Android
CVEs (43)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-21016 | Med | 0.36 | 5.5 | 0.00 | May 13, 2026 | Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information. | ||
| CVE-2026-21015 | Med | 0.36 | 5.5 | 0.00 | May 13, 2026 | Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier. | ||
| CVE-2026-21023 | Med | 0.36 | 5.5 | 0.00 | Apr 29, 2026 | Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local attackers to modify the installation restriction of specific application. | ||
| CVE-2016-4546 | Med | 0.36 | 5.5 | 0.00 | Feb 13, 2017 | Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call. | ||
| CVE-2017-5217 | Med | 0.36 | 5.5 | 0.01 | Jan 9, 2017 | Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app… | ||
| CVE-2025-21030 | Med | 0.28 | 4.3 | 0.00 | Sep 3, 2025 | Improper handling of insufficient permission in AppPrelaunchManagerService prior to SMR Sep-2025 Release 1 in Chinese Android 15 allows local attackers to execute arbitrary application in the background. | ||
| CVE-2026-21027 | Low | 0.21 | 3.3 | 0.00 | Jun 5, 2026 | Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function. | ||
| CVE-2026-21012 | Low | 0.21 | 3.3 | 0.00 | Apr 13, 2026 | External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege. | ||
| CVE-2026-21006 | Low | 0.16 | 2.4 | 0.00 | Apr 13, 2026 | Improper access control in Samsung DeX prior to SMR Apr-2026 Release 1 allows physical attackers to access to hidden notification contents. | ||
| CVE-2020-8899 | 0.01 | — | 0.06 | May 6, 2020 | There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram… | |||
| CVE-2024-20803 | 0.00 | — | 0.00 | Jan 4, 2024 | Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction. | |||
| CVE-2023-30671 | 0.00 | — | 0.00 | Jul 6, 2023 | Logic error in package installation via adb command prior to SMR Jul-2023 Release 1 allows local attackers to downgrade installed application. | |||
| CVE-2023-30667 | 0.00 | — | 0.00 | Jul 6, 2023 | Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege. | |||
| CVE-2022-39914 | 0.00 | — | 0.00 | Dec 8, 2022 | Exposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung DisplayManagerService prior to Android T(13) allows local attacker to access connected DLNA device information. | |||
| CVE-2022-39912 | 0.00 | — | 0.00 | Dec 8, 2022 | Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder. | |||
| CVE-2022-36850 | 0.00 | — | 0.00 | Sep 9, 2022 | Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid. | |||
| CVE-2022-30753 | 0.00 | — | 0.00 | Jul 11, 2022 | Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission. | |||
| CVE-2022-28794 | 0.00 | — | 0.00 | Jun 7, 2022 | Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information. | |||
| CVE-2020-35693 | 0.00 | — | 0.00 | Dec 24, 2020 | On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device's Bluetooth is on, and it is… | |||
| CVE-2020-0334 | 0.00 | — | 0.00 | Sep 18, 2020 | In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions:… |
- risk 0.36cvss 5.5epss 0.00
Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.
- risk 0.36cvss 5.5epss 0.00
Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier.
- risk 0.36cvss 5.5epss 0.00
Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local attackers to modify the installation restriction of specific application.
- risk 0.36cvss 5.5epss 0.00
Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call.
- risk 0.36cvss 5.5epss 0.01
Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app…
- risk 0.28cvss 4.3epss 0.00
Improper handling of insufficient permission in AppPrelaunchManagerService prior to SMR Sep-2025 Release 1 in Chinese Android 15 allows local attackers to execute arbitrary application in the background.
- risk 0.21cvss 3.3epss 0.00
Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function.
- risk 0.21cvss 3.3epss 0.00
External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege.
- risk 0.16cvss 2.4epss 0.00
Improper access control in Samsung DeX prior to SMR Apr-2026 Release 1 allows physical attackers to access to hidden notification contents.
- CVE-2020-8899May 6, 2020risk 0.01cvss —epss 0.06
There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram…
- CVE-2024-20803Jan 4, 2024risk 0.00cvss —epss 0.00
Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction.
- CVE-2023-30671Jul 6, 2023risk 0.00cvss —epss 0.00
Logic error in package installation via adb command prior to SMR Jul-2023 Release 1 allows local attackers to downgrade installed application.
- CVE-2023-30667Jul 6, 2023risk 0.00cvss —epss 0.00
Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege.
- CVE-2022-39914Dec 8, 2022risk 0.00cvss —epss 0.00
Exposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung DisplayManagerService prior to Android T(13) allows local attacker to access connected DLNA device information.
- CVE-2022-39912Dec 8, 2022risk 0.00cvss —epss 0.00
Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder.
- CVE-2022-36850Sep 9, 2022risk 0.00cvss —epss 0.00
Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid.
- CVE-2022-30753Jul 11, 2022risk 0.00cvss —epss 0.00
Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission.
- CVE-2022-28794Jun 7, 2022risk 0.00cvss —epss 0.00
Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information.
- CVE-2020-35693Dec 24, 2020risk 0.00cvss —epss 0.00
On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device's Bluetooth is on, and it is…
- CVE-2020-0334Sep 18, 2020risk 0.00cvss —epss 0.00
In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
Page 2 of 3