mobile devices
CVEs (911)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-36845 | Med | 0.29 | 4.4 | 0.00 | Sep 9, 2022 | A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. | ||
| CVE-2022-36844 | Med | 0.29 | 4.4 | 0.00 | Sep 9, 2022 | A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. | ||
| CVE-2022-36843 | Med | 0.29 | 4.4 | 0.00 | Sep 9, 2022 | A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. | ||
| CVE-2022-36842 | Med | 0.29 | 4.4 | 0.00 | Sep 9, 2022 | A heap-based overflow vulnerability in prepareRecogLibrary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. | ||
| CVE-2022-36841 | Med | 0.29 | 4.4 | 0.00 | Sep 9, 2022 | A heap-based overflow vulnerability in PrepareRecogLibrary_Part function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. | ||
| CVE-2022-33721 | Med | 0.29 | 4.4 | 0.00 | Aug 5, 2022 | A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege. | ||
| CVE-2022-33717 | Med | 0.29 | 4.4 | 0.00 | Aug 5, 2022 | A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory. | ||
| CVE-2022-28793 | Med | 0.29 | 4.4 | 0.00 | May 3, 2022 | Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first… | ||
| CVE-2022-27833 | Med | 0.29 | 4.4 | 0.00 | Apr 11, 2022 | Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow. | ||
| CVE-2022-27574 | Med | 0.29 | 4.4 | 0.00 | Apr 11, 2022 | Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker. | ||
| CVE-2022-27573 | Med | 0.29 | 4.4 | 0.00 | Apr 11, 2022 | Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers. | ||
| CVE-2022-24925 | Med | 0.29 | 4.4 | 0.00 | Feb 11, 2022 | Improper input validation vulnerability in SettingsProvider prior to Android S(12) allows privileged attackers to trigger a permanent denial of service attack on a victim's devices. | ||
| CVE-2022-23426 | Med | 0.29 | 4.4 | 0.00 | Feb 11, 2022 | A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege. | ||
| CVE-2022-22270 | Med | 0.29 | 4.4 | 0.00 | Jan 10, 2022 | An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information. | ||
| CVE-2021-25480 | Med | 0.29 | 4.4 | 0.00 | Oct 6, 2021 | A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile network connection. | ||
| CVE-2021-25477 | Med | 0.29 | 4.4 | 0.00 | Oct 6, 2021 | An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service. | ||
| CVE-2021-25474 | Med | 0.29 | 4.4 | 0.00 | Oct 6, 2021 | Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset. | ||
| CVE-2021-25473 | Med | 0.29 | 4.4 | 0.00 | Oct 6, 2021 | Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset. | ||
| CVE-2021-25468 | Med | 0.29 | 4.4 | 0.00 | Oct 6, 2021 | A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory address. | ||
| CVE-2021-25450 | Med | 0.29 | 4.5 | 0.00 | Sep 9, 2021 | Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket. |
- risk 0.29cvss 4.4epss 0.00
A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
- risk 0.29cvss 4.4epss 0.00
A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
- risk 0.29cvss 4.4epss 0.00
A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
- risk 0.29cvss 4.4epss 0.00
A heap-based overflow vulnerability in prepareRecogLibrary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
- risk 0.29cvss 4.4epss 0.00
A heap-based overflow vulnerability in PrepareRecogLibrary_Part function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
- risk 0.29cvss 4.4epss 0.00
A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege.
- risk 0.29cvss 4.4epss 0.00
A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory.
- risk 0.29cvss 4.4epss 0.00
Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first…
- risk 0.29cvss 4.4epss 0.00
Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow.
- risk 0.29cvss 4.4epss 0.00
Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker.
- risk 0.29cvss 4.4epss 0.00
Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers.
- risk 0.29cvss 4.4epss 0.00
Improper input validation vulnerability in SettingsProvider prior to Android S(12) allows privileged attackers to trigger a permanent denial of service attack on a victim's devices.
- risk 0.29cvss 4.4epss 0.00
A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege.
- risk 0.29cvss 4.4epss 0.00
An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information.
- risk 0.29cvss 4.4epss 0.00
A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile network connection.
- risk 0.29cvss 4.4epss 0.00
An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service.
- risk 0.29cvss 4.4epss 0.00
Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.
- risk 0.29cvss 4.4epss 0.00
Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.
- risk 0.29cvss 4.4epss 0.00
A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory address.
- risk 0.29cvss 4.5epss 0.00
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket.
Page 23 of 46