VYPR

Vendor CVEs

Samsung Mobile

All CVEs

2,204 total · sorted by risk
  • CVE-2021-25461Sep 9, 2021
    risk 0.00cvss epss 0.00

    An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow.

  • CVE-2021-25460Sep 9, 2021
    risk 0.00cvss epss 0.00

    An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService.

  • CVE-2021-25459Sep 9, 2021
    risk 0.00cvss epss 0.00

    An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService.

  • CVE-2021-25458Sep 9, 2021
    risk 0.00cvss epss 0.00

    NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.

  • CVE-2021-25457Sep 9, 2021
    risk 0.00cvss epss 0.00

    An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information.

  • CVE-2021-25456Sep 9, 2021
    risk 0.00cvss epss 0.00

    OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.

  • CVE-2021-25455Sep 9, 2021
    risk 0.00cvss epss 0.00

    OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.

  • CVE-2021-25454Sep 9, 2021
    risk 0.00cvss epss 0.00

    OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.

  • CVE-2021-25453Sep 9, 2021
    risk 0.00cvss epss 0.00

    Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.

  • CVE-2021-25452Sep 9, 2021
    risk 0.00cvss epss 0.00

    An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device.

  • CVE-2021-25451Sep 9, 2021
    risk 0.00cvss epss 0.00

    A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.

  • CVE-2021-25450Sep 9, 2021
    risk 0.00cvss epss 0.00

    Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket.

  • CVE-2021-25449Sep 9, 2021
    risk 0.00cvss epss 0.00

    An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.

  • CVE-2021-39373Sep 1, 2021
    risk 0.00cvss epss 0.00

    Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers to bypass intended access controls on disk management. WideCharToMultiByte, WideCharStr, and MultiByteStr can contribute to password exposure.

  • CVE-2021-25448Aug 5, 2021
    risk 0.00cvss epss 0.01

    Improper access control vulnerability in Smart Touch Call prior to version 1.0.0.5 allows arbitrary webpage loading in webview.

  • CVE-2021-25447Aug 5, 2021
    risk 0.00cvss epss 0.01

    Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview.

  • CVE-2021-25446Aug 5, 2021
    risk 0.00cvss epss 0.01

    Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview.

  • CVE-2021-25445Aug 5, 2021
    risk 0.00cvss epss 0.01

    Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted application to access internal files in Samsung Internet.

  • CVE-2021-25444Aug 5, 2021
    risk 0.00cvss epss 0.01

    An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process.

  • CVE-2021-25443Aug 5, 2021
    risk 0.00cvss epss 0.00

    A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker.

  • CVE-2021-25442Jul 8, 2021
    risk 0.00cvss epss 0.01

    Improper MDM policy management vulnerability in KME module prior to KCS version 1.39 allows MDM users to bypass Knox Manage authentication.

  • CVE-2021-25441Jul 8, 2021
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in AR Emoji Editor prior to version 4.4.03.5 in Android Q(10.0) and above allows untrusted applications to access arbitrary files with an escalated privilege.

  • CVE-2021-25440Jul 8, 2021
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege.

  • CVE-2021-25439Jul 8, 2021
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview.

  • CVE-2021-25438Jul 8, 2021
    risk 0.00cvss epss 0.02

    Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview.

  • CVE-2021-25437Jul 8, 2021
    risk 0.00cvss epss 0.02

    Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows attackers to arbitrary code execution by replacing FOTA update file.

  • CVE-2021-25436Jul 8, 2021
    risk 0.00cvss epss 0.02

    Improper input validation vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows arbitrary code execution via Samsung Accessory Protocol.

  • CVE-2021-25435Jul 8, 2021
    risk 0.00cvss epss 0.02

    Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using recovery partition in wireless firmware download mode.

  • CVE-2021-25434Jul 8, 2021
    risk 0.00cvss epss 0.02

    Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using param partition in wireless firmware download mode.

  • CVE-2021-25432Jul 8, 2021
    risk 0.00cvss epss 0.00

    Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data.

  • CVE-2021-25431Jul 8, 2021
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Cameralyzer prior to versions 3.2.1041 in 3.2.x, 3.3.1040 in 3.3.x, and 3.4.4210 in 3.4.x allows untrusted applications to access some functions of Cameralyzer.

  • CVE-2021-25430Jul 8, 2021
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.

  • CVE-2021-25429Jul 8, 2021
    risk 0.00cvss epss 0.00

    Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.

  • CVE-2021-25428Jul 8, 2021
    risk 0.00cvss epss 0.00

    Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances.

  • CVE-2021-25427Jul 8, 2021
    risk 0.00cvss epss 0.00

    SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access to paired device information

  • CVE-2021-25426Jul 8, 2021
    risk 0.00cvss epss 0.01

    Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files.

  • CVE-2021-25403Jun 11, 2021
    risk 0.00cvss epss 0.00

    Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component.

  • CVE-2021-25400Jun 11, 2021
    risk 0.00cvss epss 0.00

    Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action.

  • CVE-2021-25404Jun 11, 2021
    risk 0.00cvss epss 0.00

    Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log.

  • CVE-2021-25406Jun 11, 2021
    risk 0.00cvss epss 0.00

    Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information.

  • CVE-2021-25401Jun 11, 2021
    risk 0.00cvss epss 0.00

    Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action.

  • CVE-2021-25402Jun 11, 2021
    risk 0.00cvss epss 0.00

    Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information.

  • CVE-2021-25405Jun 11, 2021
    risk 0.00cvss epss 0.00

    An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files.

  • CVE-2021-25392Jun 11, 2021
    risk 0.00cvss epss 0.00

    Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path.

  • CVE-2021-25397Jun 11, 2021
    risk 0.00cvss epss 0.00

    An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.

  • CVE-2021-25391Jun 11, 2021
    risk 0.00cvss epss 0.00

    Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.

  • CVE-2021-25398Jun 11, 2021
    risk 0.00cvss epss 0.00

    Intent redirection vulnerability in Bixby Voice prior to version 3.1.12 allows attacker to access contacts.

  • CVE-2021-25393Jun 11, 2021
    risk 0.00cvss epss 0.00

    Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data.

  • CVE-2021-25396Jun 11, 2021
    risk 0.00cvss epss 0.00

    An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution.

  • CVE-2021-25390Jun 11, 2021
    risk 0.00cvss epss 0.00

    Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.

Page 35 of 45