VYPR

Vendor CVEs

Samsung Mobile

All CVEs

2,204 total · sorted by risk
  • CVE-2021-25352Mar 25, 2021
    risk 0.00cvss epss 0.00

    Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent.

  • CVE-2021-25351Mar 25, 2021
    risk 0.00cvss epss 0.00

    Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password.

  • CVE-2021-25350Mar 25, 2021
    risk 0.00cvss epss 0.00

    Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log.

  • CVE-2021-25349Mar 25, 2021
    risk 0.00cvss epss 0.00

    Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via hijacking the PendingIntent.

  • CVE-2021-25348Mar 4, 2021
    risk 0.00cvss epss 0.00

    Improper permission grant check in Samsung Internet prior to version 13.0.1.60 allows access to files in internal storage without authorized STORAGE permission.

  • CVE-2021-25346Mar 4, 2021
    risk 0.00cvss epss 0.01

    A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution.

  • CVE-2021-25347Mar 4, 2021
    risk 0.00cvss epss 0.00

    Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows attackers to intercept when the provider is executed.

  • CVE-2021-25345Mar 4, 2021
    risk 0.00cvss epss 0.00

    Graphic format mismatch while converting video format in hwcomposer prior to SMR Mar-2021 Release 1 results in kernel panic due to unsupported format.

  • CVE-2021-25344Mar 4, 2021
    risk 0.00cvss epss 0.00

    Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission.

  • CVE-2021-25343Mar 4, 2021
    risk 0.00cvss epss 0.00

    Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider.

  • CVE-2021-25342Mar 4, 2021
    risk 0.00cvss epss 0.00

    Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider.

  • CVE-2021-25341Mar 4, 2021
    risk 0.00cvss epss 0.00

    Calling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actions including denial of service attack by hijacking the provider.

  • CVE-2021-25340Mar 4, 2021
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Samsung keyboard version prior to SMR Feb-2021 Release 1 allows physically proximate attackers to change in arbitrary settings during Initialization State.

  • CVE-2021-25339Mar 4, 2021
    risk 0.00cvss epss 0.00

    Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory.

  • CVE-2021-25338Mar 4, 2021
    risk 0.00cvss epss 0.00

    Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to write certain part of RKP EL2 memory region.

  • CVE-2021-25336Mar 4, 2021
    risk 0.00cvss epss 0.00

    Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted malicious intent.

  • CVE-2021-25335Mar 4, 2021
    risk 0.00cvss epss 0.00

    Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscreen in specific condition.

  • CVE-2021-25334Mar 4, 2021
    risk 0.00cvss epss 0.00

    Improper input check in wallpaper service in Samsung mobile devices prior to SMR Feb-2021 Release 1 allows untrusted application to cause permanent denial of service.

  • CVE-2021-25333Mar 4, 2021
    risk 0.00cvss epss 0.00

    Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code.

  • CVE-2021-25332Mar 4, 2021
    risk 0.00cvss epss 0.00

    Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to contacts information over the lockscreen in specific condition.

  • CVE-2021-25331Mar 4, 2021
    risk 0.00cvss epss 0.00

    Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen in specific condition.

  • CVE-2021-25330Mar 2, 2021
    risk 0.00cvss epss 0.00

    Calling of non-existent provider in MobileWips application prior to SMR Feb-2021 Release 1 allows unauthorized actions including denial of service attack by hijacking the provider.

  • CVE-2021-27901Mar 2, 2021
    risk 0.00cvss epss 0.00

    An issue was discovered on LG mobile devices with Android OS 11 software. They mishandle fingerprint recognition because local high beam mode (LHBM) does not function properly during bright illumination. The LG ID is LVE-SMP-210001 (March 2021).

  • CVE-2021-0305Feb 10, 2021
    risk 0.00cvss epss 0.01

    In PackageInstaller, there is a possible tapjacking attack due to an insecure default value. This could lead to local escalation of privilege and permissions with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions:…

  • CVE-2021-22495Jan 5, 2021
    risk 0.00cvss epss 0.00

    An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) (Exynos chipsets) software. The Mali GPU driver allows out-of-bounds access and a device reset. The Samsung ID is SVE-2020-19174 (January 2021).

  • CVE-2021-22494Jan 5, 2021
    risk 0.00cvss epss 0.00

    An issue was discovered in the fingerprint scanner on Samsung Note20 mobile devices with Q(10.0) software. When a screen protector is used, the required image compensation is not present. Consequently, inversion can occur during fingerprint enrollment, and a high False…

  • CVE-2020-35693Dec 24, 2020
    risk 0.00cvss epss 0.00

    On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device's Bluetooth is on, and it is…

  • CVE-2020-35549Dec 18, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Any application may establish itself as the default dialer, without user interaction. The Samsung ID is SVE-2020-19172 (December 2020).

  • CVE-2020-35550Dec 18, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via StatusBar. The Samsung ID is SVE-2020-17888 (December 2020).

  • CVE-2020-35551Dec 18, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. They allow attackers to conduct RPMB state-change attacks because an unauthorized RPMB write operation can be replayed, a related issue to CVE-2020-13799. The Samsung…

  • CVE-2020-35553Dec 18, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on Samsung mobile devices with Q(10.0) and R(11.0) (Qualcomm SM8250 chipsets) software. They allows attackers to cause a denial of service (unlock failure) by triggering a power-shortage incident that causes a false-positive attack detection. The Samsung…

  • CVE-2020-35555Dec 18, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on LG mobile devices with Android OS 10 software. When a dual-screen configuration is supported, the device does not lock upon disconnection of a call with the cover closed. The LG ID is LVE-SMP-200027 (December 2020).

  • CVE-2020-28340Nov 8, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. Attackers can bypass Factory Reset Protection (FRP) via Secure Folder. The Samsung ID is SVE-2020-18546 (November 2020).

  • CVE-2020-28341Nov 8, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos990 chipsets) software. The S3K250AF Secure Element CC EAL 5+ chip allows attackers to execute arbitrary code and obtain sensitive information via a buffer overflow. The Samsung ID is SVE-2020-18632 (November…

  • CVE-2020-0415Oct 14, 2020
    risk 0.00cvss epss 0.00

    In various locations in SystemUI, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local information disclosure of contact data with User execution privileges needed. User interaction is not needed for exploitation.Product:…

  • CVE-2020-7811Oct 12, 2020
    risk 0.00cvss epss 0.01

    Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication

  • CVE-2020-26600Oct 6, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on Samsung mobile devices with Q(10.0) software. Auto Hotspot allows attackers to obtain sensitive information. The Samsung ID is SVE-2020-17288 (October 2020).

  • CVE-2020-26601Oct 6, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in DirEncryptService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privileged action via a modified intent. The Samsung ID is SVE-2020-18034…

  • CVE-2020-26602Oct 6, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in EthernetNetwork on Samsung mobile devices with O(8.1), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows sdcard access by an unprivileged process. The Samsung ID is SVE-2020-18392 (October 2020).

  • CVE-2020-26604Oct 6, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in SystemUI on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. PendingIntent allows an unprivileged process to access contact numbers. The Samsung ID is SVE-2020-18467 (October 2020).

  • CVE-2020-26606Oct 6, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) software. An attacker can access certain Secure Folder content via a debugging command. The Samsung ID is SVE-2020-18673 (October 2020).

  • CVE-2020-26607Oct 6, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in TimaService on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. PendingIntent with an empty intent is mishandled, allowing an attacker to perform a privileged action via a modified intent. The Samsung ID is SVE-2020-18418 (October…

  • CVE-2020-26603Oct 6, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Sticker Center allows directory traversal for an unprivileged process to read arbitrary files. The Samsung ID is SVE-2020-18433 (October 2020).

  • CVE-2020-26599Oct 6, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on Samsung mobile devices with Q(10.0) software. The DynamicLockscreen Terms and Conditions can be accepted without authentication. The Samsung ID is SVE-2020-17079 (October 2020).

  • CVE-2020-0276Sep 18, 2020
    risk 0.00cvss epss 0.00

    In Telephony, there is a possible permission bypass due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-11Android ID:…

  • CVE-2020-0334Sep 18, 2020
    risk 0.00cvss epss 0.00

    In NFC, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges and a Firmware compromise needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2020-25283Sep 11, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on LG mobile devices with Android OS 8.0, 8.1, 9.0, and 10 software. BT manager allows attackers to bypass intended access restrictions on a certain mode. The LG ID is LVE-SMP-200021 (September 2020).

  • CVE-2020-25280Sep 11, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos and MediaTek chipsets) software. Unauthenticated attackers can execute LTE/5G commands by sending a debugging command over USB. The Samsung ID is SVE-2020-16979 (September 2020).

  • CVE-2020-25279Sep 11, 2020
    risk 0.00cvss epss 0.01

    An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos chipsets) software. The baseband component has a buffer overflow via an abnormal SETUP message, leading to execution of arbitrary code. The Samsung ID is SVE-2020-18098 (September 2020).

  • CVE-2020-25063Aug 31, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. An application crash can occur because of incorrect application-level input validation. The LG ID is LVE-SMP-200018 (July 2020).

Page 37 of 45