mobile devices
CVEs (911)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-30659 | Med | 0.40 | 6.2 | 0.00 | Jul 6, 2023 | Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. | ||
| CVE-2023-30657 | Med | 0.40 | 6.2 | 0.00 | Jul 6, 2023 | Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities. | ||
| CVE-2023-30642 | Med | 0.40 | 6.2 | 0.00 | Jul 6, 2023 | Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to call privilege function. | ||
| CVE-2023-21513 | Med | 0.40 | 6.1 | 0.00 | Jun 28, 2023 | Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition. | ||
| CVE-2023-21496 | Med | 0.40 | 6.1 | 0.00 | May 4, 2023 | Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level. | ||
| CVE-2023-21458 | Med | 0.40 | 6.2 | 0.00 | Mar 16, 2023 | Improper privilege management vulnerability in PhoneStatusBarPolicy in System UI prior to SMR Mar-2023 Release 1 allows attacker to turn off Do not disturb via unprotected intent. | ||
| CVE-2023-21440 | Med | 0.40 | 6.2 | 0.00 | Feb 9, 2023 | Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture. | ||
| CVE-2022-39912 | Med | 0.40 | 6.2 | 0.00 | Dec 8, 2022 | Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder. | ||
| CVE-2022-33732 | Med | 0.40 | 6.2 | 0.00 | Aug 5, 2022 | Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call. | ||
| CVE-2022-33718 | Med | 0.40 | 6.2 | 0.00 | Aug 5, 2022 | An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data. | ||
| CVE-2022-33714 | Med | 0.40 | 6.2 | 0.00 | Aug 5, 2022 | Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot. | ||
| CVE-2022-33702 | Med | 0.40 | 6.2 | 0.00 | Jul 12, 2022 | Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset. | ||
| CVE-2022-33691 | Med | 0.40 | 6.2 | 0.00 | Jul 12, 2022 | A possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow local attackers to interleave malicious operations. | ||
| CVE-2022-33689 | Med | 0.40 | 6.2 | 0.00 | Jul 12, 2022 | Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attackers to change preferred network type by unprotected binder call. | ||
| CVE-2022-30727 | Med | 0.40 | 6.2 | 0.00 | Jun 7, 2022 | Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space. | ||
| CVE-2022-30726 | Med | 0.40 | 6.2 | 0.00 | Jun 7, 2022 | Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence. | ||
| CVE-2022-30722 | Med | 0.40 | 6.2 | 0.00 | Jun 7, 2022 | Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account. | ||
| CVE-2022-28783 | Med | 0.40 | 6.2 | 0.00 | May 3, 2022 | Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logic for removing package name. | ||
| CVE-2022-22268 | Med | 0.40 | 6.1 | 0.00 | Jan 10, 2022 | Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode. | ||
| CVE-2021-25512 | Med | 0.40 | 6.1 | 0.00 | Dec 8, 2021 | An improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows attackers to launch certain activities. |
- risk 0.40cvss 6.2epss 0.00
Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
- risk 0.40cvss 6.2epss 0.00
Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
- risk 0.40cvss 6.2epss 0.00
Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to call privilege function.
- risk 0.40cvss 6.1epss 0.00
Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition.
- risk 0.40cvss 6.1epss 0.00
Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level.
- risk 0.40cvss 6.2epss 0.00
Improper privilege management vulnerability in PhoneStatusBarPolicy in System UI prior to SMR Mar-2023 Release 1 allows attacker to turn off Do not disturb via unprotected intent.
- risk 0.40cvss 6.2epss 0.00
Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture.
- risk 0.40cvss 6.2epss 0.00
Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder.
- risk 0.40cvss 6.2epss 0.00
Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call.
- risk 0.40cvss 6.2epss 0.00
An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data.
- risk 0.40cvss 6.2epss 0.00
Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot.
- risk 0.40cvss 6.2epss 0.00
Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset.
- risk 0.40cvss 6.2epss 0.00
A possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow local attackers to interleave malicious operations.
- risk 0.40cvss 6.2epss 0.00
Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attackers to change preferred network type by unprotected binder call.
- risk 0.40cvss 6.2epss 0.00
Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space.
- risk 0.40cvss 6.2epss 0.00
Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence.
- risk 0.40cvss 6.2epss 0.00
Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account.
- risk 0.40cvss 6.2epss 0.00
Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logic for removing package name.
- risk 0.40cvss 6.1epss 0.00
Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode.
- risk 0.40cvss 6.1epss 0.00
An improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows attackers to launch certain activities.
Page 15 of 46