VYPR

mobile devices

by Samsung Mobile

CVEs (911)

  • CVE-2024-49422Dec 31, 2024
    risk 0.00cvss epss 0.00

    Protection Mechanism Failure in bootloader prior to SMR Oct-2024 Release 1 allows physical attackers to reset lockscreen failure count by hardware fault injection. User interaction is required for triggering this vulnerability.

  • CVE-2024-49414Dec 3, 2024
    risk 0.00cvss epss 0.00

    Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list.

  • CVE-2024-49413Dec 3, 2024
    risk 0.00cvss epss 0.00

    Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.

  • CVE-2024-49411Dec 3, 2024
    risk 0.00cvss epss 0.00

    Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege.

  • CVE-2024-49410Dec 3, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code.

  • CVE-2024-49409Nov 6, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds write in Battery Full Capacity node prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.

  • CVE-2024-49408Nov 6, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.

  • CVE-2024-49402Nov 6, 2024
    risk 0.00cvss epss 0.00

    Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles.

  • CVE-2024-49401Nov 6, 2024
    risk 0.00cvss epss 0.00

    Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities.

  • CVE-2024-34682Nov 6, 2024
    risk 0.00cvss epss 0.00

    Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode.

  • CVE-2024-34680Nov 6, 2024
    risk 0.00cvss epss 0.00

    Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information.

  • CVE-2024-34679Nov 6, 2024
    risk 0.00cvss epss 0.00

    Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege.

  • CVE-2024-34678Nov 6, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption.

  • CVE-2024-34677Nov 6, 2024
    risk 0.00cvss epss 0.00

    Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate.

  • CVE-2024-34676Nov 6, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. User interaction is required for triggering this vulnerability.

  • CVE-2024-34675Nov 6, 2024
    risk 0.00cvss epss 0.00

    Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen.

  • CVE-2024-34674Nov 6, 2024
    risk 0.00cvss epss 0.00

    Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles.

  • CVE-2024-34673Nov 6, 2024
    risk 0.00cvss epss 0.00

    Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service.

  • CVE-2024-34669Oct 8, 2024
    risk 0.00cvss epss 0.01

    Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

  • CVE-2024-34668Oct 8, 2024
    risk 0.00cvss epss 0.01

    Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

Page 40 of 46