VYPR

mobile devices

by Samsung Mobile

CVEs (911)

  • CVE-2025-20952Apr 9, 2025
    risk 0.00cvss epss 0.00

    Improper access control in Mdecservice prior to SMR Apr-2025 Release 1 allows local attackers to access arbitrary files with system privilege.

  • CVE-2025-20946Apr 8, 2025
    risk 0.00cvss epss 0.00

    Improper handling of exceptional conditions in pairing specific bluetooth devices in Galaxy Watch Bluetooth pairing prior to SMR Apr-2025 Release 1 allows local attackers to pair with specific bluetooth devices without user interaction.

  • CVE-2025-20939Apr 8, 2025
    risk 0.00cvss epss 0.00

    Improper authorization in wireless download protocol in Galaxy Watch prior to SMR Apr-2025 Release 1 allows physical attackers to update device unique identifier of Watch devices.

  • CVE-2025-20948Apr 8, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds read in enrollment with cdsp frame secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to read out-of-bounds memory.

  • CVE-2025-20947Apr 8, 2025
    risk 0.00cvss epss 0.00

    Improper handling of insufficient permission or privileges in ClipboardService prior to SMR Apr-2025 Release 1 allows local attackers to access image files across multiple users. User interaction is required for triggering this vulnerability.

  • CVE-2025-20945Apr 8, 2025
    risk 0.00cvss epss 0.00

    Improper access control in Galaxy Watch prior to SMR Apr-2025 Release 1 allows local attackers to access sensitive information of Galaxy watch.

  • CVE-2025-20944Apr 8, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds read in parsing audio data in libsavsac.so prior to SMR Apr-2025 Release 1 allows local attackers to read out-of-bounds memory.

  • CVE-2025-20943Apr 8, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds write in secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to cause memory corruption.

  • CVE-2025-20942Apr 8, 2025
    risk 0.00cvss epss 0.00

    Improper Verification of Intent by Broadcast Receiver in DeviceIdService prior to SMR Apr-2025 Release 1 allows local attackers to reset OAID.

  • CVE-2025-20941Apr 8, 2025
    risk 0.00cvss epss 0.00

    Improper access control in InputManager to SMR Apr-2025 Release 1 allows local attackers to access the scancode of specific input device.

  • CVE-2025-20938Apr 8, 2025
    risk 0.00cvss epss 0.00

    Improper access control in SamsungContacts prior to SMR Apr-2025 Release 1 allows local attackers to access protected data in SamsungContacts.

  • CVE-2025-20936Apr 8, 2025
    risk 0.00cvss epss 0.00

    Improper access control in HDCP trustlet prior to SMR Apr-2025 Release 1 allows local attackers with shell privilege to escalate their privileges to root.

  • CVE-2025-20934Apr 8, 2025
    risk 0.00cvss epss 0.00

    Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege.

  • CVE-2025-20912Mar 6, 2025
    risk 0.00cvss epss 0.00

    Incorrect default permission in DiagMonAgent prior to SMR Mar-2025 Release 1 allows local attackers to access data within Galaxy Watch.

  • CVE-2025-20911Mar 6, 2025
    risk 0.00cvss epss 0.00

    Improper access control in sem_wifi service prior to SMR Mar-2025 Release 1 allows privileged local attackers to update MAC address of Galaxy Watch.

  • CVE-2025-20910Mar 6, 2025
    risk 0.00cvss epss 0.00

    Incorrect default permission in Galaxy Watch Gallery prior to SMR Mar-2025 Release 1 allows local attackers to access data in Galaxy Watch Gallery.

  • CVE-2025-20909Mar 6, 2025
    risk 0.00cvss epss 0.00

    Use of implicit intent for sensitive communication in Settings prior to SMR Mar-2025 Release 1 allows local attackers to access sensitive information.

  • CVE-2025-20908Mar 6, 2025
    risk 0.00cvss epss 0.00

    Use of insufficiently random values in Auracast prior to SMR Mar-2025 Release 1 allows adjacent attackers to access Auracast broadcasting.

  • CVE-2025-20903Mar 6, 2025
    risk 0.00cvss epss 0.00

    Improper access control in SecSettingsIntelligence prior to SMR Mar-2025 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.

  • CVE-2025-20907Feb 4, 2025
    risk 0.00cvss epss 0.00

    Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find.

Page 7 of 46