VYPR

Vendor CVEs

Samsung Mobile

All CVEs

2,204 total · sorted by risk
  • CVE-2024-49408Nov 6, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.

  • CVE-2024-49407Nov 6, 2024
    risk 0.00cvss epss 0.00

    Improper access control in Samsung Flow prior to version 4.9.15.7 allows physical attackers to access data across multiple user profiles.

  • CVE-2024-49406Nov 6, 2024
    risk 0.00cvss epss 0.00

    Improper validation of integrity check value in Blockchain Keystore prior to version 1.3.16 allows local attackers to modify transaction. Root privilege is required for triggering this vulnerability.

  • CVE-2024-49405Nov 6, 2024
    risk 0.00cvss epss 0.00

    Improper authentication in Private Info in Samsung Pass in prior to version 4.4.04.7 allows physical attackers to access sensitive information in a specific scenario.

  • CVE-2024-49404Nov 6, 2024
    risk 0.00cvss epss 0.00

    Improper Access Control in Samsung Video Player prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows physical attackers to access video file of other users.

  • CVE-2024-49402Nov 6, 2024
    risk 0.00cvss epss 0.00

    Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles.

  • CVE-2024-49401Nov 6, 2024
    risk 0.00cvss epss 0.00

    Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities.

  • CVE-2024-34682Nov 6, 2024
    risk 0.00cvss epss 0.00

    Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode.

  • CVE-2024-34680Nov 6, 2024
    risk 0.00cvss epss 0.00

    Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information.

  • CVE-2024-34679Nov 6, 2024
    risk 0.00cvss epss 0.00

    Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege.

  • CVE-2024-34678Nov 6, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption.

  • CVE-2024-34677Nov 6, 2024
    risk 0.00cvss epss 0.00

    Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate.

  • CVE-2024-34676Nov 6, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. User interaction is required for triggering this vulnerability.

  • CVE-2024-34675Nov 6, 2024
    risk 0.00cvss epss 0.00

    Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen.

  • CVE-2024-34674Nov 6, 2024
    risk 0.00cvss epss 0.00

    Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles.

  • CVE-2024-34673Nov 6, 2024
    risk 0.00cvss epss 0.00

    Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service.

  • CVE-2024-45185Nov 4, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, Modem 5300. There is an out-of-bounds write due to a heap overflow in the GPRS…

  • CVE-2024-45184Oct 11, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with chipset Exynos 9820, 9825, 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, Modem 5123, and Modem 5300. A USAT out-of-bounds write due to a heap buffer…

  • CVE-2024-34672Oct 8, 2024
    risk 0.00cvss epss 0.00

    Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows local attackers to access video file of other users.

  • CVE-2024-34671Oct 8, 2024
    risk 0.00cvss epss 0.00

    Use of implicit intent for sensitive communication in translation혻in Samsung Internet prior to version 26.0.3.1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability.

  • CVE-2024-34670Oct 8, 2024
    risk 0.00cvss epss 0.00

    Use of implicit intent for sensitive communication in Sound Assistant prior to version 6.1.0.9 allows local attackers to get sensitive information.

  • CVE-2024-34669Oct 8, 2024
    risk 0.00cvss epss 0.01

    Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

  • CVE-2024-34668Oct 8, 2024
    risk 0.00cvss epss 0.01

    Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

  • CVE-2024-34667Oct 8, 2024
    risk 0.00cvss epss 0.01

    Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

  • CVE-2024-34666Oct 8, 2024
    risk 0.00cvss epss 0.01

    Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

  • CVE-2024-34665Oct 8, 2024
    risk 0.00cvss epss 0.01

    Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

  • CVE-2024-34664Oct 8, 2024
    risk 0.00cvss epss 0.00

    Improper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a multi-user environment.

  • CVE-2024-34663Oct 8, 2024
    risk 0.00cvss epss 0.00

    Integer overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write out-of-bounds memory.

  • CVE-2024-34662Oct 8, 2024
    risk 0.00cvss epss 0.00

    Improper access control in ActivityManager prior to SMR Oct-2024 Release 1 in select Android 12, 13 and SMR Sep-2024 Release 1 in select Android 14 allows local attackers to execute privileged behaviors.

  • CVE-2024-44068Oct 7, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in the m2m scaler driver in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850,and W920. A Use-After-Free in the mobile processor leads to privilege escalation.

  • CVE-2024-25073Sep 10, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Semiconductor Mobile Processor and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123,…

  • CVE-2024-31960Sep 10, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor Exynos 1480, Exynos 2400. The xclipse amdgpu driver has a reference count bug. This can lead to a use after free.

  • CVE-2024-27366Sep 9, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor, Wearable Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_scan_done_ind(), there is no input validation check on a…

  • CVE-2024-27387Sep 9, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_rx_range_done_ind(), there is no input validation check on rtt_id coming from userspace, which can lead to a heap overwrite.

  • CVE-2024-27367Sep 9, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor Exynos Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_scan_ind(), there is no input validation check on a length…

  • CVE-2024-27383Sep 9, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_get_scan_extra_ies(), there is no input validation check on default_ies coming from userspace, which can lead to a heap overwrite.

  • CVE-2024-27365Sep 9, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_blockack_ind(), there is no input validation check on a length coming from…

  • CVE-2024-27368Sep 9, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor Exynos Mobile Processor, Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_received_frame_ind(), there is no input…

  • CVE-2024-34661Sep 4, 2024
    risk 0.00cvss epss 0.00

    Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7 allows remote attackers to access location data. User interaction is required for triggering this vulnerability.

  • CVE-2024-34660Sep 4, 2024
    risk 0.00cvss epss 0.00

    Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.

  • CVE-2024-34659Sep 4, 2024
    risk 0.00cvss epss 0.00

    Exposure of sensitive information in GroupSharing prior to version 13.6.13.3 allows remote attackers can force the victim to join the group.

  • CVE-2024-34658Sep 4, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds read in Samsung Notes allows local attackers to bypass ASLR.

  • CVE-2024-34657Sep 4, 2024
    risk 0.00cvss epss 0.01

    Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code.

  • CVE-2024-34656Sep 4, 2024
    risk 0.00cvss epss 0.00

    Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.

  • CVE-2024-34655Sep 4, 2024
    risk 0.00cvss epss 0.00

    Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1 allows local attackers to access privileged API related to UniversalCredentialManager.

  • CVE-2024-34654Sep 4, 2024
    risk 0.00cvss epss 0.00

    Improper Export of android application component in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access files with My Files' privilege.

  • CVE-2024-34653Sep 4, 2024
    risk 0.00cvss epss 0.00

    Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access directories with My Files' privilege.

  • CVE-2024-34652Sep 4, 2024
    risk 0.00cvss epss 0.00

    Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to access information related to performance including app usage.

  • CVE-2024-34651Sep 4, 2024
    risk 0.00cvss epss 0.00

    Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access restricted data in My Files.

  • CVE-2024-34650Sep 4, 2024
    risk 0.00cvss epss 0.00

    Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to Edge panel.

Page 15 of 45