VYPR

mobile devices

by Samsung Mobile

CVEs (911)

  • CVE-2021-25396MedJun 11, 2021
    risk 0.44cvss 6.7epss 0.00

    An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution.

  • CVE-2021-25363MedApr 9, 2021
    risk 0.44cvss 6.8epss 0.00

    An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files.

  • CVE-2021-25362MedApr 9, 2021
    risk 0.44cvss 6.8epss 0.00

    An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local files.

  • CVE-2021-27901MedMar 2, 2021
    risk 0.44cvss 6.8epss 0.00

    An issue was discovered on LG mobile devices with Android OS 11 software. They mishandle fingerprint recognition because local high beam mode (LHBM) does not function properly during bright illumination. The LG ID is LVE-SMP-210001 (March 2021).

  • CVE-2020-25280MedSep 11, 2020
    risk 0.44cvss 6.8epss 0.00

    An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos and MediaTek chipsets) software. Unauthenticated attackers can execute LTE/5G commands by sending a debugging command over USB. The Samsung ID is SVE-2020-16979 (September 2020).

  • CVE-2019-20785MedApr 17, 2020
    risk 0.44cvss 6.8epss 0.00

    An issue was discovered on LG mobile devices with Android OS 8.0 and 8.1 software for the DTAG carrier. RILD in the radio layer uses an uninitialized variable. The LG ID is LVE-SMP-180013 (January 2019).

  • CVE-2018-21061MedApr 8, 2020
    risk 0.44cvss 6.8epss 0.00

    An issue was discovered on Samsung mobile devices with N(7.1) and O(8.x) software. A fake charger can execute critical functions in the locked state. The Samsung ID is SVE-2016-6341 (August 2018).

  • CVE-2019-20594MedMar 24, 2020
    risk 0.44cvss 6.8epss 0.00

    An issue was discovered on Samsung mobile devices with O(8.1) and P(9.0) (Exynos chipsets) software. A heap overflow exists in the bootloader. The Samsung ID is SVE-2019-14371 (July 2019).

  • CVE-2020-10839MedMar 24, 2020
    risk 0.44cvss 6.8epss 0.00

    An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Attackers can bypass Factory Reset Protection (FRP) via a SIM card. The Samsung ID is SVE-2019-16193 (February 2020).

  • CVE-2024-20819MedFeb 6, 2024
    risk 0.43cvss 6.6epss 0.00

    Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.

  • CVE-2024-20818MedFeb 6, 2024
    risk 0.43cvss 6.6epss 0.00

    Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.

  • CVE-2024-20817MedFeb 6, 2024
    risk 0.43cvss 6.6epss 0.00

    Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.

  • CVE-2023-42564MedDec 5, 2023
    risk 0.43cvss 6.6epss 0.00

    Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to send broadcast with system privilege.

  • CVE-2023-42533MedNov 7, 2023
    risk 0.43cvss 6.6epss 0.00

    Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel.

  • CVE-2022-27822MedApr 11, 2022
    risk 0.43cvss 6.6epss 0.00

    Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission.

  • CVE-2021-25393MedJun 11, 2021
    risk 0.43cvss 6.6epss 0.00

    Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data.

  • CVE-2022-39902MedDec 8, 2022
    risk 0.42cvss 6.5epss 0.01

    Improper authorization in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to get sensitive information including IMEI via emergency call.

  • CVE-2022-39901MedDec 8, 2022
    risk 0.42cvss 6.5epss 0.00

    Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption between UE and gNodeB.

  • CVE-2022-39854MedOct 7, 2022
    risk 0.42cvss 6.4epss 0.00

    Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory.

  • CVE-2022-25818MedMar 10, 2022
    risk 0.42cvss 6.5epss 0.00

    Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution.

Page 13 of 46