mobile devices
CVEs (911)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2017-18673 | Low | 0.16 | 2.4 | 0.00 | Apr 7, 2020 | An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can disable the Location service on a locked device, making it impossible for the rightful owner to find a stolen device. The Samsung ID is SVE-2017-8524 (May 2017). | ||
| CVE-2019-20598 | Low | 0.16 | 2.4 | 0.00 | Mar 24, 2020 | An issue was discovered on Samsung mobile devices with O(8.x) software. Bixby leaks the keyboard's learned words, and the clipboard contents, via the lock screen. The Samsung IDs are SVE-2018-12896, SVE-2018-12897 (May 2019). | ||
| CVE-2020-10830 | Low | 0.16 | 2.4 | 0.00 | Mar 24, 2020 | An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can view notifications by entering many PINs in Lockdown mode. The Samsung ID is SVE-2019-16590 (March 2020). | ||
| CVE-2022-39906 | Low | 0.15 | 2.3 | 0.00 | Dec 8, 2022 | Improper access control vulnerability in SecTelephonyProvider prior to SMR Dec-2022 Release 1 allows attackers to access message information. | ||
| CVE-2022-33716 | Low | 0.15 | 2.3 | 0.00 | Aug 5, 2022 | An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory. | ||
| CVE-2022-33686 | Low | 0.15 | 2.3 | 0.00 | Jul 12, 2022 | Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. | ||
| CVE-2021-25491 | Low | 0.15 | 2.3 | 0.00 | Oct 6, 2021 | A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer dereference. | ||
| CVE-2021-25389 | Low | 0.15 | 2.3 | 0.00 | Jun 11, 2021 | Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication. | ||
| CVE-2023-21438 | Low | 0.14 | 2.1 | 0.00 | Feb 9, 2023 | Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder. | ||
| CVE-2022-28794 | Low | 0.14 | 2.2 | 0.00 | Jun 7, 2022 | Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information. | ||
| CVE-2022-33700 | Low | 0.13 | 2.0 | 0.00 | Jul 12, 2022 | Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log. | ||
| CVE-2022-33699 | Low | 0.13 | 2.0 | 0.00 | Jul 12, 2022 | Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log. | ||
| CVE-2022-33693 | Low | 0.13 | 2.0 | 0.00 | Jul 12, 2022 | Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. | ||
| CVE-2022-25831 | Low | 0.13 | 2.0 | 0.00 | Apr 11, 2022 | Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions. | ||
| CVE-2025-21043 | 0.12 | — | 0.01 | KEV | Sep 12, 2025 | Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code. | ||
| CVE-2025-21042 | 0.12 | — | 0.12 | KEV | Sep 12, 2025 | Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code. | ||
| CVE-2022-36857 | Low | 0.12 | 1.9 | 0.00 | Sep 9, 2022 | Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data. | ||
| CVE-2022-36852 | Low | 0.12 | 1.9 | 0.00 | Sep 9, 2022 | Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local attacker to access internal application data. | ||
| CVE-2022-30728 | Low | 0.12 | 1.9 | 0.00 | Jun 7, 2022 | Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. | ||
| CVE-2022-30714 | Low | 0.12 | 1.9 | 0.00 | Jun 7, 2022 | Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. |
- risk 0.16cvss 2.4epss 0.00
An issue was discovered on Samsung mobile devices with N(7.x) software. An attacker can disable the Location service on a locked device, making it impossible for the rightful owner to find a stolen device. The Samsung ID is SVE-2017-8524 (May 2017).
- risk 0.16cvss 2.4epss 0.00
An issue was discovered on Samsung mobile devices with O(8.x) software. Bixby leaks the keyboard's learned words, and the clipboard contents, via the lock screen. The Samsung IDs are SVE-2018-12896, SVE-2018-12897 (May 2019).
- risk 0.16cvss 2.4epss 0.00
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) software. Attackers can view notifications by entering many PINs in Lockdown mode. The Samsung ID is SVE-2019-16590 (March 2020).
- risk 0.15cvss 2.3epss 0.00
Improper access control vulnerability in SecTelephonyProvider prior to SMR Dec-2022 Release 1 allows attackers to access message information.
- risk 0.15cvss 2.3epss 0.00
An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory.
- risk 0.15cvss 2.3epss 0.00
Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.
- risk 0.15cvss 2.3epss 0.00
A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer dereference.
- risk 0.15cvss 2.3epss 0.00
Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication.
- risk 0.14cvss 2.1epss 0.00
Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder.
- risk 0.14cvss 2.2epss 0.00
Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information.
- risk 0.13cvss 2.0epss 0.00
Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.
- risk 0.13cvss 2.0epss 0.00
Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.
- risk 0.13cvss 2.0epss 0.00
Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.
- risk 0.13cvss 2.0epss 0.00
Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions.
- risk 0.12cvss —epss 0.01
Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.
- risk 0.12cvss —epss 0.12
Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.
- risk 0.12cvss 1.9epss 0.00
Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data.
- risk 0.12cvss 1.9epss 0.00
Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local attacker to access internal application data.
- risk 0.12cvss 1.9epss 0.00
Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.
- risk 0.12cvss 1.9epss 0.00
Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.
Page 32 of 46