VYPR

mobile devices

by Samsung Mobile

CVEs (911)

  • CVE-2021-25382MedApr 23, 2021
    risk 0.40cvss 6.1epss 0.00

    An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command.

  • CVE-2021-25344MedMar 4, 2021
    risk 0.40cvss 6.2epss 0.00

    Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission.

  • CVE-2018-21045MedApr 8, 2020
    risk 0.40cvss 6.2epss 0.00

    An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) software. There is Clipboard access in the lockscreen state via a copy-and-paste action. The Samsung ID is SVE-2018-13381 (December 2018).

  • CVE-2019-20569MedMar 24, 2020
    risk 0.40cvss 6.2epss 0.00

    An issue was discovered on Samsung mobile devices with P(9.0) software. Attackers can bypass Factory Reset Protection (FRP) via the status bar. The Samsung ID is SVE-2019-15089 (September 2019).

  • CVE-2019-20554MedMar 24, 2020
    risk 0.40cvss 6.2epss 0.00

    An issue was discovered on Samsung mobile devices with O(8.x) software. Attackers can bypass Factory Reset Protection (FRP) via an external keyboard. The Samsung ID is SVE-2019-15164 (October 2019).

  • CVE-2023-42558MedDec 5, 2023
    risk 0.39cvss 6.0epss 0.00

    Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1 allows attacker to perform code execution.

  • CVE-2023-21500MedMay 4, 2023
    risk 0.39cvss 6.0epss 0.00

    Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory.

  • CVE-2023-21498MedMay 4, 2023
    risk 0.39cvss 6.0epss 0.00

    Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory.

  • CVE-2023-21453MedMar 16, 2023
    risk 0.39cvss 6.0epss 0.00

    Improper input validation vulnerability in SoftSim TA prior to SMR Mar-2023 Release 1 allows local attackers access to protected data.

  • CVE-2021-25490MedOct 6, 2021
    risk 0.39cvss 6.0epss 0.01

    A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process.

  • CVE-2021-25469MedOct 6, 2021
    risk 0.39cvss 6.0epss 0.00

    A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution.

  • CVE-2023-42570MedDec 5, 2023
    risk 0.38cvss 5.9epss 0.00

    Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN.

  • CVE-2023-42538MedNov 7, 2023
    risk 0.38cvss 5.9epss 0.00

    An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.

  • CVE-2023-42532MedNov 7, 2023
    risk 0.38cvss 5.9epss 0.00

    Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information.

  • CVE-2023-21455MedMar 16, 2023
    risk 0.38cvss 5.9epss 0.00

    Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message.

  • CVE-2023-21421MedFeb 9, 2023
    risk 0.38cvss 5.9epss 0.00

    Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.

  • CVE-2022-39886MedNov 9, 2022
    risk 0.38cvss 5.9epss 0.00

    Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information.

  • CVE-2022-39885MedNov 9, 2022
    risk 0.38cvss 5.9epss 0.00

    Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information.

  • CVE-2022-39879MedNov 9, 2022
    risk 0.38cvss 5.9epss 0.00

    Improper authorization vulnerability in?CallBGProvider prior to SMR Nov-2022 Release 1 allows local attacker to grant permission for accessing information with phone uid.

  • CVE-2022-36868MedOct 7, 2022
    risk 0.38cvss 5.9epss 0.00

    Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device.

Page 16 of 46