A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process.
A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.
Calling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actions including denial of service attack by hijacking the provider.
Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message.
Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token.
Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption between UE and gNodeB.
Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S Pen gesture.
Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature.
Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked.
Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service.
Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attacker to execute privileged action.
Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed.
Improper MDM policy management vulnerability in KME module prior to KCS version 1.39 allows MDM users to bypass Knox Manage authentication.
Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.
Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event.
Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness.
src/net/http/http_transaction_winhttp.cc in Google Chrome before 1.0.154.53 uses the HTTP Host header to determine the context of a document provided in a (1) 4xx or (2) 5xx CONNECT response from a proxy server, which allows man-in-the-middle attackers to execute arbitrary web script by modifying this CONNECT response, aka an "SSL tampering" attack.
Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner.
there is a possible permission bypass due to Debug certs being allowlisted. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
In the Secure File System in all Android releases from CAF using the Linux kernel, a capture-replay vulnerability could potentially exist.
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. When biometric authentication is disabled, an attacker can view Streams content (e.g., a Gallery slideshow) of a locked Secure Folder via a connection to an external device. The Samsung ID is SVE-2018-11766 (August 2018).
Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair with devices.
Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction.
Improper input validation in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to trigger abnormal behavior.
Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.
Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to enter MTP mode without proper authentication.
Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.
Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut.
Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call.
Improper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker to bypass password confirm activity by hijacking the implicit intent.
Inappropriate implementation in the ChromeOS Readiness Tool installer on Windows prior to 1.0.2.0 loosens DCOM access rights on two objects allowing an attacker to potentially bypass discretionary access controls.
Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider.
Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication.
Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows attackers to intercept when the provider is executed.
Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider.
Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted application to access internal files in Samsung Internet.
In Medtronic Valleylab FT10 Energy Platform (VLFT10GEN) version 2.1.0 and lower and version 2.0.3 and lower, and Valleylab LS10 Energy Platform (VLLS10GEN—not available in the United States) version 1.20.2 and lower, the RFID security mechanism used for authentication between the FT10/LS10 Energy Platform and instruments can be bypassed, allowing for inauthentic instruments to connect to the generator.
An issue existed with authenticating the action triggered by an NFC tag. The issue was addressed with improved action authentication. This issue is fixed in iOS 14.5 and iPadOS 14.5. A person with physical access to an iOS device may be able to place phone calls to any phone number.
An authentication bypass flaw has been found in PackageKit before 1.1.10 that allows users without administrator privileges to install signed packages. A local attacker can use this vulnerability to install vulnerable packages to further compromise a system.
Huawei P20 smartphones with versions earlier than 10.0.0.156(C00E156R1P4) have an improper authentication vulnerability. The vulnerability is due to that when an user wants to do certain operation, the software insufficiently validate the user's identity. Attackers need to physically access the smartphone to exploit this vulnerability. Successful exploit could allow the attacker to bypass the limit of student mode function.
Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.4 allows a local, unauthenticated attacker to pair a rogue keypad to an armed system.
An authentication issue was addressed with improved state management. This issue is fixed in tvOS 15.5. A local user may be able to enable iCloud Photos without authentication.
Some Huawei smart phones with software Berlin-L21C10B130,Berlin-L21C185B133,Berlin-L21HNC10B131,Berlin-L21HNC185B140,Berlin-L21HNC432B151,Berlin-L22C636B160,Berlin-L22HNC636B130,Berlin-L22HNC675B150CUSTC675D001,Berlin-L23C605B131,Berlin-L24HNC567B110,FRD-L02C432B120,FRD-L02C635B130,FRD-L02C675B170CUSTC675D001,FRD-L04C567B162,FRD-L04C605B131,FRD-L09C10B130,FRD-L09C185B130,FRD-L09C432B131,FRD-L09C636B130,FRD-L14C567B162,FRD-L19C10B130,FRD-L19C432B131,FRD-L19C636B130 have a factory Reset Protection (FRP) bypass security vulnerability. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by Swype Keyboard and can perform some operations to update the Google account. As a result, the FRP function is bypassed.
IBM Cognos Analytics 11.0 could allow a local user to change parameters set from the Cognos Analytics menus without proper authentication. IBM X-Force ID: 136857.
HUAWEI P30 smartphones with versions earlier than 10.1.0.135(C00E135R2P11) have an improper authentication vulnerability. A logic error occurs when handling NFC work, an attacker should establish a NFC connection to the target phone, and then do a series of operations on the target phone. Successful exploit could allow a guest user do certain operation which is beyond the guest user's privilege.
HUAWEI Mate 20 Pro smartphones versions earlier than 10.0.0.175(C00E69R3P8) have an improper authentication vulnerability. The software does not sufficiently validate the name of apk file in a special condition which could allow an attacker to forge a crafted application as a normal one. Successful exploit could allow the attacker to bypass digital balance function.
Authentication bypass using an alternate path or channel in SimpliSafe SS3 firmware 1.0-1.3 allows a local, unauthenticated attacker to pair a rogue keypad to an armed system.
GNOME NetworkManager before 0.8.6 does not properly enforce the auth_admin element in PolicyKit, which allows local users to bypass intended wireless network sharing restrictions via unspecified vectors.
The Motorola MM1000 device configuration portal can be accessed without authentication, which could allow adapter settings to be modified.
The currency dispenser of NCR SelfSev ATMs running APTRA XFS 05.01.00 or earlier does not adequately authenticate session key generation requests from the host computer, allowing an attacker with physical access to internal ATM components to issue valid commands to dispense currency by generating a new session key that the attacker knows.