Vendor CVEs
Samsung Mobile
All CVEs
2,204 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-26098 | 0.00 | — | 0.01 | Apr 11, 2022 | Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers. | |||
| CVE-2022-26097 | 0.00 | — | 0.01 | Apr 11, 2022 | Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | |||
| CVE-2022-26096 | 0.00 | — | 0.01 | Apr 11, 2022 | Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | |||
| CVE-2022-26095 | 0.00 | — | 0.01 | Apr 11, 2022 | Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | |||
| CVE-2022-26094 | 0.00 | — | 0.01 | Apr 11, 2022 | Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | |||
| CVE-2022-26093 | 0.00 | — | 0.01 | Apr 11, 2022 | Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | |||
| CVE-2022-26092 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution. | |||
| CVE-2022-26091 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that physical attackers can bypass Knox Manage using a function key of hardware keyboard. | |||
| CVE-2022-26090 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission. | |||
| CVE-2022-25833 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission. | |||
| CVE-2022-25832 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without authentication. | |||
| CVE-2022-25831 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions. | |||
| CVE-2022-25154 | 0.00 | — | 0.00 | Apr 5, 2022 | A DLL hijacking vulnerability in Samsung portable SSD T5 PC software before 1.6.9 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows 7, 10, or 11 to exploit this vulnerability.) | |||
| CVE-2021-23850 | 0.00 | — | 0.01 | Mar 30, 2022 | A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and… | |||
| CVE-2021-39790 | 0.00 | — | 0.00 | Mar 30, 2022 | In Dialer, there is a possible way to manipulate visual voicemail settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2021-27430 | 0.00 | — | 0.00 | Mar 23, 2022 | GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR. | |||
| CVE-2022-20054 | 0.00 | — | 0.00 | Mar 9, 2022 | In ims service, there is a possible AT command injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219083; Issue ID:… | |||
| CVE-2022-25830 | 0.00 | — | 0.00 | Mar 8, 2022 | Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the log | |||
| CVE-2022-25829 | 0.00 | — | 0.00 | Mar 8, 2022 | Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log | |||
| CVE-2022-25828 | 0.00 | — | 0.00 | Mar 8, 2022 | Information Exposure vulnerability in Watch Active Plugin prior to version 2.2.07.22012751 allows attacker to access password information of connected WiFiAp in the log | |||
| CVE-2022-25827 | 0.00 | — | 0.00 | Mar 8, 2022 | Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.22012751 allows attacker to access password information of connected WiFiAp in the log | |||
| CVE-2022-25826 | 0.00 | — | 0.00 | Mar 8, 2022 | Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log | |||
| CVE-2022-25825 | 0.00 | — | 0.00 | Mar 8, 2022 | Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in. | |||
| CVE-2022-25824 | 0.00 | — | 0.00 | Mar 8, 2022 | Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview. | |||
| CVE-2022-25823 | 0.00 | — | 0.00 | Mar 8, 2022 | Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.220126741 allows attackers to access user information in log. | |||
| CVE-2022-25822 | 0.00 | — | 0.00 | Mar 8, 2022 | An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash. | |||
| CVE-2022-25821 | 0.00 | — | 0.00 | Mar 8, 2022 | Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read. | |||
| CVE-2022-25820 | 0.00 | — | 0.00 | Mar 8, 2022 | A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password. | |||
| CVE-2022-25819 | 0.00 | — | 0.00 | Mar 8, 2022 | OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory. | |||
| CVE-2022-25818 | 0.00 | — | 0.00 | Mar 8, 2022 | Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution. | |||
| CVE-2022-25817 | 0.00 | — | 0.00 | Mar 8, 2022 | Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent. | |||
| CVE-2022-25816 | 0.00 | — | 0.00 | Mar 8, 2022 | Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication | |||
| CVE-2022-25815 | 0.00 | — | 0.00 | Mar 8, 2022 | PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | |||
| CVE-2022-25814 | 0.00 | — | 0.00 | Mar 8, 2022 | PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | |||
| CVE-2022-24932 | 0.00 | — | 0.00 | Mar 8, 2022 | Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard. | |||
| CVE-2022-24931 | 0.00 | — | 0.00 | Mar 8, 2022 | Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission | |||
| CVE-2022-24930 | 0.00 | — | 0.00 | Mar 8, 2022 | An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper permission | |||
| CVE-2022-24929 | 0.00 | — | 0.00 | Mar 8, 2022 | Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication. | |||
| CVE-2022-24928 | 0.00 | — | 0.00 | Mar 8, 2022 | Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP. | |||
| CVE-2022-24927 | 0.00 | — | 0.00 | Feb 11, 2022 | Improper privilege management vulnerability in Samsung Video Player prior to version 7.3.15.30 allows attackers to execute video files without permission. | |||
| CVE-2022-24926 | 0.00 | — | 0.00 | Feb 11, 2022 | Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.15-6 allows privileged attackers to trigger a XSS on a victim's devices. | |||
| CVE-2022-24925 | 0.00 | — | 0.00 | Feb 11, 2022 | Improper input validation vulnerability in SettingsProvider prior to Android S(12) allows privileged attackers to trigger a permanent denial of service attack on a victim's devices. | |||
| CVE-2022-24924 | 0.00 | — | 0.01 | Feb 11, 2022 | An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission. | |||
| CVE-2022-24003 | 0.00 | — | 0.01 | Feb 11, 2022 | Exposure of Sensitive Information vulnerability in Bixby Vision prior to version 3.7.50.6 allows attackers to access internal data of Bixby Vision via unprotected intent. | |||
| CVE-2022-24923 | 0.00 | — | 0.00 | Feb 11, 2022 | Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview. | |||
| CVE-2022-24002 | 0.00 | — | 0.01 | Feb 11, 2022 | Improper Authorization vulnerability in Link Sharing prior to version 12.4.00.3 allows attackers to open protected activity via PreconditionActivity. | |||
| CVE-2022-24001 | 0.00 | — | 0.00 | Feb 11, 2022 | Information disclosure vulnerability in Edge Panel prior to Android S(12) allows physical attackers to access screenshot in clipboard via Edge Panel. | |||
| CVE-2022-23999 | 0.00 | — | 0.00 | Feb 11, 2022 | PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. | |||
| CVE-2022-24000 | 0.00 | — | 0.00 | Feb 11, 2022 | PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. | |||
| CVE-2022-23998 | 0.00 | — | 0.01 | Feb 11, 2022 | Improper access control vulnerability in Camera prior to versions 11.1.02.16 in Android R(11), 10.5.03.77 in Android Q(10) and 9.0.6.68 in Android P(9) allows untrusted applications to take a picture in screenlock status. |
- CVE-2022-26098Apr 11, 2022risk 0.00cvss —epss 0.01
Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.
- CVE-2022-26097Apr 11, 2022risk 0.00cvss —epss 0.01
Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
- CVE-2022-26096Apr 11, 2022risk 0.00cvss —epss 0.01
Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
- CVE-2022-26095Apr 11, 2022risk 0.00cvss —epss 0.01
Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
- CVE-2022-26094Apr 11, 2022risk 0.00cvss —epss 0.01
Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
- CVE-2022-26093Apr 11, 2022risk 0.00cvss —epss 0.01
Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
- CVE-2022-26092Apr 11, 2022risk 0.00cvss —epss 0.00
Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution.
- CVE-2022-26091Apr 11, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that physical attackers can bypass Knox Manage using a function key of hardware keyboard.
- CVE-2022-26090Apr 11, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission.
- CVE-2022-25833Apr 11, 2022risk 0.00cvss —epss 0.00
Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission.
- CVE-2022-25832Apr 11, 2022risk 0.00cvss —epss 0.00
Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without authentication.
- CVE-2022-25831Apr 11, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions.
- CVE-2022-25154Apr 5, 2022risk 0.00cvss —epss 0.00
A DLL hijacking vulnerability in Samsung portable SSD T5 PC software before 1.6.9 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows 7, 10, or 11 to exploit this vulnerability.)
- CVE-2021-23850Mar 30, 2022risk 0.00cvss —epss 0.01
A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and…
- CVE-2021-39790Mar 30, 2022risk 0.00cvss —epss 0.00
In Dialer, there is a possible way to manipulate visual voicemail settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…
- CVE-2021-27430Mar 23, 2022risk 0.00cvss —epss 0.00
GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR.
- CVE-2022-20054Mar 9, 2022risk 0.00cvss —epss 0.00
In ims service, there is a possible AT command injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219083; Issue ID:…
- CVE-2022-25830Mar 8, 2022risk 0.00cvss —epss 0.00
Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the log
- CVE-2022-25829Mar 8, 2022risk 0.00cvss —epss 0.00
Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log
- CVE-2022-25828Mar 8, 2022risk 0.00cvss —epss 0.00
Information Exposure vulnerability in Watch Active Plugin prior to version 2.2.07.22012751 allows attacker to access password information of connected WiFiAp in the log
- CVE-2022-25827Mar 8, 2022risk 0.00cvss —epss 0.00
Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.22012751 allows attacker to access password information of connected WiFiAp in the log
- CVE-2022-25826Mar 8, 2022risk 0.00cvss —epss 0.00
Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log
- CVE-2022-25825Mar 8, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in.
- CVE-2022-25824Mar 8, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview.
- CVE-2022-25823Mar 8, 2022risk 0.00cvss —epss 0.00
Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.220126741 allows attackers to access user information in log.
- CVE-2022-25822Mar 8, 2022risk 0.00cvss —epss 0.00
An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash.
- CVE-2022-25821Mar 8, 2022risk 0.00cvss —epss 0.00
Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read.
- CVE-2022-25820Mar 8, 2022risk 0.00cvss —epss 0.00
A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password.
- CVE-2022-25819Mar 8, 2022risk 0.00cvss —epss 0.00
OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory.
- CVE-2022-25818Mar 8, 2022risk 0.00cvss —epss 0.00
Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution.
- CVE-2022-25817Mar 8, 2022risk 0.00cvss —epss 0.00
Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent.
- CVE-2022-25816Mar 8, 2022risk 0.00cvss —epss 0.00
Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication
- CVE-2022-25815Mar 8, 2022risk 0.00cvss —epss 0.00
PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
- CVE-2022-25814Mar 8, 2022risk 0.00cvss —epss 0.00
PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
- CVE-2022-24932Mar 8, 2022risk 0.00cvss —epss 0.00
Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard.
- CVE-2022-24931Mar 8, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission
- CVE-2022-24930Mar 8, 2022risk 0.00cvss —epss 0.00
An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper permission
- CVE-2022-24929Mar 8, 2022risk 0.00cvss —epss 0.00
Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication.
- CVE-2022-24928Mar 8, 2022risk 0.00cvss —epss 0.00
Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP.
- CVE-2022-24927Feb 11, 2022risk 0.00cvss —epss 0.00
Improper privilege management vulnerability in Samsung Video Player prior to version 7.3.15.30 allows attackers to execute video files without permission.
- CVE-2022-24926Feb 11, 2022risk 0.00cvss —epss 0.00
Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.15-6 allows privileged attackers to trigger a XSS on a victim's devices.
- CVE-2022-24925Feb 11, 2022risk 0.00cvss —epss 0.00
Improper input validation vulnerability in SettingsProvider prior to Android S(12) allows privileged attackers to trigger a permanent denial of service attack on a victim's devices.
- CVE-2022-24924Feb 11, 2022risk 0.00cvss —epss 0.01
An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission.
- CVE-2022-24003Feb 11, 2022risk 0.00cvss —epss 0.01
Exposure of Sensitive Information vulnerability in Bixby Vision prior to version 3.7.50.6 allows attackers to access internal data of Bixby Vision via unprotected intent.
- CVE-2022-24923Feb 11, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview.
- CVE-2022-24002Feb 11, 2022risk 0.00cvss —epss 0.01
Improper Authorization vulnerability in Link Sharing prior to version 12.4.00.3 allows attackers to open protected activity via PreconditionActivity.
- CVE-2022-24001Feb 11, 2022risk 0.00cvss —epss 0.00
Information disclosure vulnerability in Edge Panel prior to Android S(12) allows physical attackers to access screenshot in clipboard via Edge Panel.
- CVE-2022-23999Feb 11, 2022risk 0.00cvss —epss 0.00
PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent.
- CVE-2022-24000Feb 11, 2022risk 0.00cvss —epss 0.00
PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent.
- CVE-2022-23998Feb 11, 2022risk 0.00cvss —epss 0.01
Improper access control vulnerability in Camera prior to versions 11.1.02.16 in Android R(11), 10.5.03.77 in Android Q(10) and 9.0.6.68 in Android P(9) allows untrusted applications to take a picture in screenlock status.
Page 32 of 45