VYPR

Vendor CVEs

Samsung Mobile

All CVEs

2,204 total · sorted by risk
  • CVE-2023-21247Jul 12, 2023
    risk 0.00cvss epss 0.00

    In getAvailabilityStatus of BluetoothScanningMainSwitchPreferenceController.java, there is a possible way to bypass a device policy restriction due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed.…

  • CVE-2023-21241Jul 12, 2023
    risk 0.00cvss epss 0.00

    In rw_i93_send_to_upper of rw_i93.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2023-30677Jul 6, 2023
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device.

  • CVE-2023-30676Jul 6, 2023
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass.

  • CVE-2023-30675Jul 6, 2023
    risk 0.00cvss epss 0.00

    Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access stored account information when Samsung Wallet is not installed.

  • CVE-2023-30674Jul 6, 2023
    risk 0.00cvss epss 0.01

    Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie.

  • CVE-2023-30673Jul 6, 2023
    risk 0.00cvss epss 0.00

    Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.23052_1 allows local attackers to delete arbitrary directory using directory junction.

  • CVE-2023-30672Jul 6, 2023
    risk 0.00cvss epss 0.00

    Improper privilege management vulnerability in Samsung Smart Switch for Windows Installer prior to version 4.3.23043_3 allows attackers to cause permanent DoS via directory junction.

  • CVE-2023-30671Jul 6, 2023
    risk 0.00cvss epss 0.00

    Logic error in package installation via adb command prior to SMR Jul-2023 Release 1 allows local attackers to downgrade installed application.

  • CVE-2023-30670Jul 6, 2023
    risk 0.00cvss epss 0.00

    Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.

  • CVE-2023-30669Jul 6, 2023
    risk 0.00cvss epss 0.00

    Out-of-bounds Write in DoOemFactorySendFactoryTestResult of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.

  • CVE-2023-30668Jul 6, 2023
    risk 0.00cvss epss 0.00

    Out-of-bounds Write in BuildOemSecureSimLockResponse of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.

  • CVE-2023-30667Jul 6, 2023
    risk 0.00cvss epss 0.00

    Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege.

  • CVE-2023-30666Jul 6, 2023
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in DoOemImeiSetPreconfig in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.

  • CVE-2023-30665Jul 6, 2023
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in OnOemServiceMode in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds read.

  • CVE-2023-30664Jul 6, 2023
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in RegisteredMSISDN prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

  • CVE-2023-30663Jul 6, 2023
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.

  • CVE-2023-30662Jul 6, 2023
    risk 0.00cvss epss 0.00

    Exposure of Sensitive Information vulnerability in getChipIds in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.

  • CVE-2023-30661Jul 6, 2023
    risk 0.00cvss epss 0.00

    Exposure of Sensitive Information vulnerability in getChipInfos in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.

  • CVE-2023-30660Jul 6, 2023
    risk 0.00cvss epss 0.00

    Exposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.

  • CVE-2023-30659Jul 6, 2023
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

  • CVE-2023-30658Jul 6, 2023
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

  • CVE-2023-30657Jul 6, 2023
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

  • CVE-2023-30656Jul 6, 2023
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1 allows attackers to launch certain activities.

  • CVE-2023-30655Jul 6, 2023
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

  • CVE-2023-30653Jul 6, 2023
    risk 0.00cvss epss 0.00

    Out of bounds read and write in enableTspDevice of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.

  • CVE-2023-30652Jul 6, 2023
    risk 0.00cvss epss 0.00

    Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.

  • CVE-2023-30651Jul 6, 2023
    risk 0.00cvss epss 0.00

    Out of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.

  • CVE-2023-30650Jul 6, 2023
    risk 0.00cvss epss 0.00

    Out of bounds read and write in callrunTspCmd of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.

  • CVE-2023-30649Jul 6, 2023
    risk 0.00cvss epss 0.00

    Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.

  • CVE-2023-30648Jul 6, 2023
    risk 0.00cvss epss 0.00

    Stack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of RILD priro to SMR Jul-2023 Release 1 cause a denial of service on the system.

  • CVE-2023-30647Jul 6, 2023
    risk 0.00cvss epss 0.00

    Heap out of bound write vulnerability in IpcRxUsimPhoneBookCapa of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.

  • CVE-2023-30646Jul 6, 2023
    risk 0.00cvss epss 0.00

    Heap out of bound write vulnerability in BroadcastSmsConfig of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.

  • CVE-2023-30645Jul 6, 2023
    risk 0.00cvss epss 0.00

    Heap out of bound write vulnerability in IpcRxIncomingCBMsg of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.

  • CVE-2023-30644Jul 6, 2023
    risk 0.00cvss epss 0.00

    Stack out of bound write vulnerability in CdmaSmsParser of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.

  • CVE-2023-30643Jul 6, 2023
    risk 0.00cvss epss 0.00

    Missing authentication vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to delete arbitrary non-preloaded applications.

  • CVE-2023-30642Jul 6, 2023
    risk 0.00cvss epss 0.00

    Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to call privilege function.

  • CVE-2023-30641Jul 6, 2023
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Settings prior to SMR Jul-2023 Release 1 allows physical attacker to use restricted user profile to access device owner's google account data.

  • CVE-2023-30640Jul 6, 2023
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugration.

  • CVE-2023-20761Jul 4, 2023
    risk 0.00cvss epss 0.00

    In ril, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628604; Issue ID: ALPS07628582.

  • CVE-2023-21518Jun 28, 2023
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in SearchWidget prior to version 3.3 in China models allows untrusted applications to start arbitrary activity.

  • CVE-2023-21513Jun 28, 2023
    risk 0.00cvss epss 0.00

    Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition.

  • CVE-2023-21512Jun 28, 2023
    risk 0.00cvss epss 0.00

    Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission.

  • CVE-2023-31114Jun 7, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause unintended querying of the SIM status via a crafted application.

  • CVE-2023-31115Jun 7, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Incorrect resource transfer between spheres can cause changes to the activation mode of RCS via a crafted application.

  • CVE-2023-31116Jun 7, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. An incorrect default permission can cause unintended querying of RCS capability via a crafted application.

  • CVE-2023-20742Jun 6, 2023
    risk 0.00cvss epss 0.00

    In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628591; Issue ID: ALPS07628540.

  • CVE-2023-20741Jun 6, 2023
    risk 0.00cvss epss 0.00

    In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628591; Issue ID: ALPS07628606.

  • CVE-2023-21515May 26, 2023
    risk 0.00cvss epss 0.01

    InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.

  • CVE-2023-21516May 26, 2023
    risk 0.00cvss epss 0.01

    XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.

Page 23 of 45