Vendor CVEs
Samsung Mobile
All CVEs
2,204 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-25352 | 0.00 | — | 0.00 | Mar 25, 2021 | Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent. | |||
| CVE-2021-25351 | 0.00 | — | 0.00 | Mar 25, 2021 | Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password. | |||
| CVE-2021-25350 | 0.00 | — | 0.00 | Mar 25, 2021 | Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log. | |||
| CVE-2021-25349 | 0.00 | — | 0.00 | Mar 25, 2021 | Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via hijacking the PendingIntent. | |||
| CVE-2021-25348 | 0.00 | — | 0.00 | Mar 4, 2021 | Improper permission grant check in Samsung Internet prior to version 13.0.1.60 allows access to files in internal storage without authorized STORAGE permission. | |||
| CVE-2021-25346 | 0.00 | — | 0.01 | Mar 4, 2021 | A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution. | |||
| CVE-2021-25347 | 0.00 | — | 0.00 | Mar 4, 2021 | Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows attackers to intercept when the provider is executed. | |||
| CVE-2021-25345 | 0.00 | — | 0.00 | Mar 4, 2021 | Graphic format mismatch while converting video format in hwcomposer prior to SMR Mar-2021 Release 1 results in kernel panic due to unsupported format. | |||
| CVE-2021-25344 | 0.00 | — | 0.00 | Mar 4, 2021 | Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission. | |||
| CVE-2021-25343 | 0.00 | — | 0.00 | Mar 4, 2021 | Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider. | |||
| CVE-2021-25342 | 0.00 | — | 0.00 | Mar 4, 2021 | Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider. | |||
| CVE-2021-25341 | 0.00 | — | 0.00 | Mar 4, 2021 | Calling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actions including denial of service attack by hijacking the provider. | |||
| CVE-2021-25340 | 0.00 | — | 0.00 | Mar 4, 2021 | Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to change in arbitrary settings during Initialization State. | |||
| CVE-2021-25339 | 0.00 | — | 0.00 | Mar 4, 2021 | Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory. | |||
| CVE-2021-25338 | 0.00 | — | 0.00 | Mar 4, 2021 | Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to write certain part of RKP EL2 memory region. | |||
| CVE-2021-25336 | 0.00 | — | 0.00 | Mar 4, 2021 | Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted malicious intent. | |||
| CVE-2021-25335 | 0.00 | — | 0.00 | Mar 4, 2021 | Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscreen in specific condition. | |||
| CVE-2021-25334 | 0.00 | — | 0.00 | Mar 4, 2021 | Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 allows untrusted application to cause permanent denial of service. | |||
| CVE-2021-25333 | 0.00 | — | 0.00 | Mar 4, 2021 | Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code. | |||
| CVE-2021-25332 | 0.00 | — | 0.00 | Mar 4, 2021 | Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to contacts information over the lockscreen in specific condition. | |||
| CVE-2021-25331 | 0.00 | — | 0.00 | Mar 4, 2021 | Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen in specific condition. | |||
| CVE-2021-25330 | 0.00 | — | 0.00 | Mar 2, 2021 | Calling of non-existent provider in MobileWips application prior to SMR Feb-2021 Release 1 allows unauthorized actions including denial of service attack by hijacking the provider. | |||
| CVE-2021-27901 | 0.00 | — | 0.00 | Mar 2, 2021 | An issue was discovered on LG mobile devices with Android OS 11 software. They mishandle fingerprint recognition because local high beam mode (LHBM) does not function properly during bright illumination. The LG ID is LVE-SMP-210001 (March 2021). | |||
| CVE-2021-0305 | 0.00 | — | 0.01 | Feb 10, 2021 | In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2021-22495 | 0.00 | — | 0.00 | Jan 5, 2021 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) (Exynos chipsets) software. The Mali GPU driver allows out-of-bounds access and a device reset. The Samsung ID is SVE-2020-19174 (January 2021). | |||
| CVE-2021-22494 | 0.00 | — | 0.00 | Jan 5, 2021 | An issue was discovered in the fingerprint scanner on Samsung Note20 mobile devices with Q(10.0) software. When a screen protector is used, the required image compensation is not present. Consequently, inversion can occur during fingerprint enrollment, and a high False… | |||
| CVE-2020-35693 | 0.00 | — | 0.00 | Dec 24, 2020 | On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device's Bluetooth is on, and it is… | |||
| CVE-2020-35549 | 0.00 | — | 0.00 | Dec 18, 2020 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Any application may establish itself as the default dialer, without user interaction. The Samsung ID is SVE-2020-19172 (December 2020). | |||
| CVE-2020-35550 | 0.00 | — | 0.01 | Dec 18, 2020 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via StatusBar. The Samsung ID is SVE-2020-17888 (December 2020). | |||
| CVE-2020-35551 | 0.00 | — | 0.00 | Dec 18, 2020 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to CVE-2020-13799. The Samsung… | |||
| CVE-2020-35553 | 0.00 | — | 0.00 | Dec 18, 2020 | An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Qualcomm SM8250 chipsets) software. They allows attackers to cause a denial of service (unlock failure) by triggering a power-shortage incident that causes a false-positive attack detection. The Samsung… | |||
| CVE-2020-35555 | 0.00 | — | 0.00 | Dec 18, 2020 | An issue was discovered on LG mobile devices with Android OS 10 software. When a dual-screen configuration is supported, the device does not lock upon disconnection of a call with the cover closed. The LG ID is LVE-SMP-200027 (December 2020). | |||
| CVE-2020-28340 | 0.00 | — | 0.00 | Nov 8, 2020 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via Secure Folder. The Samsung ID is SVE-2020-18546 (November 2020). | |||
| CVE-2020-28341 | 0.00 | — | 0.00 | Nov 8, 2020 | An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos990 chipsets) software. The S3K250AF Secure Element CC EAL 5+ chip allows attackers to execute arbitrary code and obtain sensitive information via a buffer overflow. The Samsung ID is SVE-2020-18632 (November… | |||
| CVE-2020-0415 | 0.00 | — | 0.00 | Oct 14, 2020 | In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product:… | |||
| CVE-2020-7811 | 0.00 | — | 0.01 | Oct 12, 2020 | Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication | |||
| CVE-2020-26600 | 0.00 | — | 0.00 | Oct 6, 2020 | An issue was discovered on Samsung mobile devices with Q(10.0) software. Auto Hotspot allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (October 2020). | |||
| CVE-2020-26601 | 0.00 | — | 0.00 | Oct 6, 2020 | An issue was discovered in DirEncryptService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privileged action via a modified intent. The Samsung ID is SVE-2020-18034… | |||
| CVE-2020-26602 | 0.00 | — | 0.00 | Oct 6, 2020 | An issue was discovered in EthernetNetwork on Samsung mobile devices with O(8.1), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows sdcard access by an unprivileged process. The Samsung ID is SVE-2020-18392 (October 2020). | |||
| CVE-2020-26604 | 0.00 | — | 0.00 | Oct 6, 2020 | An issue was discovered in SystemUI on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows an unprivileged process to access contact numbers. The Samsung ID is SVE-2020-18467 (October 2020). | |||
| CVE-2020-26606 | 0.00 | — | 0.00 | Oct 6, 2020 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. An attacker can access certain Secure Folder content via a debugging command. The Samsung ID is SVE-2020-18673 (October 2020). | |||
| CVE-2020-26607 | 0.00 | — | 0.00 | Oct 6, 2020 | An issue was discovered in TimaService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privileged action via a modified intent. The Samsung ID is SVE-2020-18418 (October… | |||
| CVE-2020-26603 | 0.00 | — | 0.00 | Oct 6, 2020 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Sticker Center allows directory traversal for an unprivileged process to read arbitrary files. The Samsung ID is SVE-2020-18433 (October 2020). | |||
| CVE-2020-26599 | 0.00 | — | 0.00 | Oct 6, 2020 | An issue was discovered on Samsung mobile devices with Q(10.0) software. The DynamicLockscreen Terms and Conditions can be accepted without authentication. The Samsung ID is SVE-2020-17079 (October 2020). | |||
| CVE-2020-0276 | 0.00 | — | 0.00 | Sep 18, 2020 | In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:… | |||
| CVE-2020-0334 | 0.00 | — | 0.00 | Sep 18, 2020 | In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2020-25283 | 0.00 | — | 0.00 | Sep 11, 2020 | An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. BT manager allows attackers to bypass intended access restrictions on a certain mode. The LG ID is LVE-SMP-200021 (September 2020). | |||
| CVE-2020-25280 | 0.00 | — | 0.00 | Sep 11, 2020 | An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos and MediaTek chipsets) software. Unauthenticated attackers can execute LTE/5G commands by sending a debugging command over USB. The Samsung ID is SVE-2020-16979 (September 2020). | |||
| CVE-2020-25279 | 0.00 | — | 0.01 | Sep 11, 2020 | An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The baseband component has a buffer overflow via an abnormal SETUP message, leading to execution of arbitrary code. The Samsung ID is SVE-2020-18098 (September 2020). | |||
| CVE-2020-25063 | 0.00 | — | 0.00 | Aug 31, 2020 | An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. An application crash can occur because of incorrect application-level input validation. The LG ID is LVE-SMP-200018 (July 2020). |
- CVE-2021-25352Mar 25, 2021risk 0.00cvss —epss 0.00
Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent.
- CVE-2021-25351Mar 25, 2021risk 0.00cvss —epss 0.00
Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password.
- CVE-2021-25350Mar 25, 2021risk 0.00cvss —epss 0.00
Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log.
- CVE-2021-25349Mar 25, 2021risk 0.00cvss —epss 0.00
Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via hijacking the PendingIntent.
- CVE-2021-25348Mar 4, 2021risk 0.00cvss —epss 0.00
Improper permission grant check in Samsung Internet prior to version 13.0.1.60 allows access to files in internal storage without authorized STORAGE permission.
- CVE-2021-25346Mar 4, 2021risk 0.00cvss —epss 0.01
A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution.
- CVE-2021-25347Mar 4, 2021risk 0.00cvss —epss 0.00
Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows attackers to intercept when the provider is executed.
- CVE-2021-25345Mar 4, 2021risk 0.00cvss —epss 0.00
Graphic format mismatch while converting video format in hwcomposer prior to SMR Mar-2021 Release 1 results in kernel panic due to unsupported format.
- CVE-2021-25344Mar 4, 2021risk 0.00cvss —epss 0.00
Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission.
- CVE-2021-25343Mar 4, 2021risk 0.00cvss —epss 0.00
Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider.
- CVE-2021-25342Mar 4, 2021risk 0.00cvss —epss 0.00
Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider.
- CVE-2021-25341Mar 4, 2021risk 0.00cvss —epss 0.00
Calling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actions including denial of service attack by hijacking the provider.
- CVE-2021-25340Mar 4, 2021risk 0.00cvss —epss 0.00
Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to change in arbitrary settings during Initialization State.
- CVE-2021-25339Mar 4, 2021risk 0.00cvss —epss 0.00
Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory.
- CVE-2021-25338Mar 4, 2021risk 0.00cvss —epss 0.00
Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to write certain part of RKP EL2 memory region.
- CVE-2021-25336Mar 4, 2021risk 0.00cvss —epss 0.00
Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted malicious intent.
- CVE-2021-25335Mar 4, 2021risk 0.00cvss —epss 0.00
Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscreen in specific condition.
- CVE-2021-25334Mar 4, 2021risk 0.00cvss —epss 0.00
Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 allows untrusted application to cause permanent denial of service.
- CVE-2021-25333Mar 4, 2021risk 0.00cvss —epss 0.00
Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code.
- CVE-2021-25332Mar 4, 2021risk 0.00cvss —epss 0.00
Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to contacts information over the lockscreen in specific condition.
- CVE-2021-25331Mar 4, 2021risk 0.00cvss —epss 0.00
Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen in specific condition.
- CVE-2021-25330Mar 2, 2021risk 0.00cvss —epss 0.00
Calling of non-existent provider in MobileWips application prior to SMR Feb-2021 Release 1 allows unauthorized actions including denial of service attack by hijacking the provider.
- CVE-2021-27901Mar 2, 2021risk 0.00cvss —epss 0.00
An issue was discovered on LG mobile devices with Android OS 11 software. They mishandle fingerprint recognition because local high beam mode (LHBM) does not function properly during bright illumination. The LG ID is LVE-SMP-210001 (March 2021).
- CVE-2021-0305Feb 10, 2021risk 0.00cvss —epss 0.01
In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…
- CVE-2021-22495Jan 5, 2021risk 0.00cvss —epss 0.00
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) (Exynos chipsets) software. The Mali GPU driver allows out-of-bounds access and a device reset. The Samsung ID is SVE-2020-19174 (January 2021).
- CVE-2021-22494Jan 5, 2021risk 0.00cvss —epss 0.00
An issue was discovered in the fingerprint scanner on Samsung Note20 mobile devices with Q(10.0) software. When a screen protector is used, the required image compensation is not present. Consequently, inversion can occur during fingerprint enrollment, and a high False…
- CVE-2020-35693Dec 24, 2020risk 0.00cvss —epss 0.00
On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device's Bluetooth is on, and it is…
- CVE-2020-35549Dec 18, 2020risk 0.00cvss —epss 0.00
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Any application may establish itself as the default dialer, without user interaction. The Samsung ID is SVE-2020-19172 (December 2020).
- CVE-2020-35550Dec 18, 2020risk 0.00cvss —epss 0.01
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via StatusBar. The Samsung ID is SVE-2020-17888 (December 2020).
- CVE-2020-35551Dec 18, 2020risk 0.00cvss —epss 0.00
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to CVE-2020-13799. The Samsung…
- CVE-2020-35553Dec 18, 2020risk 0.00cvss —epss 0.00
An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Qualcomm SM8250 chipsets) software. They allows attackers to cause a denial of service (unlock failure) by triggering a power-shortage incident that causes a false-positive attack detection. The Samsung…
- CVE-2020-35555Dec 18, 2020risk 0.00cvss —epss 0.00
An issue was discovered on LG mobile devices with Android OS 10 software. When a dual-screen configuration is supported, the device does not lock upon disconnection of a call with the cover closed. The LG ID is LVE-SMP-200027 (December 2020).
- CVE-2020-28340Nov 8, 2020risk 0.00cvss —epss 0.00
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via Secure Folder. The Samsung ID is SVE-2020-18546 (November 2020).
- CVE-2020-28341Nov 8, 2020risk 0.00cvss —epss 0.00
An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos990 chipsets) software. The S3K250AF Secure Element CC EAL 5+ chip allows attackers to execute arbitrary code and obtain sensitive information via a buffer overflow. The Samsung ID is SVE-2020-18632 (November…
- CVE-2020-0415Oct 14, 2020risk 0.00cvss —epss 0.00
In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product:…
- CVE-2020-7811Oct 12, 2020risk 0.00cvss —epss 0.01
Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication
- CVE-2020-26600Oct 6, 2020risk 0.00cvss —epss 0.00
An issue was discovered on Samsung mobile devices with Q(10.0) software. Auto Hotspot allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (October 2020).
- CVE-2020-26601Oct 6, 2020risk 0.00cvss —epss 0.00
An issue was discovered in DirEncryptService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privileged action via a modified intent. The Samsung ID is SVE-2020-18034…
- CVE-2020-26602Oct 6, 2020risk 0.00cvss —epss 0.00
An issue was discovered in EthernetNetwork on Samsung mobile devices with O(8.1), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows sdcard access by an unprivileged process. The Samsung ID is SVE-2020-18392 (October 2020).
- CVE-2020-26604Oct 6, 2020risk 0.00cvss —epss 0.00
An issue was discovered in SystemUI on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows an unprivileged process to access contact numbers. The Samsung ID is SVE-2020-18467 (October 2020).
- CVE-2020-26606Oct 6, 2020risk 0.00cvss —epss 0.00
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. An attacker can access certain Secure Folder content via a debugging command. The Samsung ID is SVE-2020-18673 (October 2020).
- CVE-2020-26607Oct 6, 2020risk 0.00cvss —epss 0.00
An issue was discovered in TimaService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privileged action via a modified intent. The Samsung ID is SVE-2020-18418 (October…
- CVE-2020-26603Oct 6, 2020risk 0.00cvss —epss 0.00
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Sticker Center allows directory traversal for an unprivileged process to read arbitrary files. The Samsung ID is SVE-2020-18433 (October 2020).
- CVE-2020-26599Oct 6, 2020risk 0.00cvss —epss 0.00
An issue was discovered on Samsung mobile devices with Q(10.0) software. The DynamicLockscreen Terms and Conditions can be accepted without authentication. The Samsung ID is SVE-2020-17079 (October 2020).
- CVE-2020-0276Sep 18, 2020risk 0.00cvss —epss 0.00
In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:…
- CVE-2020-0334Sep 18, 2020risk 0.00cvss —epss 0.00
In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2020-25283Sep 11, 2020risk 0.00cvss —epss 0.00
An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. BT manager allows attackers to bypass intended access restrictions on a certain mode. The LG ID is LVE-SMP-200021 (September 2020).
- CVE-2020-25280Sep 11, 2020risk 0.00cvss —epss 0.00
An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos and MediaTek chipsets) software. Unauthenticated attackers can execute LTE/5G commands by sending a debugging command over USB. The Samsung ID is SVE-2020-16979 (September 2020).
- CVE-2020-25279Sep 11, 2020risk 0.00cvss —epss 0.01
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The baseband component has a buffer overflow via an abnormal SETUP message, leading to execution of arbitrary code. The Samsung ID is SVE-2020-18098 (September 2020).
- CVE-2020-25063Aug 31, 2020risk 0.00cvss —epss 0.00
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. An application crash can occur because of incorrect application-level input validation. The LG ID is LVE-SMP-200018 (July 2020).
Page 37 of 45