VYPR

Vendor CVEs

Samsung Mobile

All CVEs

2,204 total · sorted by risk
  • CVE-2021-25513Dec 8, 2021
    risk 0.00cvss epss 0.00

    An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Release 1 allows unauthorized access to some device data on the lockscreen.

  • CVE-2021-25512Dec 8, 2021
    risk 0.00cvss epss 0.00

    An improper validation vulnerability in telephony prior to SMR Dec-2021 Release 1 allows attackers to launch certain activities.

  • CVE-2021-25511Dec 8, 2021
    risk 0.00cvss epss 0.00

    An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability.

  • CVE-2021-25510Dec 8, 2021
    risk 0.00cvss epss 0.00

    An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local arbitrary code execution.

  • CVE-2021-25509Nov 5, 2021
    risk 0.00cvss epss 0.00

    A missing input validation in Samsung Flow Windows application prior to Version 4.8.5.0 allows attackers to overwrite abtraty file in the Windows known folders.

  • CVE-2021-25508Nov 5, 2021
    risk 0.00cvss epss 0.01

    Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation.

  • CVE-2021-25507Nov 5, 2021
    risk 0.00cvss epss 0.00

    Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization.

  • CVE-2021-25506Nov 5, 2021
    risk 0.00cvss epss 0.00

    Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service.

  • CVE-2021-25505Nov 5, 2021
    risk 0.00cvss epss 0.01

    Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked.

  • CVE-2021-25504Nov 5, 2021
    risk 0.00cvss epss 0.00

    Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 allows attacker to access contact information.

  • CVE-2021-25503Nov 5, 2021
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution.

  • CVE-2021-25502Nov 5, 2021
    risk 0.00cvss epss 0.00

    A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge.

  • CVE-2021-25501Nov 5, 2021
    risk 0.00cvss epss 0.00

    An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows untrusted application to call some protected providers.

  • CVE-2021-25500Nov 5, 2021
    risk 0.00cvss epss 0.00

    A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise.

  • CVE-2021-25499Oct 6, 2021
    risk 0.00cvss epss 0.00

    Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store.

  • CVE-2021-25498Oct 6, 2021
    risk 0.00cvss epss 0.00

    A possible buffer overflow vulnerability in maetd_eco_cb_mode of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution.

  • CVE-2021-25497Oct 6, 2021
    risk 0.00cvss epss 0.00

    A possible buffer overflow vulnerability in maetd_cpy_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution.

  • CVE-2021-25496Oct 6, 2021
    risk 0.00cvss epss 0.00

    A possible buffer overflow vulnerability in maetd_dec_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution.

  • CVE-2021-25495Oct 6, 2021
    risk 0.00cvss epss 0.00

    A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution.

  • CVE-2021-25494Oct 6, 2021
    risk 0.00cvss epss 0.00

    A possible buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution.

  • CVE-2021-25493Oct 6, 2021
    risk 0.00cvss epss 0.00

    Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read

  • CVE-2021-25492Oct 6, 2021
    risk 0.00cvss epss 0.00

    Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read.

  • CVE-2021-25491Oct 6, 2021
    risk 0.00cvss epss 0.00

    A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer dereference.

  • CVE-2021-25490Oct 6, 2021
    risk 0.00cvss epss 0.01

    A keyblob downgrade attack in keymaster prior to SMR Oct-2021 Release 1 allows attacker to trigger IV reuse vulnerability with privileged process.

  • CVE-2021-25488Oct 6, 2021
    risk 0.00cvss epss 0.00

    Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read.

  • CVE-2021-25486Oct 6, 2021
    risk 0.00cvss epss 0.00

    Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log.

  • CVE-2021-25485Oct 6, 2021
    risk 0.00cvss epss 0.00

    Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket.

  • CVE-2021-25484Oct 6, 2021
    risk 0.00cvss epss 0.00

    Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event.

  • CVE-2021-25483Oct 6, 2021
    risk 0.00cvss epss 0.00

    Lack of boundary checking of a buffer in livfivextractor library prior to SMR Oct-2021 Release 1 allows OOB read.

  • CVE-2021-25482Oct 6, 2021
    risk 0.00cvss epss 0.00

    SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information.

  • CVE-2021-25481Oct 6, 2021
    risk 0.00cvss epss 0.00

    An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory.

  • CVE-2021-25480Oct 6, 2021
    risk 0.00cvss epss 0.00

    A lack of replay attack protection in GUTI REALLOCATION COMMAND message process in Qualcomm modem prior to SMR Oct-2021 Release 1 can lead to remote denial of service on mobile network connection.

  • CVE-2021-25479Oct 6, 2021
    risk 0.00cvss epss 0.01

    A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.

  • CVE-2021-25478Oct 6, 2021
    risk 0.00cvss epss 0.01

    A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.

  • CVE-2021-25477Oct 6, 2021
    risk 0.00cvss epss 0.00

    An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service.

  • CVE-2021-25476Oct 6, 2021
    risk 0.00cvss epss 0.00

    An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE.

  • CVE-2021-25475Oct 6, 2021
    risk 0.00cvss epss 0.00

    A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.

  • CVE-2021-25474Oct 6, 2021
    risk 0.00cvss epss 0.00

    Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.

  • CVE-2021-25473Oct 6, 2021
    risk 0.00cvss epss 0.00

    Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.

  • CVE-2021-25472Oct 6, 2021
    risk 0.00cvss epss 0.00

    An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information.

  • CVE-2021-25471Oct 6, 2021
    risk 0.00cvss epss 0.00

    A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion.

  • CVE-2021-25470Oct 6, 2021
    risk 0.00cvss epss 0.00

    An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE.

  • CVE-2021-25469Oct 6, 2021
    risk 0.00cvss epss 0.00

    A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution.

  • CVE-2021-25468Oct 6, 2021
    risk 0.00cvss epss 0.00

    A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory address.

  • CVE-2021-25467Oct 6, 2021
    risk 0.00cvss epss 0.00

    Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library.

  • CVE-2021-25466Sep 9, 2021
    risk 0.00cvss epss 0.01

    Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token.

  • CVE-2021-25465Sep 9, 2021
    risk 0.00cvss epss 0.00

    An improper scheme check vulnerability in Samsung Themes prior to version 5.2.01 allows attackers to perform Man-in-the-middle attack.

  • CVE-2021-25464Sep 9, 2021
    risk 0.00cvss epss 0.00

    An improper file management vulnerability in SamsungCapture prior to version 4.8.02 allows sensitive information leak.

  • CVE-2021-25463Sep 9, 2021
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview.

  • CVE-2021-25462Sep 9, 2021
    risk 0.00cvss epss 0.00

    NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.

Page 34 of 45