "SM7315", }, { status: "affected", version: "SM7325P", }, { status: "affected", version: "SXR2150P", }, { status: "affected", version: "WCD9306", }, { status: "affected", version: "WCD9326", }, { status: "affected", version: "WCD9330", }, { status: "affected", version: "WCD9335", }, { status: "affected", version: "WCD9340", }, { status: "affected", version: "WCD9341", }, { status: "affected", version: "WCD9360", }, { status: "affected", version: "WCD9370", }, { status: "affected", version: "WCD9371", }, { status: "affected", version: "WCD9375", }, { status: "affected", version: "WCD9380", }, { status: "affected", version: "WCD9385", }, { status: "affected", version: "WCN3610", }, { status: "affected", version: "WCN3615", }, { status: "affected", version: "WCN3620", }, { status: "affected", version: "WCN3660", }, { status: "affected", version: "WCN3660B", }, { status: "affected", version: "WCN3680", }, { status: "affected", version: "WCN3680B", }, { status: "affected", version: "WCN3910", }, { status: "affected", version: "WCN3950", }, { status: "affected", version: "WCN3980", }, { status: "affected", version: "WCN3988", }, { status: "affected", version: "WCN3990", }, { status: "affected", version: "WCN3991", }, { status: "affected", version: "WCN3998", }, { status: "affected", version: "WCN6740", }, { status: "affected", version: "WCN6750", }, { status: "affected", version: "WCN6850", }, { status: "affected", version: "WCN6851", }, { status: "affected", version: "WCN6855", }, { status: "affected", version: "WCN6856", }, { status: "affected", version: "WSA8810", }, { status: "affected", version: "WSA8815", }, { status: "affected", version: "WSA8830", }, { status: "affected", version: "WSA8835", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2023-21626", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-10-24T18:51:18.709645Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-10-24T18:59:08.395Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { defaultStatus: "unaffected", platforms: [ "Snapdragon Auto", "Snapdragon Compute", "Snapdragon Connectivity", "Snapdragon Consumer IOT", "Snapdragon Industrial IOT", "Snapdragon IoT", "Snapdragon Mobile", "Snapdragon Voice & Music", "Snapdragon Wearables", ], product: "Snapdragon", vendor: "Qualcomm, Inc.", versions: [ { status: "affected", version: "APQ8009", }, { status: "affected", version: "APQ8017", }, { status: "affected", version: "APQ8037", }, { status: "affected", version: "AQT1000", }, { status: "affected", version: "AR8035", }, { status: "affected", version: "CSRA6620", }, { status: "affected", version: "CSRA6640", }, { status: "affected", version: "CSRB31024", }, { status: "affected", version: "FSM10056", }, { status: "affected", version: "MDM8207", }, { status: "affected", version: "MDM9205", }, { status: "affected", version: "MDM9206", }, { status: "affected", version: "MDM9207", }, { status: "affected", version: "MDM9607", }, { status: "affected", version: "MDM9628", }, { status: "affected", version: "MSM8108", }, { status: "affected", version: "MSM8208", }, { status: "affected", version: "MSM8209", }, { status: "affected", version: "MSM8608", }, { status: "affected", version: "MSM8917", }, { status: "affected", version: "MSM8920", }, { status: "affected", version: "MSM8937", }, { status: "affected", version: "MSM8940", }, { status: "affected", version: "PM8937", }, { status: "affected", version: "QAM8295P", }, { status: "affected", version: "QCA4004", }, { status: "affected", version: "QCA4020", }, { status: "affected", version: "QCA6174A", }, { status: "affected", version: "QCA6310", }, { status: "affected", version: "QCA6320", }, { status: "affected", version: "QCA6335", }, { status: "affected", version: "QCA6390", }, { status: "affected", version: "QCA6391", }, { status: "affected", version: "QCA6420", }, { status: "affected", version: "QCA6421", }, { status: "affected", version: "QCA6426", }, { status: "affected", version: "QCA6430", }, { status: "affected", version: "QCA6431", }, { status: "affected", version: "QCA6436", }, { status: "affected", version: "QCA6564", }, { status: "affected", version: "QCA6564A", }, { status: "affected", version: "QCA6564AU", }, { status: "affected", version: "QCA6574", }, { status: "affected", version: "QCA6574A", }, { status: "affected", version: "QCA6574AU", }, { status: "affected", version: "QCA6595", }, { status: "affected", version: "QCA6595AU", }, { status: "affected", version: "QCA6696", }, { status: "affected", version: "QCA8081", }, { status: "affected", version: "QCA8337", }, { status: "affected", version: "QCA9367", }, { status: "affected", version: "QCA9377", }, { status: "affected", version: "QCA9379", }, { status: "affected", version: "QCM2290", }, { status: "affected", version: "QCM4290", }, { status: "affected", version: "QCM6125", }, { status: "affected", version: "QCM6490", }, { status: "affected", version: "QCN7606", }, { status: "affected", version: "QCS2290", }, { status: "affected", version: "QCS405", }, { status: "affected", version: "QCS410", }, { status: "affected", version: "QCS4290", }, { status: "affected", version: "QCS603", }, { status: "affected", version: "QCS605", }, { status: "affected", version: "QCS610", }, { status: "affected", version: "QCS6125", }, { status: "affected", version: "QCS6490", }, { status: "affected", version: "QCS8155", }, { status: "affected", version: "QCX315", }, { status: "affected", version: "QSM8350", }, { status: "affected", version: "Qualcomm215", }, { status: "affected", version: "SA4150P", }, { status: "affected", version: "SA4155P", }, { status: "affected", version: "SA415M", }, { status: "affected", version: "SA515M", }, { status: "affected", version: "SA6145P", }, { status: "affected", version: "SA6150P", }, { status: "affected", version: "SA6155", }, { status: "affected", version: "SA6155P", }, { status: "affected", version: "SA8145P", }, { status: "affected", version: "SA8150P", }, { status: "affected", version: "SA8155", }, { status: "affected", version: "SA8155P", }, { status: "affected", version: "SA8195P", }, { status: "affected", version: "SA8295P", }, { status: "affected", version: "SA8540P", }, { status: "affected", version: "SA9000P", }, { status: "affected", version: "SC8180X+SDX55", }, { status: "affected", version: "SD 455", }, { status: "affected", version: "SD 636", }, { status: "affected", version: "SD 675", }, { status: "affected", version: "SD 8 Gen1 5G", }, { status: "affected", version: "SD 8cx Gen2", }, { status: "affected", version: "SD 8cx Gen3", }, { status: "affected", version: "SD205", }, { status: "affected", version: "SD210", }, { status: "affected", version: "SD429", }, { status: "affected", version: "SD439", }, { status: "affected", version: "SD450", }, { status: "affected", version: "SD460", }, { status: "affected", version: "SD480", }, { status: "affected", version: "SD625", }, { status: "affected", version: "SD626", }, { status: "affected", version: "SD632", }, { status: "affected", version: "SD660", }, { status: "affected", version: "SD662", }, { status: "affected", version: "SD665", }, { status: "affected", version: "SD670", }, { status: "affected", version: "SD675", }, { status: "affected", version: "SD678", }, { status: "affected", version: "SD680", }, { status: "affected", version: "SD690 5G", }, { status: "affected", version: "SD695", }, { status: "affected", version: "SD710", }, { status: "affected", version: "SD720G", }, { status: "affected", version: "SD730", }, { status: "affected", version: "SD750G", }, { status: "affected", version: "SD765", }, { status: "affected", version: "SD765G", }, { status: "affected", version: "SD768G", }, { status: "affected", version: "SD778G", }, { status: "affected", version: "SD780G", }, { status: "affected", version: "SD7c", }, { status: "affected", version: "SD835", }, { status: "affected", version: "SD845", }, { status: "affected", version: "SD850", }, { status: "affected", version: "SD855", }, { status: "affected", version: "SD865 5G", }, { status: "affected", version: "SD870", }, { status: "affected", version: "SD888", }, { status: "affected", version: "SD888 5G", }, { status: "affected", version: "SDA429W", }, { status: "affected", version: "SDM429W", }, { status: "affected", version: "SDM630", }, { status: "affected", version: "SDX24", }, { status: "affected", version: "SDX50M", }, { status: "affected", version: "SDX55", }, { status: "affected", version: "SDX55M", }, { status: "affected", version: "SDX65", }, { status: "affected", version: "SDXR1", }, { status: "affected", version: "SDXR2 5G", }, { status: "affected", version: "SM4125", }, { status: "affected", version: "SM4375", }, { status: "affected", version: "SM6250", }, { status: "affected", version: "SM6250P", }, { status: "affected", version: "SM7250P", }, { status: "affected", version: "SM7315", }, { status: "affected", version: "SM7325P", }, { status: "affected", version: "SXR2150P", }, { status: "affected", version: "WCD9306", }, { status: "affected", version: "WCD9326", }, { status: "affected", version: "WCD9330", }, { status: "affected", version: "WCD9335", }, { status: "affected", version: "WCD9340", }, { status: "affected", version: "WCD9341", }, { status: "affected", version: "WCD9360", }, { status: "affected", version: "WCD9370", }, { status: "affected", version: "WCD9371", }, { status: "affected", version: "WCD9375", }, { status: "affected", version: "WCD9380", }, { status: "affected", version: "WCD9385", }, { status: "affected", version: "WCN3610", }, { status: "affected", version: "WCN3615", }, { status: "affected", version: "WCN3620", }, { status: "affected", version: "WCN3660", }, { status: "affected", version: "WCN3660B", }, { status: "affected", version: "WCN3680", }, { status: "affected", version: "WCN3680B", }, { status: "affected", version: "WCN3910", }, { status: "affected", version: "WCN3950", }, { status: "affected", version: "WCN3980", }, { status: "affected", version: "WCN3988", }, { status: "affected", version: "WCN3990", }, { status: "affected", version: "WCN3991", }, { status: "affected", version: "WCN3998", }, { status: "affected", version: "WCN6740", }, { status: "affected", version: "WCN6750", }, { status: "affected", version: "WCN6850", }, { status: "affected", version: "WCN6851", }, { status: "affected", version: "WCN6855", }, { status: "affected", version: "WCN6856", }, { status: "affected", version: "WSA8810", }, { status: "affected", version: "WSA8815", }, { status: "affected", version: "WSA8830", }, { status: "affected", version: "WSA8835", }, ], }, ], descriptions: [ { lang: "en", value: "Cryptographic issue in HLOS due to improper authentication while performing key velocity checks using more than one key.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 7.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", version: "3.1", }, format: "CVSS", scenarios: [ { lang: "en", value: "GENERAL", }, ], }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-320", description: "CWE-320 Key Management Errors", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-04-12T16:23:26.915Z", orgId: "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", shortName: "qualcomm", }, references: [ { url: "https://www.qualcomm.com/company/product-security/bulletins/august-2023-bulletin", }, ], title: "Improper Authentication in HLOS.", }, }, cveMetadata: { assignerOrgId: "2cfc7d3e-20d3-47ac-8db7-1b7285aff15f", assignerShortName: "qualcomm", cveId: "CVE-2023-21626", datePublished: "2023-08-08T09:14:50.487Z", dateReserved: "2022-12-07T02:58:25.864Z", dateUpdated: "2024-10-24T18:59:08.395Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.