mobile devices
CVEs (911)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-25832 | Med | 0.26 | 4.0 | 0.00 | Apr 11, 2022 | Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without authentication. | ||
| CVE-2022-25822 | Med | 0.26 | 4.0 | 0.00 | Mar 10, 2022 | An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash. | ||
| CVE-2022-25817 | Med | 0.26 | 4.0 | 0.00 | Mar 10, 2022 | Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent. | ||
| CVE-2022-22272 | Med | 0.26 | 4.0 | 0.00 | Jan 10, 2022 | Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission | ||
| CVE-2022-22269 | Med | 0.26 | 4.0 | 0.00 | Jan 10, 2022 | Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address. | ||
| CVE-2022-22267 | Med | 0.26 | 4.0 | 0.00 | Jan 10, 2022 | Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information. | ||
| CVE-2022-22266 | Med | 0.26 | 4.0 | 0.00 | Jan 10, 2022 | (Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission. | ||
| CVE-2022-22263 | Med | 0.26 | 4.0 | 0.00 | Jan 10, 2022 | Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity. | ||
| CVE-2021-25519 | Med | 0.26 | 4.0 | 0.00 | Dec 8, 2021 | An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission. | ||
| CVE-2021-25515 | Med | 0.26 | 4.0 | 0.00 | Dec 8, 2021 | An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID. | ||
| CVE-2021-25484 | Med | 0.26 | 4.0 | 0.00 | Oct 6, 2021 | Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event. | ||
| CVE-2021-25483 | Med | 0.26 | 4.0 | 0.00 | Oct 6, 2021 | Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read. | ||
| CVE-2021-25472 | Med | 0.26 | 4.0 | 0.00 | Oct 6, 2021 | An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information. | ||
| CVE-2021-25461 | Med | 0.26 | 4.0 | 0.00 | Sep 9, 2021 | An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow. | ||
| CVE-2021-25460 | Med | 0.26 | 4.0 | 0.00 | Sep 9, 2021 | An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService. | ||
| CVE-2021-25459 | Med | 0.26 | 4.0 | 0.00 | Sep 9, 2021 | An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService. | ||
| CVE-2021-25392 | Med | 0.26 | 4.0 | 0.00 | Jun 11, 2021 | Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path. | ||
| CVE-2021-25391 | Med | 0.26 | 4.0 | 0.00 | Jun 11, 2021 | Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. | ||
| CVE-2021-25390 | Med | 0.26 | 4.0 | 0.00 | Jun 11, 2021 | Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. | ||
| CVE-2021-25364 | Med | 0.26 | 4.0 | 0.00 | Apr 9, 2021 | A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information. |
- risk 0.26cvss 4.0epss 0.00
Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without authentication.
- risk 0.26cvss 4.0epss 0.00
An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash.
- risk 0.26cvss 4.0epss 0.00
Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent.
- risk 0.26cvss 4.0epss 0.00
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission
- risk 0.26cvss 4.0epss 0.00
Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address.
- risk 0.26cvss 4.0epss 0.00
Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information.
- risk 0.26cvss 4.0epss 0.00
(Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission.
- risk 0.26cvss 4.0epss 0.00
Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity.
- risk 0.26cvss 4.0epss 0.00
An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission.
- risk 0.26cvss 4.0epss 0.00
An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID.
- risk 0.26cvss 4.0epss 0.00
Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event.
- risk 0.26cvss 4.0epss 0.00
Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read.
- risk 0.26cvss 4.0epss 0.00
An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information.
- risk 0.26cvss 4.0epss 0.00
An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow.
- risk 0.26cvss 4.0epss 0.00
An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService.
- risk 0.26cvss 4.0epss 0.00
An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService.
- risk 0.26cvss 4.0epss 0.00
Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path.
- risk 0.26cvss 4.0epss 0.00
Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
- risk 0.26cvss 4.0epss 0.00
Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
- risk 0.26cvss 4.0epss 0.00
A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information.
Page 28 of 46