VYPR

Vendor CVEs

Samsung Mobile

All CVEs

2,204 total · sorted by risk
  • CVE-2022-39849Oct 7, 2022
    risk 0.00cvss epss 0.00

    Improper access control in knox_vpn_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data.

  • CVE-2022-39870Oct 7, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast.

  • CVE-2022-39874Oct 7, 2022
    risk 0.00cvss epss 0.00

    Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.

  • CVE-2022-39862Oct 7, 2022
    risk 0.00cvss epss 0.01

    Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api.

  • CVE-2022-39847Oct 7, 2022
    risk 0.00cvss epss 0.00

    Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions.

  • CVE-2022-39867Oct 7, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast.

  • CVE-2022-39854Oct 7, 2022
    risk 0.00cvss epss 0.00

    Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory.

  • CVE-2022-39858Oct 7, 2022
    risk 0.00cvss epss 0.00

    Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to write arbitrary file as FactoryCamera privilege.

  • CVE-2022-39859Oct 7, 2022
    risk 0.00cvss epss 0.00

    Implicit intent hijacking vulnerability in UPHelper library prior to version 3.0.12 allows attackers to access sensitive information via implicit intent.

  • CVE-2022-39855Oct 7, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices.

  • CVE-2022-39869Oct 7, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast.

  • CVE-2022-39861Oct 7, 2022
    risk 0.00cvss epss 0.00

    Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege.

  • CVE-2022-39848Oct 7, 2022
    risk 0.00cvss epss 0.00

    Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log.

  • CVE-2022-39853Oct 7, 2022
    risk 0.00cvss epss 0.00

    A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault.

  • CVE-2022-39876Oct 7, 2022
    risk 0.00cvss epss 0.00

    Insertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13 allows attacker to access device IMEI.

  • CVE-2022-39865Oct 7, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.

  • CVE-2022-39857Oct 7, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege.

  • CVE-2022-39850Oct 7, 2022
    risk 0.00cvss epss 0.00

    Improper access control in mum_container_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data.

  • CVE-2022-39878Oct 7, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Samsung Checkout prior to version 5.0.55.3 allows attackers to access sensitive information via implicit intent broadcast.

  • CVE-2022-36868Oct 7, 2022
    risk 0.00cvss epss 0.00

    Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device.

  • CVE-2022-39871Oct 7, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts.

  • CVE-2022-32591Oct 7, 2022
    risk 0.00cvss epss 0.01

    In ril, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07257259; Issue ID: ALPS07257259.

  • CVE-2022-39863Oct 7, 2022
    risk 0.00cvss epss 0.00

    Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission.

  • CVE-2022-39875Oct 7, 2022
    risk 0.00cvss epss 0.00

    Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.

  • CVE-2022-39877Oct 7, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.

  • CVE-2022-39872Oct 7, 2022
    risk 0.00cvss epss 0.00

    Improper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC address of the connected Bluetooth device.

  • CVE-2022-39873Oct 7, 2022
    risk 0.00cvss epss 0.00

    Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication.

  • CVE-2022-40757Sep 16, 2022
    risk 0.00cvss epss 0.01

    A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACComputeFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACComputeFinal with an excessive size value of messageLen.

  • CVE-2022-40758Sep 16, 2022
    risk 0.00cvss epss 0.01

    A Buffer Access with Incorrect Length Value vulnerablity in the TEE_CipherUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_CipherUpdate with an excessive size value of srcLen.

  • CVE-2022-40759Sep 16, 2022
    risk 0.00cvss epss 0.01

    A NULL pointer dereference issue in the TEE_MACCompareFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACCompareFinal with a NULL pointer for the parameter operation.

  • CVE-2022-40760Sep 16, 2022
    risk 0.00cvss epss 0.01

    A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACUpdate with an excessive size value of chunkSize.

  • CVE-2022-40761Sep 16, 2022
    risk 0.00cvss epss 0.01

    The function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_AllocateOperation with a disturbed heap layout, related to utee_cryp_obj_alloc.

  • CVE-2022-40762Sep 16, 2022
    risk 0.00cvss epss 0.01

    A Memory Allocation with Excessive Size Value vulnerablity in the TEE_Realloc function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_Realloc with an excessive number for the parameter len.

  • CVE-2022-36869Sep 9, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the file without permission.

  • CVE-2022-36855Sep 9, 2022
    risk 0.00cvss epss 0.00

    A use after free vulnerability in iva_ctl driver prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

  • CVE-2022-36851Sep 9, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device.

  • CVE-2022-36864Sep 9, 2022
    risk 0.00cvss epss 0.00

    Improper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and execute privileged behavior.

  • CVE-2022-36867Sep 9, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Editor Lite prior to version 4.0.40.14 allows attackers to access sensitive information.

  • CVE-2022-36850Sep 9, 2022
    risk 0.00cvss epss 0.00

    Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid.

  • CVE-2022-36866Sep 9, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.

  • CVE-2022-36857Sep 9, 2022
    risk 0.00cvss epss 0.00

    Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data.

  • CVE-2022-36865Sep 9, 2022
    risk 0.00cvss epss 0.00

    Improper access control in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to access device information.

  • CVE-2022-36861Sep 9, 2022
    risk 0.00cvss epss 0.00

    Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege.

  • CVE-2022-36856Sep 9, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows attacker to start emergency calls via undefined permission.

  • CVE-2022-36852Sep 9, 2022
    risk 0.00cvss epss 0.00

    Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local attacker to access internal application data.

  • CVE-2022-36853Sep 9, 2022
    risk 0.00cvss epss 0.00

    Intent redirection in Photo Editor prior to SMR Sep-2022 Release 1 allows attacker to get sensitive information.

  • CVE-2022-36848Sep 9, 2022
    risk 0.00cvss epss 0.00

    Improper Authorization vulnerability in setDualDARPolicyCmd prior to SMR Sep-2022 Release 1 allows local attackers to cause local permanent denial of service.

  • CVE-2022-36872Sep 9, 2022
    risk 0.00cvss epss 0.00

    Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.

  • CVE-2022-36873Sep 9, 2022
    risk 0.00cvss epss 0.00

    Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLinker of?Waterplugin prior to version 2.2.11.22081151 leaks MAC address of the connected Bluetooth device.

  • CVE-2022-36870Sep 9, 2022
    risk 0.00cvss epss 0.00

    Pending Intent hijacking vulnerability in MTransferNotificationManager in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.

Page 27 of 45