mobile devices
CVEs (911)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-33690 | Med | 0.26 | 4.0 | 0.00 | Jul 12, 2022 | Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file. | ||
| CVE-2022-33685 | Med | 0.26 | 4.0 | 0.00 | Jul 12, 2022 | Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information. | ||
| CVE-2022-30758 | Med | 0.26 | 4.0 | 0.00 | Jul 12, 2022 | Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder. | ||
| CVE-2022-30757 | Med | 0.26 | 4.0 | 0.00 | Jul 12, 2022 | Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission. | ||
| CVE-2022-30725 | Med | 0.26 | 4.0 | 0.00 | Jun 7, 2022 | Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. | ||
| CVE-2022-30724 | Med | 0.26 | 4.0 | 0.00 | Jun 7, 2022 | Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. | ||
| CVE-2022-30723 | Med | 0.26 | 4.0 | 0.00 | Jun 7, 2022 | Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. | ||
| CVE-2022-30717 | Med | 0.26 | 4.0 | 0.00 | Jun 7, 2022 | Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink. | ||
| CVE-2022-30716 | Med | 0.26 | 4.0 | 0.00 | Jun 7, 2022 | Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device. | ||
| CVE-2022-30715 | Med | 0.26 | 4.0 | 0.00 | Jun 7, 2022 | Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window. | ||
| CVE-2022-28788 | Med | 0.26 | 4.0 | 0.00 | May 3, 2022 | Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. | ||
| CVE-2022-28787 | Med | 0.26 | 4.0 | 0.00 | May 3, 2022 | Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. | ||
| CVE-2022-28786 | Med | 0.26 | 4.0 | 0.00 | May 3, 2022 | Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. | ||
| CVE-2022-28785 | Med | 0.26 | 4.0 | 0.00 | May 3, 2022 | Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. | ||
| CVE-2022-28784 | Med | 0.26 | 4.0 | 0.00 | May 3, 2022 | Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic. | ||
| CVE-2022-27832 | Med | 0.26 | 4.0 | 0.00 | Apr 11, 2022 | Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file. | ||
| CVE-2022-27825 | Med | 0.26 | 4.0 | 0.00 | Apr 11, 2022 | Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. | ||
| CVE-2022-27824 | Med | 0.26 | 4.0 | 0.00 | Apr 11, 2022 | Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file | ||
| CVE-2022-27823 | Med | 0.26 | 4.0 | 0.00 | Apr 11, 2022 | Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. | ||
| CVE-2022-27821 | Med | 0.26 | 4.0 | 0.00 | Apr 11, 2022 | Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file. |
- risk 0.26cvss 4.0epss 0.00
Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file.
- risk 0.26cvss 4.0epss 0.00
Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information.
- risk 0.26cvss 4.0epss 0.00
Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder.
- risk 0.26cvss 4.0epss 0.00
Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission.
- risk 0.26cvss 4.0epss 0.00
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
- risk 0.26cvss 4.0epss 0.00
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
- risk 0.26cvss 4.0epss 0.00
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
- risk 0.26cvss 4.0epss 0.00
Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink.
- risk 0.26cvss 4.0epss 0.00
Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device.
- risk 0.26cvss 4.0epss 0.00
Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window.
- risk 0.26cvss 4.0epss 0.00
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
- risk 0.26cvss 4.0epss 0.00
Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
- risk 0.26cvss 4.0epss 0.00
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
- risk 0.26cvss 4.0epss 0.00
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
- risk 0.26cvss 4.0epss 0.00
Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic.
- risk 0.26cvss 4.0epss 0.00
Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file.
- risk 0.26cvss 4.0epss 0.00
Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file.
- risk 0.26cvss 4.0epss 0.00
Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file
- risk 0.26cvss 4.0epss 0.00
Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file.
- risk 0.26cvss 4.0epss 0.00
Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file.
Page 27 of 46