mobile devices
CVEs (911)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-25816 | Med | 0.27 | 4.1 | 0.00 | Mar 10, 2022 | Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication | ||
| CVE-2022-24932 | Med | 0.27 | 4.2 | 0.00 | Mar 10, 2022 | Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard. | ||
| CVE-2022-24929 | Med | 0.27 | 4.1 | 0.00 | Mar 10, 2022 | Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication. | ||
| CVE-2021-25476 | Med | 0.27 | 4.1 | 0.00 | Oct 6, 2021 | An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE. | ||
| CVE-2024-20814 | Med | 0.26 | 4.0 | 0.00 | Feb 6, 2024 | Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows local attackers access unauthorized information. | ||
| CVE-2024-20804 | Med | 0.26 | 4.0 | 0.00 | Jan 4, 2024 | Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file. | ||
| CVE-2023-42569 | Med | 0.26 | 4.0 | 0.00 | Dec 5, 2023 | Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji. | ||
| CVE-2023-30719 | Med | 0.26 | 4.0 | 0.00 | Sep 6, 2023 | Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data. | ||
| CVE-2023-30718 | Med | 0.26 | 4.0 | 0.00 | Sep 6, 2023 | Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting. | ||
| CVE-2023-30717 | Med | 0.26 | 4.0 | 0.00 | Sep 6, 2023 | Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers. | ||
| CVE-2023-30716 | Med | 0.26 | 4.0 | 0.00 | Sep 6, 2023 | Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands. | ||
| CVE-2023-30715 | Med | 0.26 | 4.0 | 0.00 | Sep 6, 2023 | Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission. | ||
| CVE-2023-30711 | Med | 0.26 | 4.0 | 0.00 | Sep 6, 2023 | Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider. | ||
| CVE-2023-30707 | Med | 0.26 | 4.0 | 0.00 | Sep 6, 2023 | Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows local attackers to delete arbitrary files with Samsung Keyboard privilege. | ||
| CVE-2023-21495 | Med | 0.26 | 4.0 | 0.00 | May 4, 2023 | Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set. | ||
| CVE-2023-21461 | Med | 0.26 | 4.0 | 0.00 | Mar 16, 2023 | Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device off via unprotected activity. | ||
| CVE-2023-21449 | Med | 0.26 | 4.0 | 0.00 | Mar 16, 2023 | Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission. | ||
| CVE-2023-21437 | Med | 0.26 | 4.0 | 0.00 | Feb 9, 2023 | Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast. | ||
| CVE-2023-21429 | Med | 0.26 | 4.0 | 0.00 | Feb 9, 2023 | Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID. | ||
| CVE-2023-21428 | Med | 0.26 | 4.0 | 0.00 | Feb 9, 2023 | Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call. The patch removes unused code. |
- risk 0.27cvss 4.1epss 0.00
Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication
- risk 0.27cvss 4.2epss 0.00
Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard.
- risk 0.27cvss 4.1epss 0.00
Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication.
- risk 0.27cvss 4.1epss 0.00
An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE.
- risk 0.26cvss 4.0epss 0.00
Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows local attackers access unauthorized information.
- risk 0.26cvss 4.0epss 0.00
Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.
- risk 0.26cvss 4.0epss 0.00
Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji.
- risk 0.26cvss 4.0epss 0.00
Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data.
- risk 0.26cvss 4.0epss 0.00
Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting.
- risk 0.26cvss 4.0epss 0.00
Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers.
- risk 0.26cvss 4.0epss 0.00
Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands.
- risk 0.26cvss 4.0epss 0.00
Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission.
- risk 0.26cvss 4.0epss 0.00
Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider.
- risk 0.26cvss 4.0epss 0.00
Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows local attackers to delete arbitrary files with Samsung Keyboard privilege.
- risk 0.26cvss 4.0epss 0.00
Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set.
- risk 0.26cvss 4.0epss 0.00
Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device off via unprotected activity.
- risk 0.26cvss 4.0epss 0.00
Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission.
- risk 0.26cvss 4.0epss 0.00
Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast.
- risk 0.26cvss 4.0epss 0.00
Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID.
- risk 0.26cvss 4.0epss 0.00
Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call. The patch removes unused code.
Page 25 of 46