VYPR

mobile devices

by Samsung Mobile

CVEs (911)

  • CVE-2022-36845MedSep 9, 2022
    risk 0.29cvss 4.4epss 0.00

    A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

  • CVE-2022-36844MedSep 9, 2022
    risk 0.29cvss 4.4epss 0.00

    A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

  • CVE-2022-36843MedSep 9, 2022
    risk 0.29cvss 4.4epss 0.00

    A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

  • CVE-2022-36842MedSep 9, 2022
    risk 0.29cvss 4.4epss 0.00

    A heap-based overflow vulnerability in prepareRecogLibrary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

  • CVE-2022-36841MedSep 9, 2022
    risk 0.29cvss 4.4epss 0.00

    A heap-based overflow vulnerability in PrepareRecogLibrary_Part function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

  • CVE-2022-33721MedAug 5, 2022
    risk 0.29cvss 4.4epss 0.00

    A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege.

  • CVE-2022-33717MedAug 5, 2022
    risk 0.29cvss 4.4epss 0.00

    A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory.

  • CVE-2022-28793MedMay 3, 2022
    risk 0.29cvss 4.4epss 0.00

    Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first…

  • CVE-2022-27833MedApr 11, 2022
    risk 0.29cvss 4.4epss 0.00

    Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow.

  • CVE-2022-27574MedApr 11, 2022
    risk 0.29cvss 4.4epss 0.00

    Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker.

  • CVE-2022-27573MedApr 11, 2022
    risk 0.29cvss 4.4epss 0.00

    Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers.

  • CVE-2022-24925MedFeb 11, 2022
    risk 0.29cvss 4.4epss 0.00

    Improper input validation vulnerability in SettingsProvider prior to Android S(12) allows privileged attackers to trigger a permanent denial of service attack on a victim's devices.

  • CVE-2022-23426MedFeb 11, 2022
    risk 0.29cvss 4.4epss 0.00

    A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege.

  • CVE-2022-22270MedJan 10, 2022
    risk 0.29cvss 4.4epss 0.00

    An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information.

  • CVE-2021-25480MedOct 6, 2021
    risk 0.29cvss 4.4epss 0.00

    A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile network connection.

  • CVE-2021-25477MedOct 6, 2021
    risk 0.29cvss 4.4epss 0.00

    An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service.

  • CVE-2021-25474MedOct 6, 2021
    risk 0.29cvss 4.4epss 0.00

    Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.

  • CVE-2021-25473MedOct 6, 2021
    risk 0.29cvss 4.4epss 0.00

    Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.

  • CVE-2021-25468MedOct 6, 2021
    risk 0.29cvss 4.4epss 0.00

    A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory address.

  • CVE-2021-25450MedSep 9, 2021
    risk 0.29cvss 4.5epss 0.00

    Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket.

Page 23 of 46