Dongxiang Ke

**Name of the Vulnerable Software and Affected Versions** Samsung Assistant versions prior to 8.7.00.1 **Description** The issue is related to improper authorization in the PushMsgReceiver of Samsung Assistant. This allows an attacker to execute a javascript interface. User interaction is required to trigger this issue. **Recommendations** For versions prior to 8.7.00.1, update to version 8.7.00.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the PushMsgReceiver until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Gallery versions prior to 14.5.01.2 **Description** The issue is related to improper authentication in the LocalProvider of Gallery, allowing an attacker to access data in the content provider. **Recommendations** For versions prior to 14.5.01.2, update to version 14.5.01.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GameLauncher versions prior to 4.2.59.5 **Description** The issue allows local attackers to access data through a PendingIntent hijacking vulnerability. **Recommendations** For versions prior to 4.2.59.5, update to version 4.2.59.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Config Manager (affected versions not specified) **Description** The issue is related to a possible command injection in Config Manager due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Config Manager (affected versions not specified) **Description** The issue is related to a possible command injection in Config Manager due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Boa (affected versions not specified) **Description** The issue is related to a missing permission check, which could lead to remote information disclosure to a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Config Manager (affected versions not specified) **Description** In Config Manager, there is a possible command injection due to improper input validation. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Boa (affected versions not specified) **Description** The issue is related to a possible escalation of privilege due to a stack buffer overflow in Boa. This could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Boa (affected versions not specified) **Description** The issue is related to a missing permission check, which could lead to remote escalation of privilege from a proximal attacker with no additional execution privileges needed. User interaction is not needed for exploitation. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Linux kernel (affected versions not specified) Description: The issue is related to an out-of-bounds bug in the ` snd usb parse audio interface()` function, which can occur when parsing the interface descriptor for a bad USB audio device with a USB ID of (0x04fa, 0x4201) and the number of its interfaces less than 4. This can lead to an out-of-bounds read bug. The problem is fixed by checking the number of interfaces. The vulnerability may allow an attacker to cause a denial of service. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zephyr (affected versions not specified) **Description** An out-of-bound write issue can be triggered in the Zephyr bluetooth mesh core stack during provisioning. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Zephyr (affected versions not specified) **Description** An out-of-bound write issue can be triggered in the Zephyr bluetooth mesh core stack during provisioning. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ESP-IDF versions 4.1 through 4.4 **Description** A memory corruption issue can be triggered in the ESP-BLE-MESH component during provisioning due to the lack of a check for the `SegN` field of the Transaction Start PDU. This can lead to memory corruption-related attacks, potentially allowing an attacker to gain control of the entire system. **Recommendations** For ESP-IDF versions 4.1 through 4.4, upgrade to a patched version, as patch commits are available on these branches.

Name of the Vulnerable Software and Affected Versions: Android version Android-11 Description: The issue is related to improper input validation in mobile log d, which could lead to local information disclosure. System execution privileges are needed for exploitation, and user interaction is not required. Recommendations: For Android version Android-11, apply the patch with ID ALPS05457039 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Android versions Android-10 through Android-11 Description: In the `mobile log d` component, a command injection issue exists due to a missing bounds check. This could lead to local escalation of privilege, requiring System execution privileges, and does not need user interaction for exploitation. Recommendations: For Android versions Android-10 through Android-11, apply the patch with ID ALPS05458478 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Android version Android-11 Description: The issue is related to a possible memory corruption due to a stack buffer overflow in the aee component. This could lead to local escalation of privilege, with System execution privileges needed. User interaction is not required for exploitation. Recommendations: For Android version Android-11, apply the patch with ID ALPS05457070 to resolve the issue.