VYPR

Vendor CVEs

Samsung Mobile

All CVEs

2,204 total · sorted by risk
  • CVE-2022-23994Feb 11, 2022
    risk 0.00cvss epss 0.00

    An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission.

  • CVE-2022-23995Feb 11, 2022
    risk 0.00cvss epss 0.00

    Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission.

  • CVE-2022-23434Feb 11, 2022
    risk 0.00cvss epss 0.00

    A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modifying the intent.

  • CVE-2022-23433Feb 11, 2022
    risk 0.00cvss epss 0.01

    Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities remotely.

  • CVE-2022-23432Feb 11, 2022
    risk 0.00cvss epss 0.00

    An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.

  • CVE-2022-23431Feb 11, 2022
    risk 0.00cvss epss 0.00

    An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.

  • CVE-2022-23429Feb 11, 2022
    risk 0.00cvss epss 0.00

    An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application crash.

  • CVE-2022-23428Feb 11, 2022
    risk 0.00cvss epss 0.00

    An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.

  • CVE-2022-23427Feb 11, 2022
    risk 0.00cvss epss 0.00

    PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent.

  • CVE-2022-23425Feb 11, 2022
    risk 0.00cvss epss 0.00

    Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station.

  • CVE-2022-23426Feb 11, 2022
    risk 0.00cvss epss 0.00

    A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege.

  • CVE-2022-22292Feb 11, 2022
    risk 0.00cvss epss 0.00

    Unprotected dynamic receiver in Telecom prior to SMR Feb-2022 Release 1 allows untrusted applications to launch arbitrary activity.

  • CVE-2022-22291Feb 11, 2022
    risk 0.00cvss epss 0.00

    Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device.

  • CVE-2022-20036Feb 9, 2022
    risk 0.00cvss epss 0.00

    In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171689; Issue ID:…

  • CVE-2022-20037Feb 9, 2022
    risk 0.00cvss epss 0.00

    In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS06171705; Issue ID:…

  • CVE-2022-20017Feb 9, 2022
    risk 0.00cvss epss 0.00

    In ion driver, there is a possible information disclosure due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05862991; Issue ID:…

  • CVE-2022-22290Jan 14, 2022
    risk 0.00cvss epss 0.01

    Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page.

  • CVE-2022-22289Jan 7, 2022
    risk 0.00cvss epss 0.01

    Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotely get senstive information.

  • CVE-2022-22287Jan 7, 2022
    risk 0.00cvss epss 0.00

    Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isolated data in sandbox.

  • CVE-2022-22288Jan 7, 2022
    risk 0.00cvss epss 0.01

    Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist.

  • CVE-2022-22286Jan 7, 2022
    risk 0.00cvss epss 0.00

    A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0) allows attackers to execute privileged action by hijacking and modifying the intent.

  • CVE-2022-22285Jan 7, 2022
    risk 0.00cvss epss 0.00

    A vulnerability using PendingIntent in Reminder prior to version 12.2.05.0 in Android R(11.0) and 12.3.02.1000 in Android S(12.0) allows attackers to execute privileged action by hijacking and modifying the intent.

  • CVE-2022-22283Jan 7, 2022
    risk 0.00cvss epss 0.00

    Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging out from Samsung Health App.

  • CVE-2022-22284Jan 7, 2022
    risk 0.00cvss epss 0.00

    Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication

  • CVE-2022-22271Jan 7, 2022
    risk 0.00cvss epss 0.00

    A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory.

  • CVE-2022-22270Jan 7, 2022
    risk 0.00cvss epss 0.00

    An implicit Intent hijacking vulnerability in Dialer prior to SMR Jan-2022 Release 1 allows unprivileged applications to access contact information.

  • CVE-2022-22269Jan 7, 2022
    risk 0.00cvss epss 0.00

    Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address.

  • CVE-2022-22272Jan 7, 2022
    risk 0.00cvss epss 0.00

    Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission

  • CVE-2022-22267Jan 7, 2022
    risk 0.00cvss epss 0.00

    Implicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running application information.

  • CVE-2022-22268Jan 7, 2022
    risk 0.00cvss epss 0.00

    Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode.

  • CVE-2022-22264Jan 7, 2022
    risk 0.00cvss epss 0.00

    Improper sanitization of incoming intent in Dressroom prior to SMR Jan-2022 Release 1 allows local attackers to read and write arbitrary files without permission.

  • CVE-2022-22266Jan 7, 2022
    risk 0.00cvss epss 0.00

    (Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allows untrusted applications to get WiFi information without proper permission.

  • CVE-2022-22263Jan 7, 2022
    risk 0.00cvss epss 0.00

    Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity.

  • CVE-2020-9061Jan 7, 2022
    risk 0.00cvss epss 0.01

    Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed…

  • CVE-2021-42913Dec 20, 2021
    risk 0.00cvss epss 0.02

    The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. Authentication is not required.

  • CVE-2021-44041Dec 14, 2021
    risk 0.00cvss epss 0.02

    UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to execute code on a victim's machine or capture NTLM credentials by supplying a…

  • CVE-2021-44042Dec 14, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in UiPath Assistant 21.4.4. User-controlled data supplied to the --process-start argument of the URI handler for uipath-assistant:// is not correctly encoded, resulting in attacker-controlled content being injected into the error message displayed (when…

  • CVE-2021-25527Dec 8, 2021
    risk 0.00cvss epss 0.00

    Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication.

  • CVE-2021-25526Dec 8, 2021
    risk 0.00cvss epss 0.00

    Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action.

  • CVE-2021-25525Dec 8, 2021
    risk 0.00cvss epss 0.00

    Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition.

  • CVE-2021-25523Dec 8, 2021
    risk 0.00cvss epss 0.00

    Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID.

  • CVE-2021-25522Dec 8, 2021
    risk 0.00cvss epss 0.00

    Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 allows attacker to access victim's captured images without permission.

  • CVE-2021-25521Dec 8, 2021
    risk 0.00cvss epss 0.00

    Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet.

  • CVE-2021-25520Dec 8, 2021
    risk 0.00cvss epss 0.00

    Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet.

  • CVE-2021-25519Dec 8, 2021
    risk 0.00cvss epss 0.00

    An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission.

  • CVE-2021-25518Dec 8, 2021
    risk 0.00cvss epss 0.00

    An improper boundary check in secure_log of LDFW and BL31 prior to SMR Dec-2021 Release 1 allows arbitrary memory write and code execution.

  • CVE-2021-25517Dec 8, 2021
    risk 0.00cvss epss 0.00

    An improper input validation vulnerability in LDFW prior to SMR Dec-2021 Release 1 allows attackers to perform arbitrary code execution.

  • CVE-2021-25516Dec 8, 2021
    risk 0.00cvss epss 0.00

    An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations.

  • CVE-2021-25515Dec 8, 2021
    risk 0.00cvss epss 0.00

    An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID.

  • CVE-2021-25514Dec 8, 2021
    risk 0.00cvss epss 0.00

    An improper intent redirection handling in Tags prior to SMR Dec-2021 Release 1 allows attackers to access sensitive information.

Page 33 of 45