VYPR

Vendor CVEs

Samsung Mobile

All CVEs

2,204 total · sorted by risk
  • CVE-2024-20856May 7, 2024
    risk 0.00cvss epss 0.00

    Improper Authentication vulnerability in Secure Folder prior to SMR May-2024 Release 1 allows physical attackers to access Secure Folder without proper authentication in a specific scenario.

  • CVE-2024-20854Apr 2, 2024
    risk 0.00cvss epss 0.00

    Improper handling of insufficient privileges vulnerability in Samsung Camera prior to versions 12.1.0.31 in Android 12, 13.1.02.07 in Android 13, and 14.0.01.06 in Android 14 allows local attackers to access image data.

  • CVE-2024-20853Apr 2, 2024
    risk 0.00cvss epss 0.00

    Improper verification of intent by broadcast receiver vulnerability in ThemeStore prior to 5.3.05.2 allows local attackers to write arbitrary files to sandbox of ThemeStore.

  • CVE-2024-20852Apr 2, 2024
    risk 0.00cvss epss 0.00

    Improper verification of intent by broadcast receiver vulnerability in SmartThings prior to version 1.8.13.22 allows local attackers to access testing configuration.

  • CVE-2024-20851Apr 2, 2024
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Samsung Data Store prior to version 5.3.00.4 allows local attackers to launch arbitrary activity with Samsung Data Store privilege.

  • CVE-2024-20850Apr 2, 2024
    risk 0.00cvss epss 0.00

    Use of Implicit Intent for Sensitive Communication in Samsung Pay prior to version 5.4.99 allows local attackers to access information of Samsung Pay.

  • CVE-2024-20849Apr 2, 2024
    risk 0.00cvss epss 0.00

    Out-of-bound Write vulnerability in chunk parsing implementation of libsdffextractor prior to SMR Apr-2023 Release 1 allows local attackers to execute arbitrary code.

  • CVE-2024-20848Apr 2, 2024
    risk 0.00cvss epss 0.00

    Improper Input Validation vulnerability in text parsing implementation of libsdffextractor prior to SMR Apr-2024 Release 1 allows local attackers to write out-of-bounds memory.

  • CVE-2024-20847Apr 2, 2024
    risk 0.00cvss epss 0.00

    Improper Access Control vulnerability in StorageManagerService prior to SMR Apr-2024 Release 1 allows local attackers to read sdcard information.

  • CVE-2024-20846Apr 2, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds write vulnerability while decoding hcr of libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code.

  • CVE-2024-20845Apr 2, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds write vulnerability while releasing memory in libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code.

  • CVE-2024-20844Apr 2, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds write vulnerability while parsing remaining codewords in libsavsac.so prior to SMR Apr-2024 Release 1 allows local attacker to execute arbitrary code.

  • CVE-2024-20843Apr 2, 2024
    risk 0.00cvss epss 0.00

    Out-of-bound write vulnerability in command parsing implementation of libIfaaCa prior to SMR Apr-2024 Release 1 allows local privileged attackers to execute arbitrary code.

  • CVE-2024-20842Apr 2, 2024
    risk 0.00cvss epss 0.00

    Improper Input Validation vulnerability in handling apdu of libsec-ril prior to SMR Apr-2024 Release 1 allows local privileged attackers to write out-of-bounds memory.

  • CVE-2024-20833Mar 5, 2024
    risk 0.00cvss epss 0.00

    Use after free vulnerability in pub_crypto_recv_msg prior to SMR Mar-2024 Release 1 due to race condition allows local attackers with system privilege to cause memory corruption.

  • CVE-2024-20841Mar 5, 2024
    risk 0.00cvss epss 0.00

    Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to access data.

  • CVE-2024-20838Mar 5, 2024
    risk 0.00cvss epss 0.00

    Improper validation vulnerability in Samsung Internet prior to version 24.0.3.2 allows local attackers to execute arbitrary code.

  • CVE-2024-20837Mar 5, 2024
    risk 0.00cvss epss 0.00

    Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction.

  • CVE-2024-20836Mar 5, 2024
    risk 0.00cvss epss 0.00

    Out of bounds Read vulnerability in ssmis_get_frm in libsubextractor.so prior to SMR Mar-2024 Release 1 allows local attackers to read out of bounds memory.

  • CVE-2024-20835Mar 5, 2024
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in CustomFrequencyManagerService prior to SMR Mar-2024 Release 1 allows local attackers to execute privileged behaviors.

  • CVE-2024-20834Mar 5, 2024
    risk 0.00cvss epss 0.00

    The sensitive information exposure vulnerability in WlanTest prior to SMR Mar-2024 Release 1 allows local attackers to access MAC address without proper permission.

  • CVE-2024-20832Mar 5, 2024
    risk 0.00cvss epss 0.00

    Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary code.

  • CVE-2024-20831Mar 5, 2024
    risk 0.00cvss epss 0.00

    Stack overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary code.

  • CVE-2024-20830Mar 5, 2024
    risk 0.00cvss epss 0.00

    Incorrect default permission in AppLock prior to SMR MAr-2024 Release 1 allows local attackers to configure AppLock settings.

  • CVE-2024-20829Mar 5, 2024
    risk 0.00cvss epss 0.00

    Missing proper interaction for opening deeplink in Samsung Internet prior to version v24.0.0.0 allows remote attackers to open an application without proper interaction.

  • CVE-2023-52432Mar 5, 2024
    risk 0.00cvss epss 0.00

    Improper input validation in IpcTxSndSetLoopbackCtrl in libsec-ril prior to SMR Sep-2023 Release 1 allows local attackers to write out-of-bounds memory.

  • CVE-2024-20022Mar 4, 2024
    risk 0.00cvss epss 0.00

    In lk, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528255; Issue ID: ALPS08528255.

  • CVE-2024-0021Feb 16, 2024
    risk 0.00cvss epss 0.00

    In onCreate of NotificationAccessConfirmationActivity.java, there is a possible way for an app in the work profile to enable notification listener services due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges…

  • CVE-2024-0020Feb 16, 2024
    risk 0.00cvss epss 0.00

    In onActivityResult of NotificationSoundPreference.java, there is a possible way to hear audio files belonging to a different user due to a confused deputy. This could lead to local information disclosure across users of a device with no additional execution privileges needed.…

  • CVE-2024-23769Feb 7, 2024
    risk 0.00cvss epss 0.00

    Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data.

  • CVE-2024-20828Feb 6, 2024
    risk 0.00cvss epss 0.00

    Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication.

  • CVE-2024-20826Feb 6, 2024
    risk 0.00cvss epss 0.00

    Implicit intent hijacking vulnerability in UPHelper library prior to version 4.0.0 allows local attackers to access sensitive information via implicit intent.

  • CVE-2024-20825Feb 6, 2024
    risk 0.00cvss epss 0.00

    Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

  • CVE-2024-20824Feb 6, 2024
    risk 0.00cvss epss 0.00

    Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

  • CVE-2024-20823Feb 6, 2024
    risk 0.00cvss epss 0.00

    Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

  • CVE-2024-20822Feb 6, 2024
    risk 0.00cvss epss 0.00

    Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

  • CVE-2024-20820Feb 6, 2024
    risk 0.00cvss epss 0.00

    Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows local privileged attackers to cause an Out-Of-Bounds read.

  • CVE-2024-20819Feb 6, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.

  • CVE-2024-20818Feb 6, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.

  • CVE-2024-20817Feb 6, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.

  • CVE-2024-20816Feb 6, 2024
    risk 0.00cvss epss 0.00

    Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.

  • CVE-2024-20815Feb 6, 2024
    risk 0.00cvss epss 0.00

    Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.

  • CVE-2024-20814Feb 6, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows local attackers access unauthorized information.

  • CVE-2024-20813Feb 6, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.

  • CVE-2024-20812Feb 6, 2024
    risk 0.00cvss epss 0.00

    Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.

  • CVE-2024-20811Feb 6, 2024
    risk 0.00cvss epss 0.00

    Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer.

  • CVE-2024-20810Feb 6, 2024
    risk 0.00cvss epss 0.00

    Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows local attackers to get sensitive information.

  • CVE-2024-20809Jan 4, 2024
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.

  • CVE-2024-20808Jan 4, 2024
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.

  • CVE-2024-20807Jan 4, 2024
    risk 0.00cvss epss 0.00

    Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows local attacker to get sensitive information.

Page 19 of 45