VYPR

Vendor CVEs

Samsung Mobile

All CVEs

2,204 total · sorted by risk
  • CVE-2021-25386Jun 11, 2021
    risk 0.00cvss epss 0.01

    An improper input validation vulnerability in sdfffd_parse_chunk_FVER() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

  • CVE-2021-25383Jun 11, 2021
    risk 0.00cvss epss 0.01

    An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

  • CVE-2021-25385Jun 11, 2021
    risk 0.00cvss epss 0.01

    An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

  • CVE-2021-25387Jun 11, 2021
    risk 0.00cvss epss 0.01

    An improper input validation vulnerability in sflacfd_get_frm() in libsflacextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

  • CVE-2021-25384Jun 11, 2021
    risk 0.00cvss epss 0.01

    An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

  • CVE-2021-25389Jun 11, 2021
    risk 0.00cvss epss 0.00

    Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication.

  • CVE-2021-25388Jun 11, 2021
    risk 0.00cvss epss 0.00

    Improper caller check vulnerability in Knox Core prior to SMR MAY-2021 Release 1 allows attackers to install arbitrary app.

  • CVE-2021-25422Jun 11, 2021
    risk 0.00cvss epss 0.00

    Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.

  • CVE-2021-25423Jun 11, 2021
    risk 0.00cvss epss 0.00

    Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log.

  • CVE-2021-25425Jun 11, 2021
    risk 0.00cvss epss 0.01

    Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component.

  • CVE-2021-25421Jun 11, 2021
    risk 0.00cvss epss 0.00

    Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.

  • CVE-2021-25420Jun 11, 2021
    risk 0.00cvss epss 0.00

    Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.

  • CVE-2021-25418Jun 11, 2021
    risk 0.00cvss epss 0.00

    Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition.

  • CVE-2021-25415Jun 11, 2021
    risk 0.00cvss epss 0.00

    Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable.

  • CVE-2021-25416Jun 11, 2021
    risk 0.00cvss epss 0.00

    Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area.

  • CVE-2021-25413Jun 11, 2021
    risk 0.00cvss epss 0.00

    Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege.

  • CVE-2021-25417Jun 11, 2021
    risk 0.00cvss epss 0.00

    Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage.

  • CVE-2021-25414Jun 11, 2021
    risk 0.00cvss epss 0.00

    Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary files with Samsung Contacts privilege.

  • CVE-2021-25412Jun 11, 2021
    risk 0.00cvss epss 0.00

    An improper access control vulnerability in genericssoservice prior to SMR JUN-2021 Release 1 allows local attackers to execute protected activity with system privilege via untrusted applications.

  • CVE-2021-25419Jun 11, 2021
    risk 0.00cvss epss 0.01

    Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link.

  • CVE-2021-25407Jun 11, 2021
    risk 0.00cvss epss 0.00

    A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write.

  • CVE-2021-25409Jun 11, 2021
    risk 0.00cvss epss 0.00

    Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device.

  • CVE-2021-25410Jun 11, 2021
    risk 0.00cvss epss 0.00

    Improper access control of a component in CallBGProvider prior to SMR JUN-2021 Release 1 allows local attackers to access arbitrary files with an escalated privilege.

  • CVE-2021-25411Jun 11, 2021
    risk 0.00cvss epss 0.00

    Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory.

  • CVE-2021-25408Jun 11, 2021
    risk 0.00cvss epss 0.00

    A possible buffer overflow vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write and code execution.

  • CVE-2021-25382Apr 23, 2021
    risk 0.00cvss epss 0.00

    An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command.

  • CVE-2021-25381Apr 9, 2021
    risk 0.00cvss epss 0.00

    Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.

  • CVE-2021-25380Apr 9, 2021
    risk 0.00cvss epss 0.01

    Improper handling of exceptional conditions in Bixby prior to version 3.0.53.02 allows attacker to execute the actions registered by the user.

  • CVE-2021-25378Apr 9, 2021
    risk 0.00cvss epss 0.01

    Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service.

  • CVE-2021-25377Apr 9, 2021
    risk 0.00cvss epss 0.00

    Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attacker to execute privileged action.

  • CVE-2021-25376Apr 9, 2021
    risk 0.00cvss epss 0.01

    An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed.

  • CVE-2021-25375Apr 9, 2021
    risk 0.00cvss epss 0.01

    Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment.

  • CVE-2021-25373Apr 9, 2021
    risk 0.00cvss epss 0.00

    Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local attackers to perform unauthorized action without permission via hijacking the…

  • CVE-2021-25365Apr 9, 2021
    risk 0.00cvss epss 0.00

    An improper exception control in softsimd prior to SMR APR-2021 Release 1 allows unprivileged applications to access the API in softsimd.

  • CVE-2021-25364Apr 9, 2021
    risk 0.00cvss epss 0.00

    A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information.

  • CVE-2021-25363Apr 9, 2021
    risk 0.00cvss epss 0.00

    An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files.

  • CVE-2021-25362Apr 9, 2021
    risk 0.00cvss epss 0.00

    An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local files.

  • CVE-2021-25361Apr 9, 2021
    risk 0.00cvss epss 0.00

    An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications.

  • CVE-2021-25360Apr 9, 2021
    risk 0.00cvss epss 0.01

    An improper input validation vulnerability in libswmfextractor library prior to SMR APR-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.

  • CVE-2021-25359Apr 9, 2021
    risk 0.00cvss epss 0.00

    An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications.

  • CVE-2021-25358Apr 9, 2021
    risk 0.00cvss epss 0.00

    A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications.

  • CVE-2021-25357Apr 9, 2021
    risk 0.00cvss epss 0.00

    A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged applications to access contact information.

  • CVE-2021-25356Apr 9, 2021
    risk 0.00cvss epss 0.00

    An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application.

  • CVE-2021-30162Apr 6, 2021
    risk 0.00cvss epss 0.00

    An issue was discovered on LG mobile devices with Android OS 4.4 through 11 software. Attackers can leverage ISMS services to bypass access control on specific content providers. The LG ID is LVE-SMP-210003 (April 2021).

  • CVE-2021-25368Mar 25, 2021
    risk 0.00cvss epss 0.01

    Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed.

  • CVE-2021-25367Mar 25, 2021
    risk 0.00cvss epss 0.01

    Path Traversal vulnerability in Samsung Notes prior to version 4.2.00.22 allows attackers to access local files without permission.

  • CVE-2021-25366Mar 25, 2021
    risk 0.00cvss epss 0.00

    Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate attackers to bypass the secret mode's authentication.

  • CVE-2021-25355Mar 25, 2021
    risk 0.00cvss epss 0.00

    Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 allows local attackers unauthorized action without permission via hijacking the PendingIntent.

  • CVE-2021-25354Mar 25, 2021
    risk 0.00cvss epss 0.00

    Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink.

  • CVE-2021-25353Mar 25, 2021
    risk 0.00cvss epss 0.00

    Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.1215 allows local attackers to read/write private file directories of Galaxy Themes application without permission via hijacking the PendingIntent.

Page 36 of 45