VYPR

Vendor CVEs

Samsung Mobile

All CVEs

2,204 total · sorted by risk
  • CVE-2022-26098Apr 11, 2022
    risk 0.00cvss epss 0.01

    Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.

  • CVE-2022-26097Apr 11, 2022
    risk 0.00cvss epss 0.01

    Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.

  • CVE-2022-26096Apr 11, 2022
    risk 0.00cvss epss 0.01

    Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.

  • CVE-2022-26095Apr 11, 2022
    risk 0.00cvss epss 0.01

    Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.

  • CVE-2022-26094Apr 11, 2022
    risk 0.00cvss epss 0.01

    Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.

  • CVE-2022-26093Apr 11, 2022
    risk 0.00cvss epss 0.01

    Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.

  • CVE-2022-26092Apr 11, 2022
    risk 0.00cvss epss 0.00

    Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution.

  • CVE-2022-26091Apr 11, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that physical attackers can bypass Knox Manage using a function key of hardware keyboard.

  • CVE-2022-26090Apr 11, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission.

  • CVE-2022-25833Apr 11, 2022
    risk 0.00cvss epss 0.00

    Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission.

  • CVE-2022-25832Apr 11, 2022
    risk 0.00cvss epss 0.00

    Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without authentication.

  • CVE-2022-25831Apr 11, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions.

  • CVE-2022-25154Apr 5, 2022
    risk 0.00cvss epss 0.00

    A DLL hijacking vulnerability in Samsung portable SSD T5 PC software before 1.6.9 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows 7, 10, or 11 to exploit this vulnerability.)

  • CVE-2021-23850Mar 30, 2022
    risk 0.00cvss epss 0.01

    A specially crafted TCP/IP packet may cause a camera recovery image telnet interface to crash. It may also cause a buffer overflow which could enable remote code execution. The recovery image can only be booted with administrative rights or with physical access to the camera and…

  • CVE-2021-39790Mar 30, 2022
    risk 0.00cvss epss 0.00

    In Dialer, there is a possible way to manipulate visual voicemail settings due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-27430Mar 23, 2022
    risk 0.00cvss epss 0.00

    GE UR bootloader binary Version 7.00, 7.01 and 7.02 included unused hardcoded credentials. Additionally, a user with physical access to the UR IED can interrupt the boot sequence by rebooting the UR.

  • CVE-2022-20054Mar 9, 2022
    risk 0.00cvss epss 0.00

    In ims service, there is a possible AT command injection due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06219083; Issue ID:…

  • CVE-2022-25830Mar 8, 2022
    risk 0.00cvss epss 0.00

    Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the log

  • CVE-2022-25829Mar 8, 2022
    risk 0.00cvss epss 0.00

    Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log

  • CVE-2022-25828Mar 8, 2022
    risk 0.00cvss epss 0.00

    Information Exposure vulnerability in Watch Active Plugin prior to version 2.2.07.22012751 allows attacker to access password information of connected WiFiAp in the log

  • CVE-2022-25827Mar 8, 2022
    risk 0.00cvss epss 0.00

    Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.22012751 allows attacker to access password information of connected WiFiAp in the log

  • CVE-2022-25826Mar 8, 2022
    risk 0.00cvss epss 0.00

    Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log

  • CVE-2022-25825Mar 8, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in.

  • CVE-2022-25824Mar 8, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in BixbyTouch prior to version 2.2.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview.

  • CVE-2022-25823Mar 8, 2022
    risk 0.00cvss epss 0.00

    Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.220126741 allows attackers to access user information in log.

  • CVE-2022-25822Mar 8, 2022
    risk 0.00cvss epss 0.00

    An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash.

  • CVE-2022-25821Mar 8, 2022
    risk 0.00cvss epss 0.00

    Improper use of SMS buffer pointer in Shannon baseband prior to SMR Mar-2022 Release 1 allows OOB read.

  • CVE-2022-25820Mar 8, 2022
    risk 0.00cvss epss 0.00

    A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password.

  • CVE-2022-25819Mar 8, 2022
    risk 0.00cvss epss 0.00

    OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory.

  • CVE-2022-25818Mar 8, 2022
    risk 0.00cvss epss 0.00

    Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution.

  • CVE-2022-25817Mar 8, 2022
    risk 0.00cvss epss 0.00

    Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent.

  • CVE-2022-25816Mar 8, 2022
    risk 0.00cvss epss 0.00

    Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication

  • CVE-2022-25815Mar 8, 2022
    risk 0.00cvss epss 0.00

    PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.

  • CVE-2022-25814Mar 8, 2022
    risk 0.00cvss epss 0.00

    PendingIntent hijacking vulnerability in Wearable Manager Installer prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.

  • CVE-2022-24932Mar 8, 2022
    risk 0.00cvss epss 0.00

    Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard.

  • CVE-2022-24931Mar 8, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission

  • CVE-2022-24930Mar 8, 2022
    risk 0.00cvss epss 0.00

    An Improper access control vulnerability in StRetailModeReceiver in Wear OS 3.0 prior to Firmware update MAR-2022 Release allows untrusted applications to reset default app settings without a proper permission

  • CVE-2022-24929Mar 8, 2022
    risk 0.00cvss epss 0.00

    Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication.

  • CVE-2022-24928Mar 8, 2022
    risk 0.00cvss epss 0.00

    Security misconfiguration of RKP in kernel prior to SMR Mar-2022 Release 1 allows a system not to be protected by RKP.

  • CVE-2022-24927Feb 11, 2022
    risk 0.00cvss epss 0.00

    Improper privilege management vulnerability in Samsung Video Player prior to version 7.3.15.30 allows attackers to execute video files without permission.

  • CVE-2022-24926Feb 11, 2022
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.15-6 allows privileged attackers to trigger a XSS on a victim's devices.

  • CVE-2022-24925Feb 11, 2022
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in SettingsProvider prior to Android S(12) allows privileged attackers to trigger a permanent denial of service attack on a victim's devices.

  • CVE-2022-24924Feb 11, 2022
    risk 0.00cvss epss 0.01

    An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission.

  • CVE-2022-24003Feb 11, 2022
    risk 0.00cvss epss 0.01

    Exposure of Sensitive Information vulnerability in Bixby Vision prior to version 3.7.50.6 allows attackers to access internal data of Bixby Vision via unprotected intent.

  • CVE-2022-24923Feb 11, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview.

  • CVE-2022-24002Feb 11, 2022
    risk 0.00cvss epss 0.01

    Improper Authorization vulnerability in Link Sharing prior to version 12.4.00.3 allows attackers to open protected activity via PreconditionActivity.

  • CVE-2022-24001Feb 11, 2022
    risk 0.00cvss epss 0.00

    Information disclosure vulnerability in Edge Panel prior to Android S(12) allows physical attackers to access screenshot in clipboard via Edge Panel.

  • CVE-2022-23999Feb 11, 2022
    risk 0.00cvss epss 0.00

    PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent.

  • CVE-2022-24000Feb 11, 2022
    risk 0.00cvss epss 0.00

    PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent.

  • CVE-2022-23998Feb 11, 2022
    risk 0.00cvss epss 0.01

    Improper access control vulnerability in Camera prior to versions 11.1.02.16 in Android R(11), 10.5.03.77 in Android Q(10) and 9.0.6.68 in Android P(9) allows untrusted applications to take a picture in screenlock status.

Page 32 of 45