VYPR

Vendor CVEs

Samsung Mobile

All CVEs

2,204 total · sorted by risk
  • CVE-2024-27373Jun 5, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on disc_attr->mesh_id_len coming from userspace, which can lead to a heap…

  • CVE-2024-27374Jun 5, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_publish_get_nl_params(), there is no input validation check on hal_req->service_specific_info_len coming from userspace, which can lead…

  • CVE-2024-27375Jun 5, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation check on hal_req->sdea_service_specific_info_len coming from userspace, which…

  • CVE-2024-27372Jun 5, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on disc_attr->infrastructure_ssid_len coming from userspace, which can lead…

  • CVE-2024-27377Jun 5, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_get_security_info_nl(), there is no input validation check on sec_info->key_info.body.pmk_info.pmk_len coming from userspace, which can…

  • CVE-2024-27370Jun 5, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on hal_req->num_config_discovery_attr coming from userspace, which can lead…

  • CVE-2024-27381Jun 5, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_send_action_frame_ut(), there is no input validation check on len coming from userspace, which can lead to a heap over-read.

  • CVE-2024-27382Jun 5, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_send_action_frame(), there is no input validation check on len coming from userspace, which can lead to a heap over-read.

  • CVE-2024-27378Jun 5, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_send_action_frame_cert(), there is no input validation check on len coming from userspace, which can lead to a heap over-read.

  • CVE-2024-27376Jun 5, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_subscribe_get_nl_params(), there is no input validation check on hal_req->rx_match_filter_len coming from userspace, which can lead to…

  • CVE-2024-27380Jun 5, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_set_delayed_wakeup_type(), there is no input validation check on a length of ioctl_args->args[i] coming from userspace, which can lead to a…

  • CVE-2024-27379Jun 5, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_subscribe_get_nl_params(), there is no input validation check on hal_req->num_intf_addr_present coming from userspace, which can lead…

  • CVE-2023-50803Jun 5, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor, and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not…

  • CVE-2023-49927Jun 5, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300. The baseband…

  • CVE-2024-28818Jun 5, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly…

  • CVE-2023-49928Jun 5, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300. The baseband…

  • CVE-2023-50804Jun 5, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor, and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not…

  • CVE-2024-20887Jun 4, 2024
    risk 0.00cvss epss 0.00

    Arbitrary directory creation in GalaxyBudsManager PC prior to version 2.1.240315.51 allows attacker to create arbitrary directory.

  • CVE-2024-20885Jun 4, 2024
    risk 0.00cvss epss 0.00

    Improper component protection vulnerability in Samsung Dialer prior to SMR May-2024 Release 1 allows local attackers to make a call without proper permission.

  • CVE-2024-20884Jun 4, 2024
    risk 0.00cvss epss 0.00

    Incorrect use of privileged API vulnerability in getSemBatteryUsageStats in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API.

  • CVE-2024-20883Jun 4, 2024
    risk 0.00cvss epss 0.00

    Incorrect use of privileged API vulnerability in registerBatteryStatsCallback in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API.

  • CVE-2024-20882Jun 4, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds read vulnerability in bootloader prior to SMR June-2024 Release 1 allows physical attackers to arbitrary data access.

  • CVE-2024-20881Jun 4, 2024
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in chnactiv TA prior to SMR Jun-2024 Release 1 allows local privileged attackers lead to potential arbitrary code execution.

  • CVE-2024-20880Jun 4, 2024
    risk 0.00cvss epss 0.00

    Stack-based buffer overflow vulnerability in bootloader prior to SMR Jun-2024 Release 1 allows physical attackers to overwrite memory.

  • CVE-2024-20879Jun 4, 2024
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers to write out-of-bounds memory.

  • CVE-2024-20878Jun 4, 2024
    risk 0.00cvss epss 0.00

    Heap out-of-bound write vulnerability in parsing grid image in libsavscmn.so prior to SMR June-2024 Release 1 allows local attackers to execute arbitrary code.

  • CVE-2024-20877Jun 4, 2024
    risk 0.00cvss epss 0.00

    Heap out-of-bound write vulnerability in parsing grid image header in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers to execute arbitrary code.

  • CVE-2024-20876Jun 4, 2024
    risk 0.00cvss epss 0.00

    Improper input validation in libsheifdecadapter.so prior to SMR Jun-2024 Release 1 allows local attackers to lead to memory corruption.

  • CVE-2024-20875Jun 4, 2024
    risk 0.00cvss epss 0.00

    Improper caller verification vulnerability in SemClipboard prior to SMR June-2024 Release 1 allows local attackers to access arbitrary files.

  • CVE-2024-20874Jun 4, 2024
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in SmartManagerCN prior to SMR Jun-2024 Release 1 allows local attackers to launch privileged activities.

  • CVE-2024-20873Jun 4, 2024
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in caminfo driver prior to SMR Jun-2024 Release 1 allows local privileged attackers to write out-of-bounds memory.

  • CVE-2024-29152Jun 4, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400, Exynos Modem 5123, and Exynos Modem 5300. The baseband software does not properly…

  • CVE-2024-31953May 9, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Magician 8.0.0 on macOS. Because it is possible to tamper with the directory and executable files used during the installation process, an attacker can escalate privileges through arbitrary code execution. (The attacker must already have user…

  • CVE-2024-31952May 9, 2024
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Magician 8.0.0 on macOS. Because symlinks are used during the installation process, an attacker can escalate privileges via arbitrary file permission writes. (The attacker must already have user privileges, and an administrator password must be…

  • CVE-2024-20855May 7, 2024
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in multitasking framework prior to SMR May-2024 Release 1 allows physical attackers to access unlocked screen for a while.

  • CVE-2024-20871May 7, 2024
    risk 0.00cvss epss 0.00

    Improper authorization vulnerability in Samsung Keyboard prior to version One UI 5.1.1 allows physical attackers to partially bypass the factory reset protection.

  • CVE-2024-20870May 7, 2024
    risk 0.00cvss epss 0.00

    Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store.

  • CVE-2024-20869May 7, 2024
    risk 0.00cvss epss 0.00

    Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for cookies.

  • CVE-2024-20868May 7, 2024
    risk 0.00cvss epss 0.00

    Improper input validation in Samsung Notes prior to version 4.4.15 allows local attackers to delete files with Samsung Notes privilege under certain conditions.

  • CVE-2024-20867May 7, 2024
    risk 0.00cvss epss 0.00

    Improper privilege management vulnerability in Samsung Email prior to version 6.1.91.14 allows local attackers to access sensitive information.

  • CVE-2024-20866May 7, 2024
    risk 0.00cvss epss 0.00

    Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical attackers to skip activation step.

  • CVE-2024-20865May 7, 2024
    risk 0.00cvss epss 0.00

    Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary images.

  • CVE-2024-20864May 7, 2024
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system resources.

  • CVE-2024-20863May 7, 2024
    risk 0.00cvss epss 0.00

    Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code.

  • CVE-2024-20862May 7, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code.

  • CVE-2024-20861May 7, 2024
    risk 0.00cvss epss 0.00

    Use after free vulnerability in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to cause memory corruption.

  • CVE-2024-20860May 7, 2024
    risk 0.00cvss epss 0.00

    Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper permission.

  • CVE-2024-20859May 7, 2024
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in FactoryCamera prior to SMR May-2024 Release 1 allows local attackers to take pictures without privilege.

  • CVE-2024-20858May 7, 2024
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.

  • CVE-2024-20857May 7, 2024
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.

Page 18 of 45