VYPR

mobile devices

by Samsung Mobile

CVEs (911)

  • CVE-2023-42527MedNov 7, 2023
    risk 0.36cvss 5.6epss 0.00

    Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information.

  • CVE-2023-30732MedOct 4, 2023
    risk 0.36cvss 5.5epss 0.00

    Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number.

  • CVE-2023-30698MedAug 10, 2023
    risk 0.36cvss 5.5epss 0.00

    Improper access control vulnerability in TelephonyUI prior to SMR Aug-2023 Release 1 allows local attacker to connect BLE without privilege.

  • CVE-2023-21504MedMay 4, 2023
    risk 0.36cvss 5.6epss 0.01

    Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.

  • CVE-2023-21503MedMay 4, 2023
    risk 0.36cvss 5.6epss 0.01

    Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.

  • CVE-2023-21494MedMay 4, 2023
    risk 0.36cvss 5.6epss 0.01

    Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.

  • CVE-2022-25815MedMar 10, 2022
    risk 0.36cvss 5.5epss 0.00

    PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.

  • CVE-2022-25814MedMar 10, 2022
    risk 0.36cvss 5.5epss 0.00

    PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.

  • CVE-2022-22291MedFeb 11, 2022
    risk 0.36cvss 5.5epss 0.00

    Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device.

  • CVE-2022-22271MedJan 10, 2022
    risk 0.36cvss 5.5epss 0.00

    A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory.

  • CVE-2021-25488MedOct 6, 2021
    risk 0.36cvss 5.5epss 0.00

    Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read.

  • CVE-2021-25456MedSep 9, 2021
    risk 0.36cvss 5.5epss 0.00

    OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.

  • CVE-2021-25452MedSep 9, 2021
    risk 0.36cvss 5.5epss 0.00

    An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device.

  • CVE-2021-25444MedAug 5, 2021
    risk 0.36cvss 5.5epss 0.01

    An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process.

  • CVE-2021-25415MedJun 11, 2021
    risk 0.36cvss 5.5epss 0.00

    Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable.

  • CVE-2021-25413MedJun 11, 2021
    risk 0.36cvss 5.5epss 0.00

    Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege.

  • CVE-2021-25357MedApr 9, 2021
    risk 0.36cvss 5.6epss 0.00

    A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged applications to access contact information.

  • CVE-2021-25334MedMar 4, 2021
    risk 0.36cvss 5.5epss 0.00

    Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 allows untrusted application to cause permanent denial of service.

  • CVE-2020-35549MedDec 18, 2020
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Any application may establish itself as the default dialer, without user interaction. The Samsung ID is SVE-2020-19172 (December 2020).

  • CVE-2020-15584MedJul 7, 2020
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered on Samsung mobile devices with Q(10.0) software. Attackers can trigger an out-of-bounds access and device reset via a 4K wallpaper image because ImageProcessHelper mishandles boundary checks. The Samsung ID is SVE-2020-18056 (July 2020).

Page 18 of 46