CVSS: 6.5EPSS: 0%CPEs: 29EXPL: 1CVE-2020-6616 – Apple Security Advisory 2020-05-26-1
https://notcve.org/view.php?id=CVE-2020-6616
08 May 2020 — Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020). Algunos chips Broadcom manejan inapropiadamente la generación de números aleatorios de Bluetooth porque es usado un Pseudo Random Numb... • http://bluetooth.lol •
CVSS: 2.4EPSS: 0%CPEs: 10EXPL: 0CVE-2018-21073
https://notcve.org/view.php?id=CVE-2018-21073
08 Apr 2020 — An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) (Galaxy S9+, Galaxy S9, Galaxy S8+, Galaxy S8, Note 8). There is access to Clipboard content in the locked state via the Edge panel. The Samsung ID is SVE-2017-10748 (May 2018). Se detectó un problema en dispositivos móviles Samsung con versiones de software N(7.x) y O(8.0) (Galaxy S9+, Galaxy S9, Galaxy S8+, Galaxy S8, Note 8). Se presenta un acceso al contenido del Clipboard en el estado bloqueado por medio del panel Edge. • https://security.samsungmobile.com/securityUpdate.smsb • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2020-10847
https://notcve.org/view.php?id=CVE-2020-10847
24 Mar 2020 — An issue was discovered on Samsung mobile devices with P(9.0) (Galaxy S8 and Note8) software. Facial recognition can be spoofed. The Samsung ID is SVE-2019-16614 (February 2020). Se detectó un problema en dispositivos móviles Samsung con versión de software P(9.0) (Galaxy S8 y Note8). El reconocimiento facial puede ser falsificado. • https://security.samsungmobile.com/securityUpdate.smsb • CWE-287: Improper Authentication •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-19273
https://notcve.org/view.php?id=CVE-2019-19273
04 Feb 2020 — On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265. En dispositivos móviles Samsung con versiones de software O(8.0) y P(9.0) y un chipset Exynos versión 8895, RKP (también se conoce como la implementación Samsung Hypervisor EL2) permite operaciones de escritura de memoria arbitrarias. El ID de Samsung es SVE-2019-16265. • https://census-labs.com/news/2020/10/08/samsung-hypervisor-rkp-arbitrary-zero-write • CWE-787: Out-of-bounds Write •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-16401
https://notcve.org/view.php?id=CVE-2019-16401
06 Nov 2019 — Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow injection of AT+CIMI and AT+CGSN over Bluetooth, leaking sensit... • https://www.openconf.org/acsac2019/modules/request.php?module=oc_program&action=summary.php&id=210 •
CVSS: 6.5EPSS: 0%CPEs: 6EXPL: 0CVE-2019-16400
https://notcve.org/view.php?id=CVE-2019-16400
06 Nov 2019 — Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow attackers to send AT commands over Bluetooth, resulting in seve... • https://www.openconf.org/acsac2019/modules/request.php?module=oc_program&action=summary.php&id=210 •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0CVE-2018-14318 – (Pwn2own) Samsung Galaxy S8 Shannon GPRS Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2018-14318
21 Sep 2018 — This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S8 G950FXXU1AQL5. User interaction is required to exploit this vulnerability in that the target must have their cellular radios enabled. The specific flaw exists within the handling of IPCP headers. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to exe... • https://zerodayinitiative.com/advisories/ZDI-18-1077 • CWE-20: Improper Input Validation CWE-121: Stack-based Buffer Overflow •