mobile devices
CVEs (911)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-25382 | Med | 0.40 | 6.1 | 0.00 | Apr 23, 2021 | An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command. | ||
| CVE-2021-25344 | Med | 0.40 | 6.2 | 0.00 | Mar 4, 2021 | Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission. | ||
| CVE-2018-21045 | Med | 0.40 | 6.2 | 0.00 | Apr 8, 2020 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is Clipboard access in the lockscreen state via a copy-and-paste action. The Samsung ID is SVE-2018-13381 (December 2018). | ||
| CVE-2019-20569 | Med | 0.40 | 6.2 | 0.00 | Mar 24, 2020 | An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via the status bar. The Samsung ID is SVE-2019-15089 (September 2019). | ||
| CVE-2019-20554 | Med | 0.40 | 6.2 | 0.00 | Mar 24, 2020 | An issue was discovered on Samsung mobile devices with O(8.x) software. Attackers can bypass Factory Reset Protection (FRP) via an external keyboard. The Samsung ID is SVE-2019-15164 (October 2019). | ||
| CVE-2023-42558 | Med | 0.39 | 6.0 | 0.00 | Dec 5, 2023 | Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1 allows attacker to perform code execution. | ||
| CVE-2023-21500 | Med | 0.39 | 6.0 | 0.00 | May 4, 2023 | Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory. | ||
| CVE-2023-21498 | Med | 0.39 | 6.0 | 0.00 | May 4, 2023 | Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory. | ||
| CVE-2023-21453 | Med | 0.39 | 6.0 | 0.00 | Mar 16, 2023 | Improper input validation vulnerability in SoftSim TA prior to SMR Mar-2023 Release 1 allows local attackers access to protected data. | ||
| CVE-2021-25490 | Med | 0.39 | 6.0 | 0.01 | Oct 6, 2021 | A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process. | ||
| CVE-2021-25469 | Med | 0.39 | 6.0 | 0.00 | Oct 6, 2021 | A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution. | ||
| CVE-2023-42570 | Med | 0.38 | 5.9 | 0.00 | Dec 5, 2023 | Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN. | ||
| CVE-2023-42538 | Med | 0.38 | 5.9 | 0.00 | Nov 7, 2023 | An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write. | ||
| CVE-2023-42532 | Med | 0.38 | 5.9 | 0.00 | Nov 7, 2023 | Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information. | ||
| CVE-2023-21455 | Med | 0.38 | 5.9 | 0.00 | Mar 16, 2023 | Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message. | ||
| CVE-2023-21421 | Med | 0.38 | 5.9 | 0.00 | Feb 9, 2023 | Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN. | ||
| CVE-2022-39886 | Med | 0.38 | 5.9 | 0.00 | Nov 9, 2022 | Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information. | ||
| CVE-2022-39885 | Med | 0.38 | 5.9 | 0.00 | Nov 9, 2022 | Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information. | ||
| CVE-2022-39879 | Med | 0.38 | 5.9 | 0.00 | Nov 9, 2022 | Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessing information with phone uid. | ||
| CVE-2022-36868 | Med | 0.38 | 5.9 | 0.00 | Oct 7, 2022 | Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device. |
- risk 0.40cvss 6.1epss 0.00
An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command.
- risk 0.40cvss 6.2epss 0.00
Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission.
- risk 0.40cvss 6.2epss 0.00
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is Clipboard access in the lockscreen state via a copy-and-paste action. The Samsung ID is SVE-2018-13381 (December 2018).
- risk 0.40cvss 6.2epss 0.00
An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via the status bar. The Samsung ID is SVE-2019-15089 (September 2019).
- risk 0.40cvss 6.2epss 0.00
An issue was discovered on Samsung mobile devices with O(8.x) software. Attackers can bypass Factory Reset Protection (FRP) via an external keyboard. The Samsung ID is SVE-2019-15164 (October 2019).
- risk 0.39cvss 6.0epss 0.00
Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1 allows attacker to perform code execution.
- risk 0.39cvss 6.0epss 0.00
Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory.
- risk 0.39cvss 6.0epss 0.00
Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory.
- risk 0.39cvss 6.0epss 0.00
Improper input validation vulnerability in SoftSim TA prior to SMR Mar-2023 Release 1 allows local attackers access to protected data.
- risk 0.39cvss 6.0epss 0.01
A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process.
- risk 0.39cvss 6.0epss 0.00
A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution.
- risk 0.38cvss 5.9epss 0.00
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN.
- risk 0.38cvss 5.9epss 0.00
An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.
- risk 0.38cvss 5.9epss 0.00
Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information.
- risk 0.38cvss 5.9epss 0.00
Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message.
- risk 0.38cvss 5.9epss 0.00
Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.
- risk 0.38cvss 5.9epss 0.00
Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information.
- risk 0.38cvss 5.9epss 0.00
Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information.
- risk 0.38cvss 5.9epss 0.00
Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessing information with phone uid.
- risk 0.38cvss 5.9epss 0.00
Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device.
Page 16 of 46