mobile devices
CVEs (911)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-42527 | Med | 0.36 | 5.6 | 0.00 | Nov 7, 2023 | Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information. | ||
| CVE-2023-30732 | Med | 0.36 | 5.5 | 0.00 | Oct 4, 2023 | Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number. | ||
| CVE-2023-30698 | Med | 0.36 | 5.5 | 0.00 | Aug 10, 2023 | Improper access control vulnerability in TelephonyUI prior to SMR Aug-2023 Release 1 allows local attacker to connect BLE without privilege. | ||
| CVE-2023-21504 | Med | 0.36 | 5.6 | 0.01 | May 4, 2023 | Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. | ||
| CVE-2023-21503 | Med | 0.36 | 5.6 | 0.01 | May 4, 2023 | Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. | ||
| CVE-2023-21494 | Med | 0.36 | 5.6 | 0.01 | May 4, 2023 | Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access. | ||
| CVE-2022-25815 | Med | 0.36 | 5.5 | 0.00 | Mar 10, 2022 | PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | ||
| CVE-2022-25814 | Med | 0.36 | 5.5 | 0.00 | Mar 10, 2022 | PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | ||
| CVE-2022-22291 | Med | 0.36 | 5.5 | 0.00 | Feb 11, 2022 | Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device. | ||
| CVE-2022-22271 | Med | 0.36 | 5.5 | 0.00 | Jan 10, 2022 | A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory. | ||
| CVE-2021-25488 | Med | 0.36 | 5.5 | 0.00 | Oct 6, 2021 | Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read. | ||
| CVE-2021-25456 | Med | 0.36 | 5.5 | 0.00 | Sep 9, 2021 | OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file. | ||
| CVE-2021-25452 | Med | 0.36 | 5.5 | 0.00 | Sep 9, 2021 | An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device. | ||
| CVE-2021-25444 | Med | 0.36 | 5.5 | 0.01 | Aug 5, 2021 | An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process. | ||
| CVE-2021-25415 | Med | 0.36 | 5.5 | 0.00 | Jun 11, 2021 | Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable. | ||
| CVE-2021-25413 | Med | 0.36 | 5.5 | 0.00 | Jun 11, 2021 | Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege. | ||
| CVE-2021-25357 | Med | 0.36 | 5.6 | 0.00 | Apr 9, 2021 | A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged applications to access contact information. | ||
| CVE-2021-25334 | Med | 0.36 | 5.5 | 0.00 | Mar 4, 2021 | Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 allows untrusted application to cause permanent denial of service. | ||
| CVE-2020-35549 | Med | 0.36 | 5.5 | 0.00 | Dec 18, 2020 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Any application may establish itself as the default dialer, without user interaction. The Samsung ID is SVE-2020-19172 (December 2020). | ||
| CVE-2020-15584 | Med | 0.36 | 5.5 | 0.00 | Jul 7, 2020 | An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can trigger an out-of-bounds access and device reset via a 4K wallpaper image because ImageProcessHelper mishandles boundary checks. The Samsung ID is SVE-2020-18056 (July 2020). |
- risk 0.36cvss 5.6epss 0.00
Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information.
- risk 0.36cvss 5.5epss 0.00
Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number.
- risk 0.36cvss 5.5epss 0.00
Improper access control vulnerability in TelephonyUI prior to SMR Aug-2023 Release 1 allows local attacker to connect BLE without privilege.
- risk 0.36cvss 5.6epss 0.01
Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.
- risk 0.36cvss 5.6epss 0.01
Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.
- risk 0.36cvss 5.6epss 0.01
Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.
- risk 0.36cvss 5.5epss 0.00
PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
- risk 0.36cvss 5.5epss 0.00
PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
- risk 0.36cvss 5.5epss 0.00
Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device.
- risk 0.36cvss 5.5epss 0.00
A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory.
- risk 0.36cvss 5.5epss 0.00
Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read.
- risk 0.36cvss 5.5epss 0.00
OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.
- risk 0.36cvss 5.5epss 0.00
An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device.
- risk 0.36cvss 5.5epss 0.01
An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process.
- risk 0.36cvss 5.5epss 0.00
Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable.
- risk 0.36cvss 5.5epss 0.00
Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege.
- risk 0.36cvss 5.6epss 0.00
A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged applications to access contact information.
- risk 0.36cvss 5.5epss 0.00
Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 allows untrusted application to cause permanent denial of service.
- risk 0.36cvss 5.5epss 0.00
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Any application may establish itself as the default dialer, without user interaction. The Samsung ID is SVE-2020-19172 (December 2020).
- risk 0.36cvss 5.5epss 0.00
An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can trigger an out-of-bounds access and device reset via a 4K wallpaper image because ImageProcessHelper mishandles boundary checks. The Samsung ID is SVE-2020-18056 (July 2020).
Page 18 of 46