mobile devices
CVEs (911)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-39847 | Med | 0.32 | 4.9 | 0.00 | Oct 7, 2022 | Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions. | ||
| CVE-2022-36849 | Med | 0.32 | 4.9 | 0.00 | Sep 9, 2022 | Use after free vulnerability in sdp_mm_set_process_sensitive function of sdpmm driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions. | ||
| CVE-2022-36847 | Med | 0.32 | 4.9 | 0.00 | Sep 9, 2022 | Use after free vulnerability in mtp_send_signal function of MTP driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions. | ||
| CVE-2023-30720 | Med | 0.31 | 4.7 | 0.00 | Sep 6, 2023 | PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access. | ||
| CVE-2023-30701 | Med | 0.31 | 4.7 | 0.00 | Aug 10, 2023 | PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1 allows local attacker to arbitrary file access. | ||
| CVE-2023-21490 | Med | 0.31 | 4.7 | 0.00 | May 4, 2023 | Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager. | ||
| CVE-2022-33727 | Med | 0.31 | 4.8 | 0.00 | Aug 5, 2022 | A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack. | ||
| CVE-2022-33723 | Med | 0.31 | 4.8 | 0.00 | Aug 5, 2022 | A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack. | ||
| CVE-2024-20802 | Med | 0.30 | 4.6 | 0.00 | Jan 4, 2024 | Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users' notification in a multi-user environment. | ||
| CVE-2023-30714 | Med | 0.30 | 4.6 | 0.00 | Sep 6, 2023 | Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock. | ||
| CVE-2023-30708 | Med | 0.30 | 4.6 | 0.01 | Sep 6, 2023 | Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 allows attacker to access Captive Portal Wi-Fi in Reactivation Lock status. | ||
| CVE-2022-39900 | Med | 0.30 | 4.6 | 0.00 | Dec 8, 2022 | Improper access control vulnerability in Nice Catch prior to SMR Dec-2022 Release 1 allows physical attackers to access contents of all toast generated in the application installed in Secure Folder through Nice Catch. | ||
| CVE-2022-28782 | Med | 0.30 | 4.6 | 0.00 | May 3, 2022 | Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability. | ||
| CVE-2018-21080 | Med | 0.30 | 4.6 | 0.00 | Apr 8, 2020 | An issue was discovered on Samsung mobile devices with N(7.x) software. A physically proximate attacker wielding a magnet can activate NFC to bypass the lockscreen. The Samsung ID is SVE-2017-10897 (March 2018). | ||
| CVE-2018-21062 | Med | 0.30 | 4.6 | 0.00 | Apr 8, 2020 | An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. When biometric authentication is disabled, an attacker can view Streams content (e.g., a Gallery slideshow) of a locked Secure Folder via a connection to an external device. The Samsung ID is… | ||
| CVE-2018-21053 | Med | 0.30 | 4.6 | 0.00 | Apr 8, 2020 | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is Clipboard access in the lockscreen state via a physical keyboard. The Samsung ID is SVE-2018-12684 (October 2018). | ||
| CVE-2016-11040 | Med | 0.30 | 4.6 | 0.00 | Apr 7, 2020 | An issue was discovered on Samsung mobile devices with L(5.0/5.1) (with USB OTG MyFile2014_L_ESS support) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5068 (June 2016). | ||
| CVE-2016-11053 | Med | 0.30 | 4.6 | 0.00 | Apr 7, 2020 | An issue was discovered on Samsung mobile devices with software through 2015-11-11 (supporting FRP/RL). There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5131 (January 2016). | ||
| CVE-2016-11048 | Med | 0.30 | 4.6 | 0.00 | Apr 7, 2020 | An issue was discovered on Samsung mobile devices with L(5.0/5.1) (Spreadtrum or Marvell chipsets) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-5421 (March 2016). | ||
| CVE-2019-20557 | Med | 0.30 | 4.6 | 0.00 | Mar 24, 2020 | An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via a SIM card by blocking the PUK code. The Samsung ID is SVE-2019-15262 (October 2019). |
- risk 0.32cvss 4.9epss 0.00
Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions.
- risk 0.32cvss 4.9epss 0.00
Use after free vulnerability in sdp_mm_set_process_sensitive function of sdpmm driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions.
- risk 0.32cvss 4.9epss 0.00
Use after free vulnerability in mtp_send_signal function of MTP driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions.
- risk 0.31cvss 4.7epss 0.00
PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access.
- risk 0.31cvss 4.7epss 0.00
PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1 allows local attacker to arbitrary file access.
- risk 0.31cvss 4.7epss 0.00
Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager.
- risk 0.31cvss 4.8epss 0.00
A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.
- risk 0.31cvss 4.8epss 0.00
A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.
- risk 0.30cvss 4.6epss 0.00
Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users' notification in a multi-user environment.
- risk 0.30cvss 4.6epss 0.00
Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock.
- risk 0.30cvss 4.6epss 0.01
Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 allows attacker to access Captive Portal Wi-Fi in Reactivation Lock status.
- risk 0.30cvss 4.6epss 0.00
Improper access control vulnerability in Nice Catch prior to SMR Dec-2022 Release 1 allows physical attackers to access contents of all toast generated in the application installed in Secure Folder through Nice Catch.
- risk 0.30cvss 4.6epss 0.00
Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability.
- risk 0.30cvss 4.6epss 0.00
An issue was discovered on Samsung mobile devices with N(7.x) software. A physically proximate attacker wielding a magnet can activate NFC to bypass the lockscreen. The Samsung ID is SVE-2017-10897 (March 2018).
- risk 0.30cvss 4.6epss 0.00
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. When biometric authentication is disabled, an attacker can view Streams content (e.g., a Gallery slideshow) of a locked Secure Folder via a connection to an external device. The Samsung ID is…
- risk 0.30cvss 4.6epss 0.00
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. There is Clipboard access in the lockscreen state via a physical keyboard. The Samsung ID is SVE-2018-12684 (October 2018).
- risk 0.30cvss 4.6epss 0.00
An issue was discovered on Samsung mobile devices with L(5.0/5.1) (with USB OTG MyFile2014_L_ESS support) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5068 (June 2016).
- risk 0.30cvss 4.6epss 0.00
An issue was discovered on Samsung mobile devices with software through 2015-11-11 (supporting FRP/RL). There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5131 (January 2016).
- risk 0.30cvss 4.6epss 0.00
An issue was discovered on Samsung mobile devices with L(5.0/5.1) (Spreadtrum or Marvell chipsets) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-5421 (March 2016).
- risk 0.30cvss 4.6epss 0.00
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via a SIM card by blocking the PUK code. The Samsung ID is SVE-2019-15262 (October 2019).
Page 21 of 46