VYPR

Android

by Samsung Mobile

CVEs (43)

  • CVE-2026-21016MedMay 13, 2026
    risk 0.36cvss 5.5epss 0.00

    Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.

  • CVE-2026-21015MedMay 13, 2026
    risk 0.36cvss 5.5epss 0.00

    Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier.

  • CVE-2026-21023MedApr 29, 2026
    risk 0.36cvss 5.5epss 0.00

    Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local attackers to modify the installation restriction of specific application.

  • CVE-2016-4546MedFeb 13, 2017
    risk 0.36cvss 5.5epss 0.00

    Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call.

  • CVE-2017-5217MedJan 9, 2017
    risk 0.36cvss 5.5epss 0.01

    Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app…

  • CVE-2025-21030MedSep 3, 2025
    risk 0.28cvss 4.3epss 0.00

    Improper handling of insufficient permission in AppPrelaunchManagerService prior to SMR Sep-2025 Release 1 in Chinese Android 15 allows local attackers to execute arbitrary application in the background.

  • CVE-2026-21027LowJun 5, 2026
    risk 0.21cvss 3.3epss 0.00

    Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function.

  • CVE-2026-21012LowApr 13, 2026
    risk 0.21cvss 3.3epss 0.00

    External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege.

  • CVE-2026-21006LowApr 13, 2026
    risk 0.16cvss 2.4epss 0.00

    Improper access control in Samsung DeX prior to SMR Apr-2026 Release 1 allows physical attackers to access to hidden notification contents.

  • CVE-2020-8899May 6, 2020
    risk 0.01cvss epss 0.06

    There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram…

  • CVE-2024-20803Jan 4, 2024
    risk 0.00cvss epss 0.00

    Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction.

  • CVE-2023-30671Jul 6, 2023
    risk 0.00cvss epss 0.00

    Logic error in package installation via adb command prior to SMR Jul-2023 Release 1 allows local attackers to downgrade installed application.

  • CVE-2023-30667Jul 6, 2023
    risk 0.00cvss epss 0.00

    Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege.

  • CVE-2022-39914Dec 8, 2022
    risk 0.00cvss epss 0.00

    Exposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung DisplayManagerService prior to Android T(13) allows local attacker to access connected DLNA device information.

  • CVE-2022-39912Dec 8, 2022
    risk 0.00cvss epss 0.00

    Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder.

  • CVE-2022-36850Sep 9, 2022
    risk 0.00cvss epss 0.00

    Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid.

  • CVE-2022-30753Jul 11, 2022
    risk 0.00cvss epss 0.00

    Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission.

  • CVE-2022-28794Jun 7, 2022
    risk 0.00cvss epss 0.00

    Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information.

  • CVE-2020-35693Dec 24, 2020
    risk 0.00cvss epss 0.00

    On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device's Bluetooth is on, and it is…

  • CVE-2020-0334Sep 18, 2020
    risk 0.00cvss epss 0.00

    In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions:…