Information exposure in Calendar prior to version 12.3.05.10000 allows attacker to access calendar schedule without READ_CALENDAR permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unprotected intent broadcasting. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attackers to change preferred network type by unprotected binder call. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.
Nautilus treadmills T616 S/N 100672PRO21140001 through 100672PRO21171980 and T618 S/N 100647PRO21130111 through 100647PRO21183960 with software before 2022-06-09 allow physically proximate attackers. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.
Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.
Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. Rated low severity (CVSS 2.3), this vulnerability is low attack complexity. No vendor patch available.