mobile devices
CVEs (911)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-20601 | Hig | 0.49 | 7.5 | 0.00 | Mar 24, 2020 | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos7570, 7580, 7870, 7880, and 8890 chipsets) software. RKP memory corruption causes an arbitrary write to protected memory. The Samsung ID is SVE-2019-13921-2 (May 2019). | ||
| CVE-2019-20570 | Hig | 0.49 | 7.5 | 0.00 | Mar 24, 2020 | An issue was discovered on Samsung mobile devices with P(9.0), O(8.0), and N(7.1) software. Attackers can bypass Factory Reset Protection (FRP) via Smart Switch. The Samsung ID is SVE-2019-15138 (September 2019). | ||
| CVE-2019-20565 | Hig | 0.49 | 7.5 | 0.00 | Mar 24, 2020 | An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. Attackers can change the USB configuration without authentication. The Samsung ID is SVE-2018-13300 (September 2019). | ||
| CVE-2019-20552 | Hig | 0.49 | 7.5 | 0.00 | Mar 24, 2020 | An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via an RCS call. The Samsung ID is SVE-2019-15035 (October 2019). | ||
| CVE-2019-20551 | Hig | 0.49 | 7.5 | 0.00 | Mar 24, 2020 | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via a Class 0 Type Message. The Samsung ID is SVE-2019-14941 (October 2019). | ||
| CVE-2020-10854 | Hig | 0.49 | 7.5 | 0.00 | Mar 24, 2020 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Kernel stack addresses are leaked to userspace. The Samsung ID is SVE-2019-16161 (January 2020). | ||
| CVE-2023-42560 | Hig | 0.48 | 7.4 | 0.00 | Dec 5, 2023 | Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary code. | ||
| CVE-2022-26092 | Hig | 0.48 | 7.4 | 0.00 | Apr 11, 2022 | Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution. | ||
| CVE-2023-42568 | Hig | 0.47 | 7.3 | 0.00 | Dec 5, 2023 | Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system privilege. | ||
| CVE-2023-42567 | Hig | 0.47 | 7.3 | 0.00 | Dec 5, 2023 | Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1 allows stack-based buffer overflow. | ||
| CVE-2023-42566 | Hig | 0.47 | 7.3 | 0.00 | Dec 5, 2023 | Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code. | ||
| CVE-2023-42565 | Hig | 0.47 | 7.3 | 0.00 | Dec 5, 2023 | Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary code. | ||
| CVE-2023-21420 | Hig | 0.47 | 7.3 | 0.00 | Feb 9, 2023 | Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution. | ||
| CVE-2022-30755 | Hig | 0.47 | 7.3 | 0.00 | Jul 12, 2022 | Improper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker to bypass password confirm activity by hijacking the implicit intent. | ||
| CVE-2021-25500 | Hig | 0.47 | 7.2 | 0.00 | Nov 5, 2021 | A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise. | ||
| CVE-2021-25479 | Hig | 0.47 | 7.2 | 0.01 | Oct 6, 2021 | A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. | ||
| CVE-2021-25478 | Hig | 0.47 | 7.2 | 0.01 | Oct 6, 2021 | A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. | ||
| CVE-2018-21071 | Hig | 0.47 | 7.3 | 0.00 | Apr 8, 2020 | An issue was discovered on Samsung mobile devices with M(6.0) software. Because of an unprotected intent, an attacker can read arbitrary files and emails, and take over an email account. The Samsung ID is SVE-2018-11633 (May 2018). | ||
| CVE-2023-42561 | Hig | 0.46 | 7.1 | 0.00 | Dec 5, 2023 | Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code. | ||
| CVE-2023-21489 | Hig | 0.46 | 7.1 | 0.00 | May 4, 2023 | Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code. |
- risk 0.49cvss 7.5epss 0.00
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos7570, 7580, 7870, 7880, and 8890 chipsets) software. RKP memory corruption causes an arbitrary write to protected memory. The Samsung ID is SVE-2019-13921-2 (May 2019).
- risk 0.49cvss 7.5epss 0.00
An issue was discovered on Samsung mobile devices with P(9.0), O(8.0), and N(7.1) software. Attackers can bypass Factory Reset Protection (FRP) via Smart Switch. The Samsung ID is SVE-2019-15138 (September 2019).
- risk 0.49cvss 7.5epss 0.00
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. Attackers can change the USB configuration without authentication. The Samsung ID is SVE-2018-13300 (September 2019).
- risk 0.49cvss 7.5epss 0.00
An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via an RCS call. The Samsung ID is SVE-2019-15035 (October 2019).
- risk 0.49cvss 7.5epss 0.00
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via a Class 0 Type Message. The Samsung ID is SVE-2019-14941 (October 2019).
- risk 0.49cvss 7.5epss 0.00
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Kernel stack addresses are leaked to userspace. The Samsung ID is SVE-2019-16161 (January 2020).
- risk 0.48cvss 7.4epss 0.00
Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary code.
- risk 0.48cvss 7.4epss 0.00
Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution.
- risk 0.47cvss 7.3epss 0.00
Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system privilege.
- risk 0.47cvss 7.3epss 0.00
Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1 allows stack-based buffer overflow.
- risk 0.47cvss 7.3epss 0.00
Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code.
- risk 0.47cvss 7.3epss 0.00
Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary code.
- risk 0.47cvss 7.3epss 0.00
Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution.
- risk 0.47cvss 7.3epss 0.00
Improper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker to bypass password confirm activity by hijacking the implicit intent.
- risk 0.47cvss 7.2epss 0.00
A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise.
- risk 0.47cvss 7.2epss 0.01
A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.
- risk 0.47cvss 7.2epss 0.01
A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.
- risk 0.47cvss 7.3epss 0.00
An issue was discovered on Samsung mobile devices with M(6.0) software. Because of an unprotected intent, an attacker can read arbitrary files and emails, and take over an email account. The Samsung ID is SVE-2018-11633 (May 2018).
- risk 0.46cvss 7.1epss 0.00
Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code.
- risk 0.46cvss 7.1epss 0.00
Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code.
Page 10 of 46