mobile devices
CVEs (911)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-33726 | Low | 0.21 | 3.3 | 0.00 | Aug 5, 2022 | Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity. | ||
| CVE-2022-33724 | Low | 0.21 | 3.3 | 0.00 | Aug 5, 2022 | Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log. | ||
| CVE-2022-33701 | Low | 0.21 | 3.3 | 0.00 | Jul 12, 2022 | Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by sending braodcast intent. | ||
| CVE-2022-33698 | Low | 0.21 | 3.3 | 0.00 | Jul 12, 2022 | Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log. | ||
| CVE-2022-33697 | Low | 0.21 | 3.3 | 0.00 | Jul 12, 2022 | Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log. | ||
| CVE-2022-33688 | Low | 0.21 | 3.3 | 0.00 | Jul 12, 2022 | Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log. | ||
| CVE-2022-33687 | Low | 0.21 | 3.3 | 0.00 | Jul 12, 2022 | Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log. | ||
| CVE-2022-30753 | Low | 0.21 | 3.3 | 0.00 | Jul 12, 2022 | Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission. | ||
| CVE-2022-30752 | Low | 0.21 | 3.3 | 0.00 | Jul 12, 2022 | Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action. | ||
| CVE-2022-30751 | Low | 0.21 | 3.3 | 0.00 | Jul 12, 2022 | Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action. | ||
| CVE-2022-30750 | Low | 0.21 | 3.3 | 0.00 | Jul 12, 2022 | Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected. | ||
| CVE-2022-30729 | Low | 0.21 | 3.3 | 0.00 | Jun 7, 2022 | Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner. | ||
| CVE-2022-27576 | Low | 0.21 | 3.3 | 0.00 | Apr 11, 2022 | Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission | ||
| CVE-2022-27575 | Low | 0.21 | 3.3 | 0.00 | Apr 11, 2022 | Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission. | ||
| CVE-2022-25833 | Low | 0.21 | 3.3 | 0.00 | Apr 11, 2022 | Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission. | ||
| CVE-2022-25821 | Low | 0.21 | 3.3 | 0.00 | Mar 10, 2022 | Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read. | ||
| CVE-2021-25514 | Low | 0.21 | 3.3 | 0.00 | Dec 8, 2021 | An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to access sensitive information. | ||
| CVE-2021-25462 | Low | 0.21 | 3.3 | 0.00 | Sep 9, 2021 | NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption. | ||
| CVE-2021-25458 | Low | 0.21 | 3.3 | 0.00 | Sep 9, 2021 | NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption. | ||
| CVE-2021-25455 | Low | 0.21 | 3.3 | 0.00 | Sep 9, 2021 | OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file. |
- risk 0.21cvss 3.3epss 0.00
Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity.
- risk 0.21cvss 3.3epss 0.00
Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log.
- risk 0.21cvss 3.3epss 0.00
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by sending braodcast intent.
- risk 0.21cvss 3.3epss 0.00
Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log.
- risk 0.21cvss 3.3epss 0.00
Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log.
- risk 0.21cvss 3.3epss 0.00
Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log.
- risk 0.21cvss 3.3epss 0.00
Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log.
- risk 0.21cvss 3.3epss 0.00
Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission.
- risk 0.21cvss 3.3epss 0.00
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action.
- risk 0.21cvss 3.3epss 0.00
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action.
- risk 0.21cvss 3.3epss 0.00
Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected.
- risk 0.21cvss 3.3epss 0.00
Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner.
- risk 0.21cvss 3.3epss 0.00
Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission
- risk 0.21cvss 3.3epss 0.00
Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission.
- risk 0.21cvss 3.3epss 0.00
Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission.
- risk 0.21cvss 3.3epss 0.00
Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read.
- risk 0.21cvss 3.3epss 0.00
An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to access sensitive information.
- risk 0.21cvss 3.3epss 0.00
NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
- risk 0.21cvss 3.3epss 0.00
NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
- risk 0.21cvss 3.3epss 0.00
OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.
Page 30 of 46