VYPR

Vendor CVEs

Samsung Mobile

All CVEs

2,204 total · sorted by risk
  • CVE-2025-20915Mar 6, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds read in applying binary of voice content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.

  • CVE-2025-20914Mar 6, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds read in applying binary of hand writing content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.

  • CVE-2025-20913Mar 6, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds read in applying binary of drawing content in Samsung Notes prior to version 4.4.26.71 allows attackers to read out-of-bounds memory.

  • CVE-2025-20912Mar 6, 2025
    risk 0.00cvss epss 0.00

    Incorrect default permission in DiagMonAgent prior to SMR Mar-2025 Release 1 allows local attackers to access data within Galaxy Watch.

  • CVE-2025-20911Mar 6, 2025
    risk 0.00cvss epss 0.00

    Improper access control in sem_wifi service prior to SMR Mar-2025 Release 1 allows privileged local attackers to update MAC address of Galaxy Watch.

  • CVE-2025-20910Mar 6, 2025
    risk 0.00cvss epss 0.00

    Incorrect default permission in Galaxy Watch Gallery prior to SMR Mar-2025 Release 1 allows local attackers to access data in Galaxy Watch Gallery.

  • CVE-2025-20909Mar 6, 2025
    risk 0.00cvss epss 0.00

    Use of implicit intent for sensitive communication in Settings prior to SMR Mar-2025 Release 1 allows local attackers to access sensitive information.

  • CVE-2025-20908Mar 6, 2025
    risk 0.00cvss epss 0.00

    Use of insufficiently random values in Auracast prior to SMR Mar-2025 Release 1 allows adjacent attackers to access Auracast broadcasting.

  • CVE-2025-20903Mar 6, 2025
    risk 0.00cvss epss 0.00

    Improper access control in SecSettingsIntelligence prior to SMR Mar-2025 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.

  • CVE-2024-52924Mar 6, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in NRMM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Lack of boundary check during the…

  • CVE-2024-50600Mar 6, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, W920, W930, and W1000. Lack of a boundary check in STOP_KEEP_ALIVE_OFFLOAD leads to out-of-bounds access. An attacker can send a malformed message to the…

  • CVE-2024-52923Mar 6, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in NRMM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Lack of a boundary check during the…

  • CVE-2024-46923Feb 12, 2025
    risk 0.00cvss epss 0.01

    An issue was discovered in Samsung Mobile Processor Exynos 2200, 1480, and 2400. The absence of a null check leads to a Denial of Service at amdgpu_cs_ib_fill in the Xclipse Driver.

  • CVE-2024-46922Feb 12, 2025
    risk 0.00cvss epss 0.01

    An issue was discovered in Samsung Mobile Processor Exynos 1480 and 2400. The absence of a null check leads to a Denial of Service at amdgpu_cs_parser_bos in the Xclipse Driver.

  • CVE-2025-20907Feb 4, 2025
    risk 0.00cvss epss 0.00

    Improper privilege management in Samsung Find prior to SMR Feb-2025 Release 1 allows local privileged attackers to disable Samsung Find.

  • CVE-2025-20905Feb 4, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds read and write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to read and write out-of-bounds memory.

  • CVE-2025-20904Feb 4, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds write in mPOS TUI trustlet prior to SMR Feb-2025 Release 1 allows local privileged attackers to cause memory corruption.

  • CVE-2025-20901Feb 4, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds read in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to read out-of-bounds memory.

  • CVE-2025-20900Feb 4, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds write in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to write out-of-bounds memory.

  • CVE-2025-20898Feb 4, 2025
    risk 0.00cvss epss 0.00

    Improper input validation in Samsung Members prior to version 5.2.00.12 allows physical attackers to access data across multiple user profiles.

  • CVE-2025-20895Feb 4, 2025
    risk 0.00cvss epss 0.00

    Authentication Bypass Using an Alternate Path in Galaxy Store prior to version 4.5.87.6 allows physical attackers to install arbitrary applications to bypass restrictions of Setupwizard.

  • CVE-2025-20894Feb 4, 2025
    risk 0.00cvss epss 0.00

    Improper access control in Samsung Email prior to version 6.1.97.1 allows physical attackers to access data across multiple user profiles.

  • CVE-2025-20893Feb 4, 2025
    risk 0.00cvss epss 0.00

    Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications.

  • CVE-2025-20892Feb 4, 2025
    risk 0.00cvss epss 0.00

    Protection Mechanism Failure in bootloader prior to SMR Jan-2025 Release 1 allows physical attackers to allow to execute fastboot command. User interaction is required for triggering this vulnerability.

  • CVE-2025-20891Feb 4, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds read in decoding malformed bitstream of video thumbnails in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.

  • CVE-2025-20890Feb 4, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.

  • CVE-2025-20889Feb 4, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds read in decoding malformed bitstream for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.

  • CVE-2025-20888Feb 4, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.

  • CVE-2025-20887Feb 4, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds read in accessing table used for svp8t in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to read arbitrary memory. User interaction is required for triggering this vulnerability.

  • CVE-2025-20886Feb 4, 2025
    risk 0.00cvss epss 0.00

    Inclusion of sensitive information in test code in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to get test key.

  • CVE-2025-20885Feb 4, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds write in softsim trustlet prior to SMR Jan-2025 Release 1 allows local privileged attackers to cause memory corruption.

  • CVE-2025-20884Feb 4, 2025
    risk 0.00cvss epss 0.00

    Improper access control in Samsung Message prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.

  • CVE-2025-20883Feb 4, 2025
    risk 0.00cvss epss 0.00

    Improper access control in SoundPicker prior to SMR Jan-2025 Release 1 allows physical attackers to access data across multiple user profiles.

  • CVE-2025-20882Feb 4, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds write in accessing uninitialized memory for svc1td in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.

  • CVE-2025-20881Feb 4, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds write in accessing buffer storing the decoded video frames in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary code with privilege. User interaction is required for triggering this vulnerability.

  • CVE-2024-46919Jan 13, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Lack of a length check leads to a stack out-of-bounds write at loadOutputBuffers.

  • CVE-2024-48883Jan 13, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, and Modem 5300. The UE incorrectly handles a malformed uplink scheduling…

  • CVE-2024-46921Jan 13, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor and Modem Exynos 9820, 9825, 980, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W1000, Modem 5123, Modem 5300, Modem 5400. UE does not limit the number of attempts for the RRC Setup procedure in the 5G SA, leading…

  • CVE-2024-46920Jan 13, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor Exynos 9820, 9825, 980, 990, 850, 1080, 2100, and 1280. Lack of a length check leads to a stack out-of-bounds write at loadInputBuffers.

  • CVE-2024-49422Dec 31, 2024
    risk 0.00cvss epss 0.00

    Protection Mechanism Failure in bootloader prior to SMR Oct-2024 Release 1 allows physical attackers to reset lockscreen failure count by hardware fault injection. User interaction is required for triggering this vulnerability.

  • CVE-2024-49417Dec 3, 2024
    risk 0.00cvss epss 0.00

    Use of implicit intent for sensitive communication in Smart Touch Call prior to 1.0.0.8 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.

  • CVE-2024-49416Dec 3, 2024
    risk 0.00cvss epss 0.00

    Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows local attackers to get sensitive information.

  • CVE-2024-49414Dec 3, 2024
    risk 0.00cvss epss 0.00

    Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list.

  • CVE-2024-49413Dec 3, 2024
    risk 0.00cvss epss 0.00

    Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.

  • CVE-2024-49411Dec 3, 2024
    risk 0.00cvss epss 0.00

    Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege.

  • CVE-2024-49410Dec 3, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code.

  • CVE-2024-53921Dec 3, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can create arbitrary folders in the system permission directory via a symbolic link during the installation process.

  • CVE-2024-39343Dec 2, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, Modem 5123, and Modem 5300. The baseband software does not properly check the length specified by the MM (Mobility Management) module, which can lead…

  • CVE-2024-39890Dec 2, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300. The baseband software does not properly check the length…

  • CVE-2024-49409Nov 6, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds write in Battery Full Capacity node prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.

Page 14 of 45