CVSS: 2.4EPSS: 0%CPEs: 10EXPL: 0CVE-2018-21073
https://notcve.org/view.php?id=CVE-2018-21073
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) (Galaxy S9+, Galaxy S9, Galaxy S8+, Galaxy S8, Note 8). There is access to Clipboard content in the locked state via the Edge panel. The Samsung ID is SVE-2017-10748 (May 2018). Se detectó un problema en dispositivos móviles Samsung con versiones de software N(7.x) y O(8.0) (Galaxy S9+, Galaxy S9, Galaxy S8+, Galaxy S8, Note 8). Se presenta un acceso al contenido del Clipboard en el estado bloqueado por medio del panel Edge. • https://security.samsungmobile.com/securityUpdate.smsb • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2019-20564
https://notcve.org/view.php?id=CVE-2019-20564
An issue was discovered on Samsung mobile devices with any (before October 2019 for S9 or Note9) software. Attackers can manipulate the IMEI. The Samsung ID is SVE-2019-15435 (October 2019). Se detectó un problema en dispositivos móviles Samsung con cualquier versión de software (antes de Octubre de 2019 para S9 o Note9). Los atacantes pueden manipular el IMEI. • https://security.samsungmobile.com/securityUpdate.smsb •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2019-6744 – Samsung Knox Secure Folder Lock Screen Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2019-6744
This vulnerability allows local attackers to disclose sensitive information on affected installations of Samsung Knox 1.2.02.39 on Samsung Galaxy S9 build G9600ZHS3ARL1 Secure Folder. An attacker must first obtain physical access to the device in order to exploit this vulnerability. The specific flaws exists within the the handling of the lock screen for Secure Folder. The issue results from the lack of proper validation that a user has correctly authenticated. An attacker can leverage this vulnerability to disclose the contents of the secure container. • https://security.samsungmobile.com/securityUpdate.smsb https://www.zerodayinitiative.com/advisories/ZDI-19-515 • CWE-284: Improper Access Control CWE-287: Improper Authentication •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 1CVE-2019-12087
https://notcve.org/view.php?id=CVE-2019-12087
Samsung S9+, S10, and XCover 4 P(9.0) devices can become temporarily inoperable because of an unprotected intent in the ContainerAgent application. For example, the victim becomes stuck in a launcher with their Secure Folder locked. NOTE: the researcher mentions "the Samsung Security Team considered this issue as no/little security impact. ** EN DISPUTA ** Los dispositivos Samsung S9+, S10 y XCover 4 P(9.0) pueden quedar temporalmente inutilizados debido a un intent desprotegido en la aplicación ContainerAgent. Por ejemplo, la víctima queda atrapada en un lanzador con su Carpeta Segura bloqueada. NOTA: el investigador menciona que "el equipo de seguridad de Samsung consideró que este asunto no tenía ningún impacto en la seguridad". • https://github.com/fs0c131y/SamsungLocker • CWE-399: Resource Management Errors •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2019-6740 – Samsung Galaxy S9 ASN.1 Heap-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2019-6740
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ASN.1 parser. When parsing ASN.1 strings, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://www.zerodayinitiative.com/advisories/ZDI-19-253 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •