VYPR

Vendor CVEs

Samsung Mobile

All CVEs

2,204 total · sorted by risk
  • CVE-2023-21515May 26, 2023
    risk 0.00cvss epss 0.01

    InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.

  • CVE-2023-29092May 9, 2023
    risk 0.00cvss epss 0.00

    An issue was discovered in Exynos Mobile Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, and Exynos 1080. Binding of a wrong resource can occur due to improper handling of parameters while binding a network interface.

  • CVE-2023-21506May 4, 2023
    risk 0.00cvss epss 0.00

    Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code.

  • CVE-2023-21505May 4, 2023
    risk 0.00cvss epss 0.00

    Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox.

  • CVE-2023-21503May 4, 2023
    risk 0.00cvss epss 0.01

    Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.

  • CVE-2023-21502May 4, 2023
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands.

  • CVE-2023-21501May 4, 2023
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.

  • CVE-2023-21500May 4, 2023
    risk 0.00cvss epss 0.00

    Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory.

  • CVE-2023-21499May 4, 2023
    risk 0.00cvss epss 0.00

    Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.

  • CVE-2023-21498May 4, 2023
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory.

  • CVE-2023-21497May 4, 2023
    risk 0.00cvss epss 0.00

    Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address.

  • CVE-2023-21496May 4, 2023
    risk 0.00cvss epss 0.00

    Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level.

  • CVE-2023-21495May 4, 2023
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set.

  • CVE-2023-21494May 4, 2023
    risk 0.00cvss epss 0.01

    Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.

  • CVE-2023-21493May 4, 2023
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data.

  • CVE-2023-21491May 4, 2023
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege.

  • CVE-2023-21490May 4, 2023
    risk 0.00cvss epss 0.00

    Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager.

  • CVE-2023-21489May 4, 2023
    risk 0.00cvss epss 0.00

    Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code.

  • CVE-2023-21488May 4, 2023
    risk 0.00cvss epss 0.00

    Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips.

  • CVE-2023-21487May 4, 2023
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting.

  • CVE-2023-21486May 4, 2023
    risk 0.00cvss epss 0.00

    Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.

  • CVE-2023-21485May 4, 2023
    risk 0.00cvss epss 0.00

    Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.

  • CVE-2023-21484May 4, 2023
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation.

  • CVE-2023-21504May 4, 2023
    risk 0.00cvss epss 0.01

    Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.

  • CVE-2023-21511May 4, 2023
    risk 0.00cvss epss 0.00

    Out-of-bounds Read vulnerability while processing CMD_COLDWALLET_BTC_SET_PRV_UTXO in bc_core trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory.

  • CVE-2023-21510May 4, 2023
    risk 0.00cvss epss 0.00

    Out-of-bounds Read vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory.

  • CVE-2023-21509May 4, 2023
    risk 0.00cvss epss 0.00

    Out-of-bounds Write vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code.

  • CVE-2023-21508May 4, 2023
    risk 0.00cvss epss 0.00

    Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code.

  • CVE-2023-21507May 4, 2023
    risk 0.00cvss epss 0.00

    Out-of-bounds Read vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory.

  • CVE-2023-29086Apr 14, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding…

  • CVE-2023-29085Apr 14, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding…

  • CVE-2023-29090Apr 14, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding…

  • CVE-2023-29089Apr 14, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding…

  • CVE-2023-29088Apr 14, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding…

  • CVE-2023-29087Apr 14, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding…

  • CVE-2023-29091Apr 14, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor and Modem for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos 9110, and Exynos Auto T5123. Memory corruption can occur due to insufficient parameter validation while decoding…

  • CVE-2023-20665Apr 6, 2023
    risk 0.00cvss epss 0.00

    In ril, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07628604; Issue ID: ALPS07628604.

  • CVE-2023-28613Apr 4, 2023
    risk 0.00cvss epss 0.01

    An issue was discovered in Samsung Exynos Mobile Processor and Baseband Modem Processor for Exynos 1280, Exynos 2200, and Exynos Modem 5300. An integer overflow in IPv4 fragment handling can occur due to insufficient parameter validation when reassembling these fragments.

  • CVE-2022-1230Mar 28, 2023
    risk 0.00cvss epss 0.00

    This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 prior to 4.5.40.5 phones. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The…

  • CVE-2023-26498Mar 23, 2023
    risk 0.00cvss epss 0.24

    An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos Auto T5126. Memory corruption can occur due to improper checking of the number of properties while parsing the chatroom attribute in the SDP…

  • CVE-2023-26496Mar 23, 2023
    risk 0.00cvss epss 0.24

    An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5124. Memory corruption can occur due to improper checking of the parameter length while parsing the fmtp attribute in the SDP (Session…

  • CVE-2023-26497Mar 21, 2023
    risk 0.00cvss epss 0.24

    An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5125. Memory corruption can occur when processing Session Description Negotiation for Video Configuration Attribute.

  • CVE-2023-21459Mar 16, 2023
    risk 0.00cvss epss 0.00

    Use after free vulnerability in decon driver prior to SMR Mar-2023 Release 1 allows attackers to cause memory access fault.

  • CVE-2023-21458Mar 16, 2023
    risk 0.00cvss epss 0.00

    Improper privilege management vulnerability in PhoneStatusBarPolicy in System UI prior to SMR Mar-2023 Release 1 allows attacker to turn off Do not disturb via unprotected intent.

  • CVE-2023-21457Mar 16, 2023
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission.

  • CVE-2023-21456Mar 16, 2023
    risk 0.00cvss epss 0.00

    Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar-2023 Release 1 allows attacker to access arbitrary file with system uid.

  • CVE-2023-21455Mar 16, 2023
    risk 0.00cvss epss 0.00

    Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message.

  • CVE-2023-21454Mar 16, 2023
    risk 0.00cvss epss 0.00

    Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows physical attacker to access users text history on the lockscreen.

  • CVE-2023-21453Mar 16, 2023
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in SoftSim TA prior to SMR Mar-2023 Release 1 allows local attackers access to protected data.

  • CVE-2023-21452Mar 16, 2023
    risk 0.00cvss epss 0.00

    Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device.

Page 24 of 45