mobile devices
CVEs (911)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-20983 | 0.00 | — | 0.00 | Jul 8, 2025 | Out-of-bounds write in checking auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory. | |||
| CVE-2025-20982 | 0.00 | — | 0.00 | Jul 8, 2025 | Out-of-bounds write in setting auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory. | |||
| CVE-2025-20993 | 0.00 | — | 0.00 | Jun 4, 2025 | Out-of-bounds write in libsecimaging.camera.samsung.so prior to SMR Jun-2025 Release 1 allows local attackers to write out-of-bounds memory. | |||
| CVE-2025-20992 | 0.00 | — | 0.00 | Jun 4, 2025 | Out-of-bound read in libsecimaging.camera.samsung.so prior to SMR Feb-2025 Release 1 allows local attackers to read out-of-bounds memory. | |||
| CVE-2025-20991 | 0.00 | — | 0.00 | Jun 4, 2025 | Improper export of Android application components in Bluetooth prior to SMR Jun-2025 Release 1 allows local attackers to make devices discoverable. | |||
| CVE-2025-20989 | 0.00 | — | 0.00 | Jun 4, 2025 | Improper logging in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a hmac_key. | |||
| CVE-2025-20988 | 0.00 | — | 0.00 | Jun 4, 2025 | Out-of-bounds read in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to read out-of-bounds memory. | |||
| CVE-2025-20987 | 0.00 | — | 0.00 | Jun 4, 2025 | Improper access control in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a auth_token. | |||
| CVE-2025-20986 | 0.00 | — | 0.00 | Jun 4, 2025 | Improper access control in ScreenCapture for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to take screenshots. | |||
| CVE-2025-20985 | 0.00 | — | 0.00 | Jun 4, 2025 | Improper privilege management in ThemeManager prior to SMR Jun-2025 Release 1 allows local privileged attackers to reuse trial items. | |||
| CVE-2025-20984 | 0.00 | — | 0.00 | Jun 4, 2025 | Incorrect default permission in Samsung Cloud for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to access data in Samsung Cloud for Galaxy Watch. | |||
| CVE-2025-20981 | 0.00 | — | 0.00 | Jun 4, 2025 | Improper access control in AudioService prior to SMR Jun-2025 Release 1 allows local attackers to access sensitive information. | |||
| CVE-2025-20964 | 0.00 | — | 0.00 | May 7, 2025 | Out-of-bounds write in parsing media files in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory. | |||
| CVE-2025-20963 | 0.00 | — | 0.00 | May 7, 2025 | Out-of-bounds write in memory initialization in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory. | |||
| CVE-2025-20962 | 0.00 | — | 0.00 | May 7, 2025 | Improper handling of insufficient permission in SpenGesture service prior to SMR May-2025 Release 1 allows local attackers to track the S Pen position. | |||
| CVE-2025-20961 | 0.00 | — | 0.00 | May 7, 2025 | Improper handling of insufficient permission or privileges in sepunion service prior to SMR May-2025 Release 1 allows local privileged attackers to access files with system privilege. | |||
| CVE-2025-20960 | 0.00 | — | 0.00 | May 7, 2025 | Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileged api. | |||
| CVE-2025-20959 | 0.00 | — | 0.00 | May 7, 2025 | Use of implicit intent for sensitive communication in Wi-Fi P2P service prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. | |||
| CVE-2025-20958 | 0.00 | — | 0.00 | May 7, 2025 | Improper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1 allows local attackers to manipulate VoWiFi related behaviors. | |||
| CVE-2025-20957 | 0.00 | — | 0.00 | May 7, 2025 | Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch arbitrary activities with SmartManagerCN privilege. |
- CVE-2025-20983Jul 8, 2025risk 0.00cvss —epss 0.00
Out-of-bounds write in checking auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
- CVE-2025-20982Jul 8, 2025risk 0.00cvss —epss 0.00
Out-of-bounds write in setting auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
- CVE-2025-20993Jun 4, 2025risk 0.00cvss —epss 0.00
Out-of-bounds write in libsecimaging.camera.samsung.so prior to SMR Jun-2025 Release 1 allows local attackers to write out-of-bounds memory.
- CVE-2025-20992Jun 4, 2025risk 0.00cvss —epss 0.00
Out-of-bound read in libsecimaging.camera.samsung.so prior to SMR Feb-2025 Release 1 allows local attackers to read out-of-bounds memory.
- CVE-2025-20991Jun 4, 2025risk 0.00cvss —epss 0.00
Improper export of Android application components in Bluetooth prior to SMR Jun-2025 Release 1 allows local attackers to make devices discoverable.
- CVE-2025-20989Jun 4, 2025risk 0.00cvss —epss 0.00
Improper logging in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a hmac_key.
- CVE-2025-20988Jun 4, 2025risk 0.00cvss —epss 0.00
Out-of-bounds read in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to read out-of-bounds memory.
- CVE-2025-20987Jun 4, 2025risk 0.00cvss —epss 0.00
Improper access control in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a auth_token.
- CVE-2025-20986Jun 4, 2025risk 0.00cvss —epss 0.00
Improper access control in ScreenCapture for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to take screenshots.
- CVE-2025-20985Jun 4, 2025risk 0.00cvss —epss 0.00
Improper privilege management in ThemeManager prior to SMR Jun-2025 Release 1 allows local privileged attackers to reuse trial items.
- CVE-2025-20984Jun 4, 2025risk 0.00cvss —epss 0.00
Incorrect default permission in Samsung Cloud for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to access data in Samsung Cloud for Galaxy Watch.
- CVE-2025-20981Jun 4, 2025risk 0.00cvss —epss 0.00
Improper access control in AudioService prior to SMR Jun-2025 Release 1 allows local attackers to access sensitive information.
- CVE-2025-20964May 7, 2025risk 0.00cvss —epss 0.00
Out-of-bounds write in parsing media files in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.
- CVE-2025-20963May 7, 2025risk 0.00cvss —epss 0.00
Out-of-bounds write in memory initialization in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.
- CVE-2025-20962May 7, 2025risk 0.00cvss —epss 0.00
Improper handling of insufficient permission in SpenGesture service prior to SMR May-2025 Release 1 allows local attackers to track the S Pen position.
- CVE-2025-20961May 7, 2025risk 0.00cvss —epss 0.00
Improper handling of insufficient permission or privileges in sepunion service prior to SMR May-2025 Release 1 allows local privileged attackers to access files with system privilege.
- CVE-2025-20960May 7, 2025risk 0.00cvss —epss 0.00
Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileged api.
- CVE-2025-20959May 7, 2025risk 0.00cvss —epss 0.00
Use of implicit intent for sensitive communication in Wi-Fi P2P service prior to SMR May-2025 Release 1 allows local attackers to access sensitive information.
- CVE-2025-20958May 7, 2025risk 0.00cvss —epss 0.00
Improper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1 allows local attackers to manipulate VoWiFi related behaviors.
- CVE-2025-20957May 7, 2025risk 0.00cvss —epss 0.00
Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch arbitrary activities with SmartManagerCN privilege.
Page 37 of 46