mobile devices
CVEs (911)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-25518 | Med | 0.42 | 6.4 | 0.00 | Dec 8, 2021 | An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution. | ||
| CVE-2021-25516 | Med | 0.42 | 6.4 | 0.00 | Dec 8, 2021 | An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations. | ||
| CVE-2021-25481 | Med | 0.42 | 6.4 | 0.00 | Oct 6, 2021 | An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory. | ||
| CVE-2021-25449 | Med | 0.42 | 6.5 | 0.00 | Sep 9, 2021 | An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process. | ||
| CVE-2021-25427 | Med | 0.42 | 6.5 | 0.00 | Jul 8, 2021 | SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access to paired device information | ||
| CVE-2021-25416 | Med | 0.42 | 6.5 | 0.00 | Jun 11, 2021 | Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area. | ||
| CVE-2019-20546 | Med | 0.42 | 6.5 | 0.00 | Mar 24, 2020 | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom Wi-Fi chipsets) software. A denial-of-service attack can leverage a shared interface between Broadcom Bluetooth and Broadcom Wi-Fi. The Samsung ID is SVE-2019-15350 (November 2019). | ||
| CVE-2020-10845 | Med | 0.42 | 6.4 | 0.00 | Mar 24, 2020 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is a race condition leading to a use-after-free in MTP. The Samsung ID is SVE-2019-16520 (February 2020). | ||
| CVE-2020-10844 | Med | 0.42 | 6.5 | 0.00 | Mar 24, 2020 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.x), and Q(10.0) software. There is an out-of-bounds read vulnerability in media.audio_policy. The Samsung ID is SVE-2019-16333 (February 2020). | ||
| CVE-2023-42534 | Med | 0.41 | 6.3 | 0.00 | Nov 7, 2023 | Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege. | ||
| CVE-2023-30671 | Med | 0.41 | 6.3 | 0.00 | Jul 6, 2023 | Logic error in package installation via adb command prior to SMR Jul-2023 Release 1 allows local attackers to downgrade installed application. | ||
| CVE-2023-21492 | Med | 0.41 | 4.4 | 0.03 | KEV | May 4, 2023 | Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR. | |
| CVE-2021-25511 | Med | 0.41 | 6.3 | 0.00 | Dec 8, 2021 | An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability. | ||
| CVE-2021-25337 | Med | 0.41 | 4.4 | 0.03 | KEV | Mar 4, 2021 | Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files. | |
| CVE-2024-20806 | Med | 0.40 | 6.2 | 0.00 | Jan 4, 2024 | Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data. | ||
| CVE-2023-42531 | Med | 0.40 | 6.2 | 0.00 | Nov 7, 2023 | Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows local attackers to bypass restrictions on starting activities from the background. | ||
| CVE-2023-30713 | Med | 0.40 | 6.2 | 0.00 | Sep 6, 2023 | Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock. | ||
| CVE-2023-30662 | Med | 0.40 | 6.2 | 0.00 | Jul 6, 2023 | Exposure of Sensitive Information vulnerability in getChipIds in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier. | ||
| CVE-2023-30661 | Med | 0.40 | 6.2 | 0.00 | Jul 6, 2023 | Exposure of Sensitive Information vulnerability in getChipInfos in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier. | ||
| CVE-2023-30660 | Med | 0.40 | 6.2 | 0.00 | Jul 6, 2023 | Exposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier. |
- risk 0.42cvss 6.4epss 0.00
An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution.
- risk 0.42cvss 6.4epss 0.00
An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations.
- risk 0.42cvss 6.4epss 0.00
An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory.
- risk 0.42cvss 6.5epss 0.00
An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.
- risk 0.42cvss 6.5epss 0.00
SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access to paired device information
- risk 0.42cvss 6.5epss 0.00
Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area.
- risk 0.42cvss 6.5epss 0.00
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Broadcom Wi-Fi chipsets) software. A denial-of-service attack can leverage a shared interface between Broadcom Bluetooth and Broadcom Wi-Fi. The Samsung ID is SVE-2019-15350 (November 2019).
- risk 0.42cvss 6.4epss 0.00
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. There is a race condition leading to a use-after-free in MTP. The Samsung ID is SVE-2019-16520 (February 2020).
- risk 0.42cvss 6.5epss 0.00
An issue was discovered on Samsung mobile devices with O(8.x), P(9.x), and Q(10.0) software. There is an out-of-bounds read vulnerability in media.audio_policy. The Samsung ID is SVE-2019-16333 (February 2020).
- risk 0.41cvss 6.3epss 0.00
Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege.
- risk 0.41cvss 6.3epss 0.00
Logic error in package installation via adb command prior to SMR Jul-2023 Release 1 allows local attackers to downgrade installed application.
- risk 0.41cvss 4.4epss 0.03
Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.
- risk 0.41cvss 6.3epss 0.00
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability.
- risk 0.41cvss 4.4epss 0.03
Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.
- risk 0.40cvss 6.2epss 0.00
Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data.
- risk 0.40cvss 6.2epss 0.00
Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows local attackers to bypass restrictions on starting activities from the background.
- risk 0.40cvss 6.2epss 0.00
Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock.
- risk 0.40cvss 6.2epss 0.00
Exposure of Sensitive Information vulnerability in getChipIds in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.
- risk 0.40cvss 6.2epss 0.00
Exposure of Sensitive Information vulnerability in getChipInfos in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.
- risk 0.40cvss 6.2epss 0.00
Exposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.
Page 14 of 46