mobile devices
CVEs (911)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-21468 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper access control vulnerability in Telephony prior to SMR Apr-2023 Release 1 allows attackers to access files with escalated permission. | |||
| CVE-2023-21467 | 0.00 | — | 0.00 | Sep 3, 2025 | Error in 3GPP specification implementation in Exynos baseband prior to SMR Apr-2023 Release 1 allows incorrect handling of unencrypted message. | |||
| CVE-2023-21466 | 0.00 | — | 0.00 | Sep 3, 2025 | PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023 Release 1 allows local attackers to access contentProvider without proper permission. | |||
| CVE-2025-21015 | 0.00 | — | 0.00 | Aug 6, 2025 | Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege. | |||
| CVE-2025-21014 | 0.00 | — | 0.00 | Aug 6, 2025 | Improper export of android application component in Emergency SoS prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information. | |||
| CVE-2025-21010 | 0.00 | — | 0.00 | Aug 6, 2025 | Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account. | |||
| CVE-2025-20990 | 0.00 | — | 0.00 | Aug 6, 2025 | Improper access control in accessing system device node prior to SMR Aug-2025 Release 1 allows local attackers to access device identifier. | |||
| CVE-2025-21004 | 0.00 | — | 0.00 | Jul 8, 2025 | Improper verification of intent by broadcast receiver in System UI for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to power off the device. | |||
| CVE-2025-21003 | 0.00 | — | 0.00 | Jul 8, 2025 | Insecure storage of sensitive information in Emergency SOS prior to SMR Jul-2025 Release 1 allows local attackers to access sensitive information. | |||
| CVE-2025-21002 | 0.00 | — | 0.00 | Jul 8, 2025 | Improper access control in LeAudioService prior to SMR Jul-2025 Release 1 allows local attackers to manipulate broadcasting Auracast. | |||
| CVE-2025-21001 | 0.00 | — | 0.00 | Jul 8, 2025 | Improper access control in LeAudioService prior to SMR Jul-2025 Release 1 allows local attackers to stop broadcasting Auracast. | |||
| CVE-2025-21000 | 0.00 | — | 0.00 | Jul 8, 2025 | Improper privilege management in Bluetooth prior to SMR Jul-2025 Release 1 allows local attackers to enable Bluetooth. | |||
| CVE-2025-20999 | 0.00 | — | 0.00 | Jul 8, 2025 | Improper authorization in accessing saved Wi-Fi password for Galaxy Tablet prior to SMR Jul-2025 Release 1 allows secondary users to access owner's saved Wi-Fi password. | |||
| CVE-2025-20998 | 0.00 | — | 0.00 | Jul 8, 2025 | Improper access control in SamsungAccount for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to access phone number. | |||
| CVE-2025-20997 | 0.00 | — | 0.00 | Jul 8, 2025 | Incorrect default permission in Framework for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to reset some configuration of Galaxy Watch. | |||
| CVE-2025-20983 | 0.00 | — | 0.00 | Jul 8, 2025 | Out-of-bounds write in checking auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory. | |||
| CVE-2025-20982 | 0.00 | — | 0.00 | Jul 8, 2025 | Out-of-bounds write in setting auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory. | |||
| CVE-2025-20993 | 0.00 | — | 0.00 | Jun 4, 2025 | Out-of-bounds write in libsecimaging.camera.samsung.so prior to SMR Jun-2025 Release 1 allows local attackers to write out-of-bounds memory. | |||
| CVE-2025-20992 | 0.00 | — | 0.00 | Jun 4, 2025 | Out-of-bound read in libsecimaging.camera.samsung.so prior to SMR Feb-2025 Release 1 allows local attackers to read out-of-bounds memory. | |||
| CVE-2025-20991 | 0.00 | — | 0.00 | Jun 4, 2025 | Improper export of Android application components in Bluetooth prior to SMR Jun-2025 Release 1 allows local attackers to make devices discoverable. |
- CVE-2023-21468Sep 3, 2025risk 0.00cvss —epss 0.00
Improper access control vulnerability in Telephony prior to SMR Apr-2023 Release 1 allows attackers to access files with escalated permission.
- CVE-2023-21467Sep 3, 2025risk 0.00cvss —epss 0.00
Error in 3GPP specification implementation in Exynos baseband prior to SMR Apr-2023 Release 1 allows incorrect handling of unencrypted message.
- CVE-2023-21466Sep 3, 2025risk 0.00cvss —epss 0.00
PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023 Release 1 allows local attackers to access contentProvider without proper permission.
- CVE-2025-21015Aug 6, 2025risk 0.00cvss —epss 0.00
Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege.
- CVE-2025-21014Aug 6, 2025risk 0.00cvss —epss 0.00
Improper export of android application component in Emergency SoS prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information.
- CVE-2025-21010Aug 6, 2025risk 0.00cvss —epss 0.00
Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account.
- CVE-2025-20990Aug 6, 2025risk 0.00cvss —epss 0.00
Improper access control in accessing system device node prior to SMR Aug-2025 Release 1 allows local attackers to access device identifier.
- CVE-2025-21004Jul 8, 2025risk 0.00cvss —epss 0.00
Improper verification of intent by broadcast receiver in System UI for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to power off the device.
- CVE-2025-21003Jul 8, 2025risk 0.00cvss —epss 0.00
Insecure storage of sensitive information in Emergency SOS prior to SMR Jul-2025 Release 1 allows local attackers to access sensitive information.
- CVE-2025-21002Jul 8, 2025risk 0.00cvss —epss 0.00
Improper access control in LeAudioService prior to SMR Jul-2025 Release 1 allows local attackers to manipulate broadcasting Auracast.
- CVE-2025-21001Jul 8, 2025risk 0.00cvss —epss 0.00
Improper access control in LeAudioService prior to SMR Jul-2025 Release 1 allows local attackers to stop broadcasting Auracast.
- CVE-2025-21000Jul 8, 2025risk 0.00cvss —epss 0.00
Improper privilege management in Bluetooth prior to SMR Jul-2025 Release 1 allows local attackers to enable Bluetooth.
- CVE-2025-20999Jul 8, 2025risk 0.00cvss —epss 0.00
Improper authorization in accessing saved Wi-Fi password for Galaxy Tablet prior to SMR Jul-2025 Release 1 allows secondary users to access owner's saved Wi-Fi password.
- CVE-2025-20998Jul 8, 2025risk 0.00cvss —epss 0.00
Improper access control in SamsungAccount for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to access phone number.
- CVE-2025-20997Jul 8, 2025risk 0.00cvss —epss 0.00
Incorrect default permission in Framework for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to reset some configuration of Galaxy Watch.
- CVE-2025-20983Jul 8, 2025risk 0.00cvss —epss 0.00
Out-of-bounds write in checking auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
- CVE-2025-20982Jul 8, 2025risk 0.00cvss —epss 0.00
Out-of-bounds write in setting auth secret in KnoxVault trustlet prior to SMR Jul-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
- CVE-2025-20993Jun 4, 2025risk 0.00cvss —epss 0.00
Out-of-bounds write in libsecimaging.camera.samsung.so prior to SMR Jun-2025 Release 1 allows local attackers to write out-of-bounds memory.
- CVE-2025-20992Jun 4, 2025risk 0.00cvss —epss 0.00
Out-of-bound read in libsecimaging.camera.samsung.so prior to SMR Feb-2025 Release 1 allows local attackers to read out-of-bounds memory.
- CVE-2025-20991Jun 4, 2025risk 0.00cvss —epss 0.00
Improper export of Android application components in Bluetooth prior to SMR Jun-2025 Release 1 allows local attackers to make devices discoverable.
Page 5 of 46