mobile devices
CVEs (911)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-18659 | Med | 0.34 | 5.3 | 0.00 | Apr 7, 2020 | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Attackers can crash system processes via a broadcast to AdaptiveDisplayColorService. The Samsung ID is SVE-2017-8290 (July 2017). | ||
| CVE-2017-18656 | Med | 0.34 | 5.3 | 0.00 | Apr 7, 2020 | An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is a buffer over-read in a trustlet. The Samsung ID is SVE-2017-8890 (August 2017). | ||
| CVE-2019-20547 | Med | 0.34 | 5.3 | 0.00 | Mar 24, 2020 | An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. Data may leak via a Bluetooth debug command. The Samsung ID is SVE-2019-15398 (November 2019). | ||
| CVE-2024-20811 | Med | 0.33 | 5.1 | 0.00 | Feb 6, 2024 | Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer. | ||
| CVE-2023-30667 | Med | 0.33 | 5.1 | 0.00 | Jul 6, 2023 | Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege. | ||
| CVE-2023-21487 | Med | 0.33 | 5.1 | 0.00 | May 4, 2023 | Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting. | ||
| CVE-2023-21484 | Med | 0.33 | 5.1 | 0.00 | May 4, 2023 | Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation. | ||
| CVE-2023-21459 | Med | 0.33 | 5.0 | 0.00 | Mar 16, 2023 | Use after free vulnerability in decon driver prior to SMR Mar-2023 Release 1 allows attackers to cause memory access fault. | ||
| CVE-2023-21424 | Med | 0.33 | 5.1 | 0.00 | Feb 9, 2023 | Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand. | ||
| CVE-2023-21423 | Med | 0.33 | 5.1 | 0.00 | Feb 9, 2023 | Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action. | ||
| CVE-2022-39855 | Med | 0.33 | 5.1 | 0.00 | Oct 7, 2022 | Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices. | ||
| CVE-2022-36848 | Med | 0.33 | 5.1 | 0.00 | Sep 9, 2022 | Improper Authorization vulnerability in setDualDARPolicyCmd prior to SMR Sep-2022 Release 1 allows local attackers to cause local permanent denial of service. | ||
| CVE-2022-33731 | Med | 0.33 | 5.1 | 0.00 | Aug 5, 2022 | Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components. | ||
| CVE-2022-33695 | Med | 0.33 | 5.1 | 0.00 | Jul 12, 2022 | Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service. | ||
| CVE-2022-28780 | Med | 0.33 | 5.0 | 0.00 | May 3, 2022 | Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information. | ||
| CVE-2021-25503 | Med | 0.33 | 5.0 | 0.00 | Nov 5, 2021 | Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution. | ||
| CVE-2021-25489 | Low | 0.33 | 3.3 | 0.01 | KEV | Oct 6, 2021 | Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic. | |
| CVE-2021-25453 | Med | 0.33 | 5.1 | 0.00 | Sep 9, 2021 | Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information. | ||
| CVE-2021-25340 | Med | 0.33 | 5.1 | 0.00 | Mar 4, 2021 | Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to change in arbitrary settings during Initialization State. | ||
| CVE-2023-42559 | Med | 0.32 | 4.9 | 0.00 | Dec 5, 2023 | Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time. |
- risk 0.34cvss 5.3epss 0.00
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Attackers can crash system processes via a broadcast to AdaptiveDisplayColorService. The Samsung ID is SVE-2017-8290 (July 2017).
- risk 0.34cvss 5.3epss 0.00
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.x) software. There is a buffer over-read in a trustlet. The Samsung ID is SVE-2017-8890 (August 2017).
- risk 0.34cvss 5.3epss 0.00
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) software. Data may leak via a Bluetooth debug command. The Samsung ID is SVE-2019-15398 (November 2019).
- risk 0.33cvss 5.1epss 0.00
Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer.
- risk 0.33cvss 5.1epss 0.00
Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege.
- risk 0.33cvss 5.1epss 0.00
Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting.
- risk 0.33cvss 5.1epss 0.00
Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation.
- risk 0.33cvss 5.0epss 0.00
Use after free vulnerability in decon driver prior to SMR Mar-2023 Release 1 allows attackers to cause memory access fault.
- risk 0.33cvss 5.1epss 0.00
Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand.
- risk 0.33cvss 5.1epss 0.00
Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action.
- risk 0.33cvss 5.1epss 0.00
Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices.
- risk 0.33cvss 5.1epss 0.00
Improper Authorization vulnerability in setDualDARPolicyCmd prior to SMR Sep-2022 Release 1 allows local attackers to cause local permanent denial of service.
- risk 0.33cvss 5.1epss 0.00
Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components.
- risk 0.33cvss 5.1epss 0.00
Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service.
- risk 0.33cvss 5.0epss 0.00
Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information.
- risk 0.33cvss 5.0epss 0.00
Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution.
- risk 0.33cvss 3.3epss 0.01
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic.
- risk 0.33cvss 5.1epss 0.00
Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.
- risk 0.33cvss 5.1epss 0.00
Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to change in arbitrary settings during Initialization State.
- risk 0.32cvss 4.9epss 0.00
Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time.
Page 20 of 46