mobile devices
CVEs (911)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-21473 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader. | |||
| CVE-2023-21472 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader. | |||
| CVE-2023-21471 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows attackers to read arbitrary files with system permission. | |||
| CVE-2023-21470 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.NETWORK_LOCATION action. | |||
| CVE-2023-21469 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.GEOFENCE action. | |||
| CVE-2023-21468 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper access control vulnerability in Telephony prior to SMR Apr-2023 Release 1 allows attackers to access files with escalated permission. | |||
| CVE-2023-21467 | 0.00 | — | 0.00 | Sep 3, 2025 | Error in 3GPP specification implementation in Exynos baseband prior to SMR Apr-2023 Release 1 allows incorrect handling of unencrypted message. | |||
| CVE-2023-21466 | 0.00 | — | 0.00 | Sep 3, 2025 | PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023 Release 1 allows local attackers to access contentProvider without proper permission. | |||
| CVE-2025-21015 | 0.00 | — | 0.00 | Aug 6, 2025 | Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege. | |||
| CVE-2025-21014 | 0.00 | — | 0.00 | Aug 6, 2025 | Improper export of android application component in Emergency SoS prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information. | |||
| CVE-2025-21010 | 0.00 | — | 0.00 | Aug 6, 2025 | Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account. | |||
| CVE-2025-20990 | 0.00 | — | 0.00 | Aug 6, 2025 | Improper access control in accessing system device node prior to SMR Aug-2025 Release 1 allows local attackers to access device identifier. | |||
| CVE-2025-21004 | 0.00 | — | 0.00 | Jul 8, 2025 | Improper verification of intent by broadcast receiver in System UI for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to power off the device. | |||
| CVE-2025-21003 | 0.00 | — | 0.00 | Jul 8, 2025 | Insecure storage of sensitive information in Emergency SOS prior to SMR Jul-2025 Release 1 allows local attackers to access sensitive information. | |||
| CVE-2025-21002 | 0.00 | — | 0.00 | Jul 8, 2025 | Improper access control in LeAudioService prior to SMR Jul-2025 Release 1 allows local attackers to manipulate broadcasting Auracast. | |||
| CVE-2025-21001 | 0.00 | — | 0.00 | Jul 8, 2025 | Improper access control in LeAudioService prior to SMR Jul-2025 Release 1 allows local attackers to stop broadcasting Auracast. | |||
| CVE-2025-21000 | 0.00 | — | 0.00 | Jul 8, 2025 | Improper privilege management in Bluetooth prior to SMR Jul-2025 Release 1 allows local attackers to enable Bluetooth. | |||
| CVE-2025-20999 | 0.00 | — | 0.00 | Jul 8, 2025 | Improper authorization in accessing saved Wi-Fi password for Galaxy Tablet prior to SMR Jul-2025 Release 1 allows secondary users to access owner's saved Wi-Fi password. | |||
| CVE-2025-20998 | 0.00 | — | 0.00 | Jul 8, 2025 | Improper access control in SamsungAccount for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to access phone number. | |||
| CVE-2025-20997 | 0.00 | — | 0.00 | Jul 8, 2025 | Incorrect default permission in Framework for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to reset some configuration of Galaxy Watch. |
- CVE-2023-21473Sep 3, 2025risk 0.00cvss —epss 0.00
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader.
- CVE-2023-21472Sep 3, 2025risk 0.00cvss —epss 0.00
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader.
- CVE-2023-21471Sep 3, 2025risk 0.00cvss —epss 0.00
Improper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows attackers to read arbitrary files with system permission.
- CVE-2023-21470Sep 3, 2025risk 0.00cvss —epss 0.00
Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.NETWORK_LOCATION action.
- CVE-2023-21469Sep 3, 2025risk 0.00cvss —epss 0.00
Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.GEOFENCE action.
- CVE-2023-21468Sep 3, 2025risk 0.00cvss —epss 0.00
Improper access control vulnerability in Telephony prior to SMR Apr-2023 Release 1 allows attackers to access files with escalated permission.
- CVE-2023-21467Sep 3, 2025risk 0.00cvss —epss 0.00
Error in 3GPP specification implementation in Exynos baseband prior to SMR Apr-2023 Release 1 allows incorrect handling of unencrypted message.
- CVE-2023-21466Sep 3, 2025risk 0.00cvss —epss 0.00
PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023 Release 1 allows local attackers to access contentProvider without proper permission.
- CVE-2025-21015Aug 6, 2025risk 0.00cvss —epss 0.00
Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege.
- CVE-2025-21014Aug 6, 2025risk 0.00cvss —epss 0.00
Improper export of android application component in Emergency SoS prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information.
- CVE-2025-21010Aug 6, 2025risk 0.00cvss —epss 0.00
Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account.
- CVE-2025-20990Aug 6, 2025risk 0.00cvss —epss 0.00
Improper access control in accessing system device node prior to SMR Aug-2025 Release 1 allows local attackers to access device identifier.
- CVE-2025-21004Jul 8, 2025risk 0.00cvss —epss 0.00
Improper verification of intent by broadcast receiver in System UI for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to power off the device.
- CVE-2025-21003Jul 8, 2025risk 0.00cvss —epss 0.00
Insecure storage of sensitive information in Emergency SOS prior to SMR Jul-2025 Release 1 allows local attackers to access sensitive information.
- CVE-2025-21002Jul 8, 2025risk 0.00cvss —epss 0.00
Improper access control in LeAudioService prior to SMR Jul-2025 Release 1 allows local attackers to manipulate broadcasting Auracast.
- CVE-2025-21001Jul 8, 2025risk 0.00cvss —epss 0.00
Improper access control in LeAudioService prior to SMR Jul-2025 Release 1 allows local attackers to stop broadcasting Auracast.
- CVE-2025-21000Jul 8, 2025risk 0.00cvss —epss 0.00
Improper privilege management in Bluetooth prior to SMR Jul-2025 Release 1 allows local attackers to enable Bluetooth.
- CVE-2025-20999Jul 8, 2025risk 0.00cvss —epss 0.00
Improper authorization in accessing saved Wi-Fi password for Galaxy Tablet prior to SMR Jul-2025 Release 1 allows secondary users to access owner's saved Wi-Fi password.
- CVE-2025-20998Jul 8, 2025risk 0.00cvss —epss 0.00
Improper access control in SamsungAccount for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to access phone number.
- CVE-2025-20997Jul 8, 2025risk 0.00cvss —epss 0.00
Incorrect default permission in Framework for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to reset some configuration of Galaxy Watch.
Page 36 of 46