Multiple unspecified vulnerabilities in Google Chrome before 10.0.648.127 allow remote attackers to bypass the pop-up blocker via unknown vectors.
Improper access control in accessing system device node prior to SMR Aug-2025 Release 1 allows local attackers to access device identifier.
Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.
A spoofing vulnerability can occur when a malicious site with an extremely long domain name is opened in an Android Custom Tab (a browser panel inside another app) and the default browser is Firefox for Android. This could allow an attacker to spoof which page is actually loaded and in use. Note: this issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 59.
Improper access control vulnerability in RCS call prior to SMR Dec-2022 Release 1 allows local attackers to access RCS incoming call number.
Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.
Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log.
Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.
Insecure storage of sensitive information in Emergency SOS prior to SMR Jul-2025 Release 1 allows local attackers to access sensitive information.
Use of implicit intent for sensitive communication in EasySetup prior to version 11.1.18 allows local attackers to access sensitive information.
Improper access control in PushNotification prior to version 13.0.00.15 in Android 12, 14.0.00.7 in Android 13, and 15.1.00.5 in Android 14 allows local attackers to access sensitive information.
Improper handling of insufficient permission in SpenGesture service prior to SMR May-2025 Release 1 allows local attackers to track the S Pen position.
Use of implicit intent for sensitive communication in Settings prior to SMR Mar-2025 Release 1 allows local attackers to access sensitive information.
Out-of-bound read in libsecimaging.camera.samsung.so prior to SMR Feb-2025 Release 1 allows local attackers to read out-of-bounds memory.
Use of implicit intent for sensitive communication in SamsungNotes prior to version 4.4.26.45 allows local attackers to access sensitive information.
Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 allows attacker to access contact information.
A possible buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution.
Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID.
Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action.
An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission.
Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast.
Improper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.2.12.22101351 allows attackers to access wearable device information.
The location bar in Firefox for Android can be spoofed by forcing a user into fullscreen mode, blocking its exiting, and creating of a fake location bar without any user notification. Note: This issue only affects Firefox for Android. Other versions and operating systems are unaffected. This vulnerability affects Firefox < 50.
Improper access control vulnerability in IIccPhoneBook prior to SMR Dec-2022 Release 1 allows attackers to access some information of usim.
Improper MDM policy management vulnerability in KME module prior to KCS version 1.39 allows MDM users to bypass Knox Manage authentication.
Improper access control vulnerability in ContactListStartActivityHelper in Phone prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit intent.
Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event.
An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications.
Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path.
Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview.
Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read.
Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action.
Improper access control vulnerability in Smart Touch Call prior to version 1.0.0.5 allows arbitrary webpage loading in webview.
core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing.
Google Chrome before 7.0.517.41 does not properly implement the autofill and autocomplete functionality, which allows remote attackers to conduct "profile spamming" attacks via unspecified vectors.
Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows local attackers to get sensitive information.
In the LG LAF component, there is a special command that allowed modification of certain partitions. This could lead to bypass of secure boot. User interaction is not needed for exploitation.
Out-of-bounds read in uuid parsing in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.
Out-of-bounds read in parsing object header in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.
Out-of-bounds read in parsing textbox object in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.
Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to access information related to performance including app usage.
Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows local attackers to configure default Message application.
Improper access control in System property prior to SMR Aug-2024 Release 1 allows local attackers to access cell related information.
Out-of-bounds read in parsing connected object list in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.
Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate.
Improper access control in system property prior to SMR Jul-2024 Release 1 allows local attackers to get device identifier.
Out-of-bounds read in Samsung Notes allows local attackers to bypass ASLR.
Improper input validation in Tips prior to version 6.2.9.4 in Android 14 allows local attacker to send broadcast with Tips' privilege.