VYPR

Vendor CVEs

Samsung Mobile

All CVEs

2,204 total · sorted by risk
  • CVE-2022-36834Aug 5, 2022
    risk 0.00cvss epss 0.00

    Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interaction.

  • CVE-2022-33714Aug 5, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot.

  • CVE-2022-33718Aug 5, 2022
    risk 0.00cvss epss 0.00

    An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data.

  • CVE-2022-33715Aug 5, 2022
    risk 0.00cvss epss 0.00

    Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI.

  • CVE-2022-36837Aug 5, 2022
    risk 0.00cvss epss 0.00

    Intent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows attacker to get sensitive information.

  • CVE-2022-36838Aug 5, 2022
    risk 0.00cvss epss 0.00

    Implicit Intent hijacking vulnerability in Galaxy Wearable prior to version 2.2.50 allows attacker to get sensitive information.

  • CVE-2022-33725Aug 5, 2022
    risk 0.00cvss epss 0.00

    A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege.

  • CVE-2022-33717Aug 5, 2022
    risk 0.00cvss epss 0.00

    A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory.

  • CVE-2022-33716Aug 5, 2022
    risk 0.00cvss epss 0.00

    An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory.

  • CVE-2022-36831Aug 5, 2022
    risk 0.00cvss epss 0.00

    Path traversal vulnerability in UriFileUtils of Samsung Notes prior to version 4.3.14.39 allows attacker to access some file as Samsung Notes permission.

  • CVE-2022-33728Aug 5, 2022
    risk 0.00cvss epss 0.00

    Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal.

  • CVE-2022-33729Aug 5, 2022
    risk 0.00cvss epss 0.00

    Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connected Bluetooth device.

  • CVE-2022-33727Aug 5, 2022
    risk 0.00cvss epss 0.00

    A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.

  • CVE-2022-33723Aug 5, 2022
    risk 0.00cvss epss 0.00

    A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.

  • CVE-2022-36835Aug 5, 2022
    risk 0.00cvss epss 0.00

    Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allows attackers to access arbitrary files.

  • CVE-2022-35858Aug 4, 2022
    risk 0.00cvss epss 0.00

    The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by invoking the function TEE_PopulateTransientObject with a large number in the…

  • CVE-2022-33707Jul 11, 2022
    risk 0.00cvss epss 0.01

    Improper identifier creation logic in Find My Mobile prior to version 7.2.24.12 allows attacker to identify the device.

  • CVE-2022-33713Jul 11, 2022
    risk 0.00cvss epss 0.01

    Implicit Intent hijacking vulnerability in Samsung Cloud prior to version 5.2.0 allows attacker to get sensitive information.

  • CVE-2022-33706Jul 11, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture.

  • CVE-2022-33711Jul 11, 2022
    risk 0.00cvss epss 0.00

    Improper validation of integrity check vulnerability in Samsung USB Driver Windows Installer for Mobile Phones prior to version 1.7.56.0 allows local attackers to delete arbitrary directory using directory junction.

  • CVE-2022-33712Jul 11, 2022
    risk 0.00cvss epss 0.01

    Intent redirection vulnerability using implict intent in Camera prior to versions 12.0.01.64 ,12.0.3.23, 12.0.0.98, 12.0.6.11, 12.0.3.19 in Android S(12) allows attacker to get sensitive information.

  • CVE-2022-33710Jul 11, 2022
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.

  • CVE-2022-33709Jul 11, 2022
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.

  • CVE-2022-33708Jul 11, 2022
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.

  • CVE-2022-33704Jul 11, 2022
    risk 0.00cvss epss 0.00

    Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities.

  • CVE-2022-33703Jul 11, 2022
    risk 0.00cvss epss 0.00

    Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities.

  • CVE-2022-33702Jul 11, 2022
    risk 0.00cvss epss 0.00

    Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset.

  • CVE-2022-33701Jul 11, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by sending braodcast intent.

  • CVE-2022-33700Jul 11, 2022
    risk 0.00cvss epss 0.00

    Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.

  • CVE-2022-33699Jul 11, 2022
    risk 0.00cvss epss 0.00

    Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.

  • CVE-2022-33698Jul 11, 2022
    risk 0.00cvss epss 0.00

    Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log.

  • CVE-2022-33697Jul 11, 2022
    risk 0.00cvss epss 0.00

    Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log.

  • CVE-2022-33696Jul 11, 2022
    risk 0.00cvss epss 0.00

    Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.

  • CVE-2022-33695Jul 11, 2022
    risk 0.00cvss epss 0.00

    Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service.

  • CVE-2022-33694Jul 11, 2022
    risk 0.00cvss epss 0.00

    Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unprotected intent broadcasting.

  • CVE-2022-33693Jul 11, 2022
    risk 0.00cvss epss 0.00

    Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.

  • CVE-2022-33692Jul 11, 2022
    risk 0.00cvss epss 0.00

    Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.

  • CVE-2022-33691Jul 11, 2022
    risk 0.00cvss epss 0.00

    A possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow local attackers to interleave malicious operations.

  • CVE-2022-33690Jul 11, 2022
    risk 0.00cvss epss 0.00

    Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file.

  • CVE-2022-33689Jul 11, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attackers to change preferred network type by unprotected binder call.

  • CVE-2022-33688Jul 11, 2022
    risk 0.00cvss epss 0.00

    Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log.

  • CVE-2022-33687Jul 11, 2022
    risk 0.00cvss epss 0.00

    Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log.

  • CVE-2022-33686Jul 11, 2022
    risk 0.00cvss epss 0.00

    Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.

  • CVE-2022-33685Jul 11, 2022
    risk 0.00cvss epss 0.00

    Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information.

  • CVE-2022-30758Jul 11, 2022
    risk 0.00cvss epss 0.00

    Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder.

  • CVE-2022-30757Jul 11, 2022
    risk 0.00cvss epss 0.00

    Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission.

  • CVE-2022-30756Jul 11, 2022
    risk 0.00cvss epss 0.00

    Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of Finder.

  • CVE-2022-30755Jul 11, 2022
    risk 0.00cvss epss 0.00

    Improper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker to bypass password confirm activity by hijacking the implicit intent.

  • CVE-2022-30754Jul 11, 2022
    risk 0.00cvss epss 0.00

    Implicit Intent hijacking vulnerability in AppLinker prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of AppLinker.

  • CVE-2022-30753Jul 11, 2022
    risk 0.00cvss epss 0.00

    Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission.

Page 29 of 45