mobile devices
CVEs (911)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2020-15580 | Med | 0.36 | 5.5 | 0.00 | Jul 7, 2020 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) by enrolling a new lock password. The Samsung ID is SVE-2020-17328 (July 2020). | ||
| CVE-2020-13843 | Med | 0.36 | 5.5 | 0.00 | Jun 5, 2020 | An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020). | ||
| CVE-2019-20784 | Med | 0.36 | 5.5 | 0.00 | Apr 17, 2020 | An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (MTK chipsets) software. Interaction of GPS with 911 emergency calls is mishandled. The LG ID is LVE-SMP-180012 (January 2019). | ||
| CVE-2017-18672 | Med | 0.36 | 5.5 | 0.00 | Apr 7, 2020 | An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.x) software. Because of incorrect exception handling for Intents, a local attacker can force a reboot within framework.jar. The Samsung ID is SVE-2017-8390 (May 2017). | ||
| CVE-2023-21427 | Med | 0.35 | 5.4 | 0.00 | Feb 9, 2023 | Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition. | ||
| CVE-2022-39881 | Med | 0.35 | 5.3 | 0.01 | Nov 9, 2022 | Improper input validation vulnerability for processing SIB12 PDU in Exynos modems prior to SMR Sep-2022 Release allows remote attacker to read out of bounds memory. | ||
| CVE-2019-20575 | Med | 0.35 | 5.4 | 0.00 | Mar 24, 2020 | An issue was discovered on Samsung mobile devices with P(9.0) software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 (August 2019). | ||
| CVE-2023-30700 | Med | 0.34 | 5.3 | 0.00 | Aug 10, 2023 | PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1 allows local attackers to access ContentProvider without proper permission. | ||
| CVE-2023-30666 | Med | 0.34 | 5.3 | 0.00 | Jul 6, 2023 | Improper input validation vulnerability in DoOemImeiSetPreconfig in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write. | ||
| CVE-2023-30663 | Med | 0.34 | 5.3 | 0.00 | Jul 6, 2023 | Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write. | ||
| CVE-2023-21486 | Med | 0.34 | 5.3 | 0.00 | May 4, 2023 | Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. | ||
| CVE-2023-21485 | Med | 0.34 | 5.3 | 0.00 | May 4, 2023 | Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. | ||
| CVE-2022-39862 | Med | 0.34 | 5.3 | 0.01 | Oct 7, 2022 | Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api. | ||
| CVE-2022-33715 | Med | 0.34 | 5.3 | 0.00 | Aug 5, 2022 | Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI. | ||
| CVE-2022-23429 | Med | 0.34 | 5.3 | 0.00 | Feb 11, 2022 | An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application crash. | ||
| CVE-2021-25510 | Med | 0.34 | 5.3 | 0.00 | Dec 8, 2021 | An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local arbitrary code execution. | ||
| CVE-2021-25467 | Med | 0.34 | 5.3 | 0.00 | Oct 6, 2021 | Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library. | ||
| CVE-2021-25443 | Med | 0.34 | 5.3 | 0.00 | Aug 5, 2021 | A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker. | ||
| CVE-2021-25347 | Med | 0.34 | 5.3 | 0.00 | Mar 4, 2021 | Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows attackers to intercept when the provider is executed. | ||
| CVE-2020-15581 | Med | 0.34 | 5.3 | 0.00 | Jul 7, 2020 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The kernel logging feature allows attackers to discover virtual addresses via vectors involving shared memory. The Samsung ID is SVE-2020-17605 (July 2020). |
- risk 0.36cvss 5.5epss 0.00
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) by enrolling a new lock password. The Samsung ID is SVE-2020-17328 (July 2020).
- risk 0.36cvss 5.5epss 0.00
An issue was discovered on LG mobile devices with Android OS software before 2020-06-01. Local users can cause a denial of service because checking of the userdata partition is mishandled. The LG ID is LVE-SMP-200014 (June 2020).
- risk 0.36cvss 5.5epss 0.00
An issue was discovered on LG mobile devices with Android OS 7.0, 7.1, 7.2, 8.0, and 8.1 (MTK chipsets) software. Interaction of GPS with 911 emergency calls is mishandled. The LG ID is LVE-SMP-180012 (January 2019).
- risk 0.36cvss 5.5epss 0.00
An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.x) software. Because of incorrect exception handling for Intents, a local attacker can force a reboot within framework.jar. The Samsung ID is SVE-2017-8390 (May 2017).
- risk 0.35cvss 5.4epss 0.00
Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition.
- risk 0.35cvss 5.3epss 0.01
Improper input validation vulnerability for processing SIB12 PDU in Exynos modems prior to SMR Sep-2022 Release allows remote attacker to read out of bounds memory.
- risk 0.35cvss 5.4epss 0.00
An issue was discovered on Samsung mobile devices with P(9.0) software. The WPA3 handshake feature allows a downgrade or dictionary attack. The Samsung ID is SVE-2019-14204 (August 2019).
- risk 0.34cvss 5.3epss 0.00
PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1 allows local attackers to access ContentProvider without proper permission.
- risk 0.34cvss 5.3epss 0.00
Improper input validation vulnerability in DoOemImeiSetPreconfig in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.
- risk 0.34cvss 5.3epss 0.00
Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.
- risk 0.34cvss 5.3epss 0.00
Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.
- risk 0.34cvss 5.3epss 0.00
Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.
- risk 0.34cvss 5.3epss 0.01
Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api.
- risk 0.34cvss 5.3epss 0.00
Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI.
- risk 0.34cvss 5.3epss 0.00
An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application crash.
- risk 0.34cvss 5.3epss 0.00
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local arbitrary code execution.
- risk 0.34cvss 5.3epss 0.00
Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library.
- risk 0.34cvss 5.3epss 0.00
A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker.
- risk 0.34cvss 5.3epss 0.00
Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows attackers to intercept when the provider is executed.
- risk 0.34cvss 5.3epss 0.00
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. The kernel logging feature allows attackers to discover virtual addresses via vectors involving shared memory. The Samsung ID is SVE-2020-17605 (July 2020).
Page 19 of 46