Vendor CVEs
Samsung Mobile
All CVEs
2,204 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-23994 | 0.00 | — | 0.00 | Feb 11, 2022 | An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission. | |||
| CVE-2022-23995 | 0.00 | — | 0.00 | Feb 11, 2022 | Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission. | |||
| CVE-2022-23434 | 0.00 | — | 0.00 | Feb 11, 2022 | A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modifying the intent. | |||
| CVE-2022-23433 | 0.00 | — | 0.01 | Feb 11, 2022 | Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities remotely. | |||
| CVE-2022-23432 | 0.00 | — | 0.00 | Feb 11, 2022 | An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. | |||
| CVE-2022-23431 | 0.00 | — | 0.00 | Feb 11, 2022 | An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. | |||
| CVE-2022-23429 | 0.00 | — | 0.00 | Feb 11, 2022 | An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application crash. | |||
| CVE-2022-23428 | 0.00 | — | 0.00 | Feb 11, 2022 | An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. | |||
| CVE-2022-23427 | 0.00 | — | 0.00 | Feb 11, 2022 | PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent. | |||
| CVE-2022-23425 | 0.00 | — | 0.00 | Feb 11, 2022 | Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station. | |||
| CVE-2022-23426 | 0.00 | — | 0.00 | Feb 11, 2022 | A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege. | |||
| CVE-2022-22292 | 0.00 | — | 0.00 | Feb 11, 2022 | Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity. | |||
| CVE-2022-22291 | 0.00 | — | 0.00 | Feb 11, 2022 | Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device. | |||
| CVE-2022-20036 | 0.00 | — | 0.00 | Feb 9, 2022 | In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171689; Issue ID:… | |||
| CVE-2022-20037 | 0.00 | — | 0.00 | Feb 9, 2022 | In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171705; Issue ID:… | |||
| CVE-2022-20017 | 0.00 | — | 0.00 | Feb 9, 2022 | In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862991; Issue ID:… | |||
| CVE-2022-22290 | 0.00 | — | 0.01 | Jan 14, 2022 | Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page. | |||
| CVE-2022-22289 | 0.00 | — | 0.01 | Jan 7, 2022 | Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotely get senstive information. | |||
| CVE-2022-22287 | 0.00 | — | 0.00 | Jan 7, 2022 | Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isolated data in sandbox. | |||
| CVE-2022-22288 | 0.00 | — | 0.01 | Jan 7, 2022 | Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist. | |||
| CVE-2022-22286 | 0.00 | — | 0.00 | Jan 7, 2022 | A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0) allows attackers to execute privileged action by hijacking and modifying the intent. | |||
| CVE-2022-22285 | 0.00 | — | 0.00 | Jan 7, 2022 | A vulnerability using PendingIntent in Reminder prior to version 12.2.05.0 in Android R(11.0) and 12.3.02.1000 in Android S(12.0) allows attackers to execute privileged action by hijacking and modifying the intent. | |||
| CVE-2022-22283 | 0.00 | — | 0.00 | Jan 7, 2022 | Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging out from Samsung Health App. | |||
| CVE-2022-22284 | 0.00 | — | 0.00 | Jan 7, 2022 | Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication | |||
| CVE-2022-22271 | 0.00 | — | 0.00 | Jan 7, 2022 | A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory. | |||
| CVE-2022-22270 | 0.00 | — | 0.00 | Jan 7, 2022 | An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information. | |||
| CVE-2022-22269 | 0.00 | — | 0.00 | Jan 7, 2022 | Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address. | |||
| CVE-2022-22272 | 0.00 | — | 0.00 | Jan 7, 2022 | Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission | |||
| CVE-2022-22267 | 0.00 | — | 0.00 | Jan 7, 2022 | Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information. | |||
| CVE-2022-22268 | 0.00 | — | 0.00 | Jan 7, 2022 | Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode. | |||
| CVE-2022-22264 | 0.00 | — | 0.00 | Jan 7, 2022 | Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without permission. | |||
| CVE-2022-22266 | 0.00 | — | 0.00 | Jan 7, 2022 | (Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission. | |||
| CVE-2022-22263 | 0.00 | — | 0.00 | Jan 7, 2022 | Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity. | |||
| CVE-2020-9061 | 0.00 | — | 0.01 | Jan 7, 2022 | Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed… | |||
| CVE-2021-42913 | 0.00 | — | 0.02 | Dec 20, 2021 | The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. Authentication is not required. | |||
| CVE-2021-44041 | 0.00 | — | 0.02 | Dec 14, 2021 | UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to execute code on a victim's machine or capture NTLM credentials by supplying a… | |||
| CVE-2021-44042 | 0.00 | — | 0.01 | Dec 14, 2021 | An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the --process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in attacker-controlled content being injected into the error message displayed (when… | |||
| CVE-2021-25527 | 0.00 | — | 0.00 | Dec 8, 2021 | Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication. | |||
| CVE-2021-25526 | 0.00 | — | 0.00 | Dec 8, 2021 | Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action. | |||
| CVE-2021-25525 | 0.00 | — | 0.00 | Dec 8, 2021 | Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition. | |||
| CVE-2021-25523 | 0.00 | — | 0.00 | Dec 8, 2021 | Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID. | |||
| CVE-2021-25522 | 0.00 | — | 0.00 | Dec 8, 2021 | Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 allows attacker to access victim's captured images without permission. | |||
| CVE-2021-25521 | 0.00 | — | 0.00 | Dec 8, 2021 | Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet. | |||
| CVE-2021-25520 | 0.00 | — | 0.00 | Dec 8, 2021 | Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet. | |||
| CVE-2021-25519 | 0.00 | — | 0.00 | Dec 8, 2021 | An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission. | |||
| CVE-2021-25518 | 0.00 | — | 0.00 | Dec 8, 2021 | An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution. | |||
| CVE-2021-25517 | 0.00 | — | 0.00 | Dec 8, 2021 | An improper input validation vulnerability in LDFW prior to SMR Dec-2021 Release 1 allows attackers to perform arbitrary code execution. | |||
| CVE-2021-25516 | 0.00 | — | 0.00 | Dec 8, 2021 | An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations. | |||
| CVE-2021-25515 | 0.00 | — | 0.00 | Dec 8, 2021 | An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID. | |||
| CVE-2021-25514 | 0.00 | — | 0.00 | Dec 8, 2021 | An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to access sensitive information. |
- CVE-2022-23994Feb 11, 2022risk 0.00cvss —epss 0.00
An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission.
- CVE-2022-23995Feb 11, 2022risk 0.00cvss —epss 0.00
Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission.
- CVE-2022-23434Feb 11, 2022risk 0.00cvss —epss 0.00
A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modifying the intent.
- CVE-2022-23433Feb 11, 2022risk 0.00cvss —epss 0.01
Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities remotely.
- CVE-2022-23432Feb 11, 2022risk 0.00cvss —epss 0.00
An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.
- CVE-2022-23431Feb 11, 2022risk 0.00cvss —epss 0.00
An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.
- CVE-2022-23429Feb 11, 2022risk 0.00cvss —epss 0.00
An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application crash.
- CVE-2022-23428Feb 11, 2022risk 0.00cvss —epss 0.00
An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.
- CVE-2022-23427Feb 11, 2022risk 0.00cvss —epss 0.00
PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent.
- CVE-2022-23425Feb 11, 2022risk 0.00cvss —epss 0.00
Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station.
- CVE-2022-23426Feb 11, 2022risk 0.00cvss —epss 0.00
A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege.
- CVE-2022-22292Feb 11, 2022risk 0.00cvss —epss 0.00
Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity.
- CVE-2022-22291Feb 11, 2022risk 0.00cvss —epss 0.00
Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device.
- CVE-2022-20036Feb 9, 2022risk 0.00cvss —epss 0.00
In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171689; Issue ID:…
- CVE-2022-20037Feb 9, 2022risk 0.00cvss —epss 0.00
In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171705; Issue ID:…
- CVE-2022-20017Feb 9, 2022risk 0.00cvss —epss 0.00
In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862991; Issue ID:…
- CVE-2022-22290Jan 14, 2022risk 0.00cvss —epss 0.01
Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page.
- CVE-2022-22289Jan 7, 2022risk 0.00cvss —epss 0.01
Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotely get senstive information.
- CVE-2022-22287Jan 7, 2022risk 0.00cvss —epss 0.00
Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isolated data in sandbox.
- CVE-2022-22288Jan 7, 2022risk 0.00cvss —epss 0.01
Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist.
- CVE-2022-22286Jan 7, 2022risk 0.00cvss —epss 0.00
A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0) allows attackers to execute privileged action by hijacking and modifying the intent.
- CVE-2022-22285Jan 7, 2022risk 0.00cvss —epss 0.00
A vulnerability using PendingIntent in Reminder prior to version 12.2.05.0 in Android R(11.0) and 12.3.02.1000 in Android S(12.0) allows attackers to execute privileged action by hijacking and modifying the intent.
- CVE-2022-22283Jan 7, 2022risk 0.00cvss —epss 0.00
Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging out from Samsung Health App.
- CVE-2022-22284Jan 7, 2022risk 0.00cvss —epss 0.00
Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication
- CVE-2022-22271Jan 7, 2022risk 0.00cvss —epss 0.00
A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory.
- CVE-2022-22270Jan 7, 2022risk 0.00cvss —epss 0.00
An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information.
- CVE-2022-22269Jan 7, 2022risk 0.00cvss —epss 0.00
Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address.
- CVE-2022-22272Jan 7, 2022risk 0.00cvss —epss 0.00
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission
- CVE-2022-22267Jan 7, 2022risk 0.00cvss —epss 0.00
Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information.
- CVE-2022-22268Jan 7, 2022risk 0.00cvss —epss 0.00
Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode.
- CVE-2022-22264Jan 7, 2022risk 0.00cvss —epss 0.00
Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without permission.
- CVE-2022-22266Jan 7, 2022risk 0.00cvss —epss 0.00
(Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission.
- CVE-2022-22263Jan 7, 2022risk 0.00cvss —epss 0.00
Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity.
- CVE-2020-9061Jan 7, 2022risk 0.00cvss —epss 0.01
Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed…
- CVE-2021-42913Dec 20, 2021risk 0.00cvss —epss 0.02
The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. Authentication is not required.
- CVE-2021-44041Dec 14, 2021risk 0.00cvss —epss 0.02
UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to execute code on a victim's machine or capture NTLM credentials by supplying a…
- CVE-2021-44042Dec 14, 2021risk 0.00cvss —epss 0.01
An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the --process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in attacker-controlled content being injected into the error message displayed (when…
- CVE-2021-25527Dec 8, 2021risk 0.00cvss —epss 0.00
Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication.
- CVE-2021-25526Dec 8, 2021risk 0.00cvss —epss 0.00
Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action.
- CVE-2021-25525Dec 8, 2021risk 0.00cvss —epss 0.00
Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition.
- CVE-2021-25523Dec 8, 2021risk 0.00cvss —epss 0.00
Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID.
- CVE-2021-25522Dec 8, 2021risk 0.00cvss —epss 0.00
Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 allows attacker to access victim's captured images without permission.
- CVE-2021-25521Dec 8, 2021risk 0.00cvss —epss 0.00
Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet.
- CVE-2021-25520Dec 8, 2021risk 0.00cvss —epss 0.00
Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet.
- CVE-2021-25519Dec 8, 2021risk 0.00cvss —epss 0.00
An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission.
- CVE-2021-25518Dec 8, 2021risk 0.00cvss —epss 0.00
An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution.
- CVE-2021-25517Dec 8, 2021risk 0.00cvss —epss 0.00
An improper input validation vulnerability in LDFW prior to SMR Dec-2021 Release 1 allows attackers to perform arbitrary code execution.
- CVE-2021-25516Dec 8, 2021risk 0.00cvss —epss 0.00
An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations.
- CVE-2021-25515Dec 8, 2021risk 0.00cvss —epss 0.00
An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID.
- CVE-2021-25514Dec 8, 2021risk 0.00cvss —epss 0.00
An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to access sensitive information.
Page 33 of 45