mobile devices
CVEs (911)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-25411 | Med | 0.29 | 4.4 | 0.00 | Jun 11, 2021 | Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory. | ||
| CVE-2021-25339 | Med | 0.29 | 4.4 | 0.00 | Mar 4, 2021 | Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory. | ||
| CVE-2021-25338 | Med | 0.29 | 4.4 | 0.00 | Mar 4, 2021 | Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to write certain part of RKP EL2 memory region. | ||
| CVE-2023-30685 | Med | 0.28 | 4.3 | 0.00 | Aug 10, 2023 | Improper access control vulnerability in Telecom prior to SMR Aug-2023 Release 1 allows local attakcers to change TTY mode. | ||
| CVE-2023-30684 | Med | 0.28 | 4.3 | 0.00 | Aug 10, 2023 | Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call acceptRingingCall API without permission. | ||
| CVE-2023-30683 | Med | 0.28 | 4.3 | 0.00 | Aug 10, 2023 | Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call endCall API without permission. | ||
| CVE-2023-30682 | Med | 0.28 | 4.3 | 0.00 | Aug 10, 2023 | Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call silenceRinger API without permission. | ||
| CVE-2023-30641 | Med | 0.28 | 4.3 | 0.00 | Jul 6, 2023 | Improper access control vulnerability in Settings prior to SMR Jul-2023 Release 1 allows physical attacker to use restricted user profile to access device owner's google account data. | ||
| CVE-2023-30640 | Med | 0.28 | 4.3 | 0.00 | Jul 6, 2023 | Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugration. | ||
| CVE-2023-21426 | Med | 0.28 | 4.3 | 0.00 | Feb 9, 2023 | Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN. | ||
| CVE-2023-21425 | Med | 0.28 | 4.3 | 0.00 | Feb 9, 2023 | Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information. | ||
| CVE-2023-21419 | Med | 0.28 | 4.3 | 0.00 | Feb 9, 2023 | An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition. | ||
| CVE-2022-39887 | Med | 0.28 | 4.3 | 0.00 | Nov 9, 2022 | Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting. | ||
| CVE-2022-39884 | Med | 0.28 | 4.3 | 0.00 | Nov 9, 2022 | Improper access control vulnerability in IImsService prior to SMR Nov-2022 Release 1 allows local attacker to access to Call information. | ||
| CVE-2021-25430 | Med | 0.28 | 4.3 | 0.00 | Jul 8, 2021 | Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application. | ||
| CVE-2021-25429 | Med | 0.28 | 4.3 | 0.00 | Jul 8, 2021 | Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application. | ||
| CVE-2017-18667 | Med | 0.28 | 4.3 | 0.00 | Apr 7, 2020 | An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Attackers can prevent users from learning that SMS storage space has been exhausted. The Samsung ID is SVE-2017-8702 (June 2017). | ||
| CVE-2016-11050 | Med | 0.28 | 4.3 | 0.00 | Apr 7, 2020 | An issue was discovered on Samsung mobile devices with S3(KK), Note2(KK), S4(L), Note3(L), and S5(L) software. An attacker can rewrite the IMEI by flashing crafted firmware. The Samsung ID is SVE-2016-5562 (March 2016). | ||
| CVE-2023-21457 | Med | 0.27 | 4.1 | 0.00 | Mar 16, 2023 | Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission. | ||
| CVE-2022-25820 | Med | 0.27 | 4.2 | 0.00 | Mar 10, 2022 | A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password. |
- risk 0.29cvss 4.4epss 0.00
Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory.
- risk 0.29cvss 4.4epss 0.00
Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory.
- risk 0.29cvss 4.4epss 0.00
Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to write certain part of RKP EL2 memory region.
- risk 0.28cvss 4.3epss 0.00
Improper access control vulnerability in Telecom prior to SMR Aug-2023 Release 1 allows local attakcers to change TTY mode.
- risk 0.28cvss 4.3epss 0.00
Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call acceptRingingCall API without permission.
- risk 0.28cvss 4.3epss 0.00
Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call endCall API without permission.
- risk 0.28cvss 4.3epss 0.00
Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call silenceRinger API without permission.
- risk 0.28cvss 4.3epss 0.00
Improper access control vulnerability in Settings prior to SMR Jul-2023 Release 1 allows physical attacker to use restricted user profile to access device owner's google account data.
- risk 0.28cvss 4.3epss 0.00
Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugration.
- risk 0.28cvss 4.3epss 0.00
Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN.
- risk 0.28cvss 4.3epss 0.00
Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information.
- risk 0.28cvss 4.3epss 0.00
An improper implementation logic in Secure Folder prior to SMR Jan-2023 Release 1 allows the Secure Folder container remain unlocked under certain condition.
- risk 0.28cvss 4.3epss 0.00
Improper access control vulnerability in clearAllGlobalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to configure EDM setting.
- risk 0.28cvss 4.3epss 0.00
Improper access control vulnerability in IImsService prior to SMR Nov-2022 Release 1 allows local attacker to access to Call information.
- risk 0.28cvss 4.3epss 0.00
Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.
- risk 0.28cvss 4.3epss 0.00
Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.
- risk 0.28cvss 4.3epss 0.00
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.x) software. Attackers can prevent users from learning that SMS storage space has been exhausted. The Samsung ID is SVE-2017-8702 (June 2017).
- risk 0.28cvss 4.3epss 0.00
An issue was discovered on Samsung mobile devices with S3(KK), Note2(KK), S4(L), Note3(L), and S5(L) software. An attacker can rewrite the IMEI by flashing crafted firmware. The Samsung ID is SVE-2016-5562 (March 2016).
- risk 0.27cvss 4.1epss 0.00
Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission.
- risk 0.27cvss 4.2epss 0.00
A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password.
Page 24 of 46