mobile devices
CVEs (911)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-39880 | Hig | 0.46 | 7.1 | 0.00 | Nov 9, 2022 | Improper input validation vulnerability in DualOutFocusViewer prior to SMR Nov-2022 Release 1 allows local attacker to perform an arbitrary code execution. | ||
| CVE-2022-22292 | Hig | 0.46 | 7.1 | 0.00 | Feb 11, 2022 | Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity. | ||
| CVE-2021-25410 | Hig | 0.46 | 7.1 | 0.00 | Jun 11, 2021 | Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege. | ||
| CVE-2021-25388 | Hig | 0.46 | 7.1 | 0.00 | Jun 11, 2021 | Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app. | ||
| CVE-2021-25356 | Hig | 0.46 | 7.1 | 0.00 | Apr 9, 2021 | An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application. | ||
| CVE-2021-30162 | Hig | 0.46 | 7.1 | 0.00 | Apr 6, 2021 | An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021). | ||
| CVE-2021-25346 | Hig | 0.46 | 7.1 | 0.01 | Mar 4, 2021 | A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution. | ||
| CVE-2017-18680 | Hig | 0.46 | 7.1 | 0.00 | Apr 7, 2020 | An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) (tablets) software. The lockscreen interface allows Add User actions, leading to an unintended ability to access user data in external storage. The Samsung ID is SVE-2016-7797 (March 2017). | ||
| CVE-2020-10840 | Hig | 0.46 | 7.1 | 0.00 | Mar 24, 2020 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 9610 chipsets) software. There is a kernel pointer leak in the vipx driver. The Samsung ID is SVE-2019-16293 (February 2020). | ||
| CVE-2022-39908 | Med | 0.45 | 6.9 | 0.00 | Dec 8, 2022 | TOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write. | ||
| CVE-2022-39907 | Med | 0.45 | 6.9 | 0.00 | Dec 8, 2022 | Integer overflow vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write. | ||
| CVE-2022-22265 | Med | 0.45 | 5.0 | 0.00 | KEV | Jan 10, 2022 | An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution. | |
| CVE-2024-20803 | Med | 0.44 | 6.8 | 0.00 | Jan 4, 2024 | Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction. | ||
| CVE-2023-42563 | Med | 0.44 | 6.7 | 0.00 | Dec 5, 2023 | Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow. | ||
| CVE-2023-42562 | Med | 0.44 | 6.7 | 0.00 | Dec 5, 2023 | Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow. | ||
| CVE-2023-42530 | Med | 0.44 | 6.7 | 0.00 | Nov 7, 2023 | Improper access control vulnerability in SecSettings prior to SMR Nov-2023 Release 1 allows attackers to enable Wi-Fi and Wi-Fi Direct without User Interaction. | ||
| CVE-2023-42529 | Med | 0.44 | 6.7 | 0.00 | Nov 7, 2023 | Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to execute arbitrary code. | ||
| CVE-2023-42528 | Med | 0.44 | 6.7 | 0.00 | Nov 7, 2023 | Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. | ||
| CVE-2023-30739 | Med | 0.44 | 6.7 | 0.00 | Nov 7, 2023 | Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. | ||
| CVE-2023-30727 | Med | 0.44 | 6.7 | 0.00 | Oct 4, 2023 | Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction. |
- risk 0.46cvss 7.1epss 0.00
Improper input validation vulnerability in DualOutFocusViewer prior to SMR Nov-2022 Release 1 allows local attacker to perform an arbitrary code execution.
- risk 0.46cvss 7.1epss 0.00
Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity.
- risk 0.46cvss 7.1epss 0.00
Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege.
- risk 0.46cvss 7.1epss 0.00
Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app.
- risk 0.46cvss 7.1epss 0.00
An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application.
- risk 0.46cvss 7.1epss 0.00
An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021).
- risk 0.46cvss 7.1epss 0.01
A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution.
- risk 0.46cvss 7.1epss 0.00
An issue was discovered on Samsung mobile devices with L(5.0/5.1) and M(6.0) (tablets) software. The lockscreen interface allows Add User actions, leading to an unintended ability to access user data in external storage. The Samsung ID is SVE-2016-7797 (March 2017).
- risk 0.46cvss 7.1epss 0.00
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 9610 chipsets) software. There is a kernel pointer leak in the vipx driver. The Samsung ID is SVE-2019-16293 (February 2020).
- risk 0.45cvss 6.9epss 0.00
TOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write.
- risk 0.45cvss 6.9epss 0.00
Integer overflow vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write.
- risk 0.45cvss 5.0epss 0.00
An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.
- risk 0.44cvss 6.8epss 0.00
Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction.
- risk 0.44cvss 6.7epss 0.00
Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.
- risk 0.44cvss 6.7epss 0.00
Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.
- risk 0.44cvss 6.7epss 0.00
Improper access control vulnerability in SecSettings prior to SMR Nov-2023 Release 1 allows attackers to enable Wi-Fi and Wi-Fi Direct without User Interaction.
- risk 0.44cvss 6.7epss 0.00
Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to execute arbitrary code.
- risk 0.44cvss 6.7epss 0.00
Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.
- risk 0.44cvss 6.7epss 0.00
Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.
- risk 0.44cvss 6.7epss 0.00
Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction.
Page 11 of 46