mobile devices
CVEs (911)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-25451 | Low | 0.21 | 3.3 | 0.00 | Sep 9, 2021 | A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data. | ||
| CVE-2018-21074 | Low | 0.21 | 3.3 | 0.00 | Apr 8, 2020 | An issue was discovered on Samsung mobile devices with M(6.x) (Exynos or Qualcomm chipsets) software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is SVE-2017-10638 (April 2018). | ||
| CVE-2019-20625 | Low | 0.21 | 3.3 | 0.00 | Mar 24, 2020 | An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) (Exynos chipsets) software. The ion debugfs driver allows information disclosure. The Samsung ID is SVE-2018-13427 (February 2019). | ||
| CVE-2021-25454 | Low | 0.20 | 3.1 | 0.00 | Sep 9, 2021 | OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file. | ||
| CVE-2022-27834 | Low | 0.19 | 2.9 | 0.00 | Apr 11, 2022 | Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions. | ||
| CVE-2022-27831 | Low | 0.19 | 2.9 | 0.00 | Apr 11, 2022 | Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior to SMR Apr-2022 Release 1 allows attackers to read out of bounds memory. | ||
| CVE-2021-25336 | Low | 0.18 | 2.8 | 0.00 | Mar 4, 2021 | Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted malicious intent. | ||
| CVE-2023-21512 | Low | 0.16 | 2.4 | 0.00 | Jun 28, 2023 | Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission. | ||
| CVE-2023-21454 | Low | 0.16 | 2.4 | 0.00 | Mar 16, 2023 | Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows physical attacker to access users text history on the lockscreen. | ||
| CVE-2022-33720 | Low | 0.16 | 2.4 | 0.00 | Aug 5, 2022 | Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut. | ||
| CVE-2022-30721 | Low | 0.16 | 2.5 | 0.00 | Jun 7, 2022 | Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. | ||
| CVE-2022-30720 | Low | 0.16 | 2.5 | 0.00 | Jun 7, 2022 | Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. | ||
| CVE-2022-30719 | Low | 0.16 | 2.5 | 0.00 | Jun 7, 2022 | Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. | ||
| CVE-2022-30709 | Low | 0.16 | 2.5 | 0.00 | Jun 7, 2022 | Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. | ||
| CVE-2021-25513 | Low | 0.16 | 2.4 | 0.00 | Dec 8, 2021 | An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Release 1 allows unauthorized access to some device data on the lockscreen. | ||
| CVE-2021-25486 | Low | 0.16 | 2.5 | 0.00 | Oct 6, 2021 | Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log. | ||
| CVE-2021-25409 | Low | 0.16 | 2.4 | 0.00 | Jun 11, 2021 | Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device. | ||
| CVE-2021-25335 | Low | 0.16 | 2.5 | 0.00 | Mar 4, 2021 | Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscreen in specific condition. | ||
| CVE-2018-21077 | Low | 0.16 | 2.4 | 0.00 | Apr 8, 2020 | An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is a Clipboard content disclosure in the locked state because the keyboard may be used during an emergency call. The Samsung ID is SVE-2017-11107 (April 2018). | ||
| CVE-2020-11606 | Low | 0.16 | 2.4 | 0.00 | Apr 8, 2020 | An issue was discovered on Samsung mobile devices with Q(10.0) software. Information about application preview (in the Secure Folder) leaks on a locked device. The Samsung ID is SVE-2019-16463 (April 2020). |
- risk 0.21cvss 3.3epss 0.00
A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.
- risk 0.21cvss 3.3epss 0.00
An issue was discovered on Samsung mobile devices with M(6.x) (Exynos or Qualcomm chipsets) software. There is information disclosure from a Trustlet via the debug log. The Samsung ID is SVE-2017-10638 (April 2018).
- risk 0.21cvss 3.3epss 0.00
An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) (Exynos chipsets) software. The ion debugfs driver allows information disclosure. The Samsung ID is SVE-2018-13427 (February 2019).
- risk 0.20cvss 3.1epss 0.00
OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.
- risk 0.19cvss 2.9epss 0.00
Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions.
- risk 0.19cvss 2.9epss 0.00
Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior to SMR Apr-2022 Release 1 allows attackers to read out of bounds memory.
- risk 0.18cvss 2.8epss 0.00
Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted malicious intent.
- risk 0.16cvss 2.4epss 0.00
Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission.
- risk 0.16cvss 2.4epss 0.00
Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows physical attacker to access users text history on the lockscreen.
- risk 0.16cvss 2.4epss 0.00
Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut.
- risk 0.16cvss 2.5epss 0.00
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
- risk 0.16cvss 2.5epss 0.00
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
- risk 0.16cvss 2.5epss 0.00
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
- risk 0.16cvss 2.5epss 0.00
Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
- risk 0.16cvss 2.4epss 0.00
An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Release 1 allows unauthorized access to some device data on the lockscreen.
- risk 0.16cvss 2.5epss 0.00
Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log.
- risk 0.16cvss 2.4epss 0.00
Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device.
- risk 0.16cvss 2.5epss 0.00
Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscreen in specific condition.
- risk 0.16cvss 2.4epss 0.00
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x), and O(8.x) software. There is a Clipboard content disclosure in the locked state because the keyboard may be used during an emergency call. The Samsung ID is SVE-2017-11107 (April 2018).
- risk 0.16cvss 2.4epss 0.00
An issue was discovered on Samsung mobile devices with Q(10.0) software. Information about application preview (in the Secure Folder) leaks on a locked device. The Samsung ID is SVE-2019-16463 (April 2020).
Page 31 of 46