mobile devices
CVEs (911)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-20956 | 0.00 | — | 0.00 | May 7, 2025 | Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings. | |||
| CVE-2025-20955 | 0.00 | — | 0.00 | May 7, 2025 | Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackers to access notification images. | |||
| CVE-2025-20954 | 0.00 | — | 0.00 | May 7, 2025 | Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability. | |||
| CVE-2025-20953 | 0.00 | — | 0.00 | May 7, 2025 | Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN. | |||
| CVE-2025-20937 | 0.00 | — | 0.00 | May 7, 2025 | Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory. | |||
| CVE-2025-20952 | 0.00 | — | 0.00 | Apr 9, 2025 | Improper access control in Mdecservice prior to SMR Apr-2025 Release 1 allows local attackers to access arbitrary files with system privilege. | |||
| CVE-2025-20946 | 0.00 | — | 0.00 | Apr 8, 2025 | Improper handling of exceptional conditions in pairing specific bluetooth devices in Galaxy Watch Bluetooth pairing prior to SMR Apr-2025 Release 1 allows local attackers to pair with specific bluetooth devices without user interaction. | |||
| CVE-2025-20939 | 0.00 | — | 0.00 | Apr 8, 2025 | Improper authorization in wireless download protocol in Galaxy Watch prior to SMR Apr-2025 Release 1 allows physical attackers to update device unique identifier of Watch devices. | |||
| CVE-2025-20948 | 0.00 | — | 0.00 | Apr 8, 2025 | Out-of-bounds read in enrollment with cdsp frame secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to read out-of-bounds memory. | |||
| CVE-2025-20947 | 0.00 | — | 0.00 | Apr 8, 2025 | Improper handling of insufficient permission or privileges in ClipboardService prior to SMR Apr-2025 Release 1 allows local attackers to access image files across multiple users. User interaction is required for triggering this vulnerability. | |||
| CVE-2025-20945 | 0.00 | — | 0.00 | Apr 8, 2025 | Improper access control in Galaxy Watch prior to SMR Apr-2025 Release 1 allows local attackers to access sensitive information of Galaxy watch. | |||
| CVE-2025-20944 | 0.00 | — | 0.00 | Apr 8, 2025 | Out-of-bounds read in parsing audio data in libsavsac.so prior to SMR Apr-2025 Release 1 allows local attackers to read out-of-bounds memory. | |||
| CVE-2025-20943 | 0.00 | — | 0.00 | Apr 8, 2025 | Out-of-bounds write in secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to cause memory corruption. | |||
| CVE-2025-20942 | 0.00 | — | 0.00 | Apr 8, 2025 | Improper Verification of Intent by Broadcast Receiver in DeviceIdService prior to SMR Apr-2025 Release 1 allows local attackers to reset OAID. | |||
| CVE-2025-20941 | 0.00 | — | 0.00 | Apr 8, 2025 | Improper access control in InputManager to SMR Apr-2025 Release 1 allows local attackers to access the scancode of specific input device. | |||
| CVE-2025-20938 | 0.00 | — | 0.00 | Apr 8, 2025 | Improper access control in SamsungContacts prior to SMR Apr-2025 Release 1 allows local attackers to access protected data in SamsungContacts. | |||
| CVE-2025-20936 | 0.00 | — | 0.00 | Apr 8, 2025 | Improper access control in HDCP trustlet prior to SMR Apr-2025 Release 1 allows local attackers with shell privilege to escalate their privileges to root. | |||
| CVE-2025-20934 | 0.00 | — | 0.00 | Apr 8, 2025 | Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege. | |||
| CVE-2025-20912 | 0.00 | — | 0.00 | Mar 6, 2025 | Incorrect default permission in DiagMonAgent prior to SMR Mar-2025 Release 1 allows local attackers to access data within Galaxy Watch. | |||
| CVE-2025-20911 | 0.00 | — | 0.00 | Mar 6, 2025 | Improper access control in sem_wifi service prior to SMR Mar-2025 Release 1 allows privileged local attackers to update MAC address of Galaxy Watch. |
- CVE-2025-20956May 7, 2025risk 0.00cvss —epss 0.00
Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings.
- CVE-2025-20955May 7, 2025risk 0.00cvss —epss 0.00
Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackers to access notification images.
- CVE-2025-20954May 7, 2025risk 0.00cvss —epss 0.00
Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability.
- CVE-2025-20953May 7, 2025risk 0.00cvss —epss 0.00
Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN.
- CVE-2025-20937May 7, 2025risk 0.00cvss —epss 0.00
Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
- CVE-2025-20952Apr 9, 2025risk 0.00cvss —epss 0.00
Improper access control in Mdecservice prior to SMR Apr-2025 Release 1 allows local attackers to access arbitrary files with system privilege.
- CVE-2025-20946Apr 8, 2025risk 0.00cvss —epss 0.00
Improper handling of exceptional conditions in pairing specific bluetooth devices in Galaxy Watch Bluetooth pairing prior to SMR Apr-2025 Release 1 allows local attackers to pair with specific bluetooth devices without user interaction.
- CVE-2025-20939Apr 8, 2025risk 0.00cvss —epss 0.00
Improper authorization in wireless download protocol in Galaxy Watch prior to SMR Apr-2025 Release 1 allows physical attackers to update device unique identifier of Watch devices.
- CVE-2025-20948Apr 8, 2025risk 0.00cvss —epss 0.00
Out-of-bounds read in enrollment with cdsp frame secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to read out-of-bounds memory.
- CVE-2025-20947Apr 8, 2025risk 0.00cvss —epss 0.00
Improper handling of insufficient permission or privileges in ClipboardService prior to SMR Apr-2025 Release 1 allows local attackers to access image files across multiple users. User interaction is required for triggering this vulnerability.
- CVE-2025-20945Apr 8, 2025risk 0.00cvss —epss 0.00
Improper access control in Galaxy Watch prior to SMR Apr-2025 Release 1 allows local attackers to access sensitive information of Galaxy watch.
- CVE-2025-20944Apr 8, 2025risk 0.00cvss —epss 0.00
Out-of-bounds read in parsing audio data in libsavsac.so prior to SMR Apr-2025 Release 1 allows local attackers to read out-of-bounds memory.
- CVE-2025-20943Apr 8, 2025risk 0.00cvss —epss 0.00
Out-of-bounds write in secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to cause memory corruption.
- CVE-2025-20942Apr 8, 2025risk 0.00cvss —epss 0.00
Improper Verification of Intent by Broadcast Receiver in DeviceIdService prior to SMR Apr-2025 Release 1 allows local attackers to reset OAID.
- CVE-2025-20941Apr 8, 2025risk 0.00cvss —epss 0.00
Improper access control in InputManager to SMR Apr-2025 Release 1 allows local attackers to access the scancode of specific input device.
- CVE-2025-20938Apr 8, 2025risk 0.00cvss —epss 0.00
Improper access control in SamsungContacts prior to SMR Apr-2025 Release 1 allows local attackers to access protected data in SamsungContacts.
- CVE-2025-20936Apr 8, 2025risk 0.00cvss —epss 0.00
Improper access control in HDCP trustlet prior to SMR Apr-2025 Release 1 allows local attackers with shell privilege to escalate their privileges to root.
- CVE-2025-20934Apr 8, 2025risk 0.00cvss —epss 0.00
Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege.
- CVE-2025-20912Mar 6, 2025risk 0.00cvss —epss 0.00
Incorrect default permission in DiagMonAgent prior to SMR Mar-2025 Release 1 allows local attackers to access data within Galaxy Watch.
- CVE-2025-20911Mar 6, 2025risk 0.00cvss —epss 0.00
Improper access control in sem_wifi service prior to SMR Mar-2025 Release 1 allows privileged local attackers to update MAC address of Galaxy Watch.
Page 38 of 46