VYPR

mobile devices

by Samsung Mobile

CVEs (911)

  • CVE-2025-20989Jun 4, 2025
    risk 0.00cvss epss 0.00

    Improper logging in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a hmac_key.

  • CVE-2025-20988Jun 4, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds read in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to read out-of-bounds memory.

  • CVE-2025-20987Jun 4, 2025
    risk 0.00cvss epss 0.00

    Improper access control in fingerprint trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to get a auth_token.

  • CVE-2025-20986Jun 4, 2025
    risk 0.00cvss epss 0.00

    Improper access control in ScreenCapture for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to take screenshots.

  • CVE-2025-20985Jun 4, 2025
    risk 0.00cvss epss 0.00

    Improper privilege management in ThemeManager prior to SMR Jun-2025 Release 1 allows local privileged attackers to reuse trial items.

  • CVE-2025-20984Jun 4, 2025
    risk 0.00cvss epss 0.00

    Incorrect default permission in Samsung Cloud for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to access data in Samsung Cloud for Galaxy Watch.

  • CVE-2025-20981Jun 4, 2025
    risk 0.00cvss epss 0.00

    Improper access control in AudioService prior to SMR Jun-2025 Release 1 allows local attackers to access sensitive information.

  • CVE-2025-20964May 7, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds write in parsing media files in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.

  • CVE-2025-20963May 7, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds write in memory initialization in libsavsvc.so prior to SMR May-2025 Release 1 allows local attackers to write out-of-bounds memory.

  • CVE-2025-20962May 7, 2025
    risk 0.00cvss epss 0.00

    Improper handling of insufficient permission in SpenGesture service prior to SMR May-2025 Release 1 allows local attackers to track the S Pen position.

  • CVE-2025-20961May 7, 2025
    risk 0.00cvss epss 0.00

    Improper handling of insufficient permission or privileges in sepunion service prior to SMR May-2025 Release 1 allows local privileged attackers to access files with system privilege.

  • CVE-2025-20960May 7, 2025
    risk 0.00cvss epss 0.00

    Improper handling of insufficient permission in CocktailBarService prior to SMR May-2025 Release 1 allows local attackers to use the privileged api.

  • CVE-2025-20959May 7, 2025
    risk 0.00cvss epss 0.00

    Use of implicit intent for sensitive communication in Wi-Fi P2P service prior to SMR May-2025 Release 1 allows local attackers to access sensitive information.

  • CVE-2025-20958May 7, 2025
    risk 0.00cvss epss 0.00

    Improper verification of intent by broadcast receiver in UnifiedWFC prior to SMR May-2025 Release 1 allows local attackers to manipulate VoWiFi related behaviors.

  • CVE-2025-20957May 7, 2025
    risk 0.00cvss epss 0.00

    Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch arbitrary activities with SmartManagerCN privilege.

  • CVE-2025-20956May 7, 2025
    risk 0.00cvss epss 0.00

    Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings.

  • CVE-2025-20955May 7, 2025
    risk 0.00cvss epss 0.00

    Improper Export of Android Application Components in NotificationHistoryImageProvider prior to SMR May-2025 Release 1 allows local attackers to access notification images.

  • CVE-2025-20954May 7, 2025
    risk 0.00cvss epss 0.00

    Use of implicit intent for sensitive communication in EnrichedCall prior to SMR May-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability.

  • CVE-2025-20953May 7, 2025
    risk 0.00cvss epss 0.00

    Improper access control in SmartManagerCN prior to SMR May-2025 Release 1 allows local attackers to launch activities within SmartManagerCN.

  • CVE-2025-20937May 7, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

Page 6 of 46