Samsung Mobile Devices vulnerabilities
374 known vulnerabilities affecting samsung_mobile/samsung_mobile_devices.
Total CVEs
374
CISA KEV
11
actively exploited
Public exploits
0
Exploited in wild
11
Severity breakdown
CRITICAL37HIGH100MEDIUM142LOW95
Vulnerabilities
Page 11 of 19
CVE-2021-25382P4MEDIUMCVSS 5.5≥ O(8.x), P(9.0), Q(10.0), R(11.0), < SMR Oct-2020 Release 12021-04-23
CVE-2021-25382 [MEDIUM] CWE-285 CVE-2021-25382: An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release
An improper authorization of using debugging command in Secure Folder prior to SMR Oct-2020 Release 1 allows unauthorized access to contents in Secure Folder via debugging command.
nvd
CVE-2022-33685P4MEDIUMCVSS 5.5≥ Q(10), R(11), S(12), < SMR Jul-2022 Release 12022-07-12
CVE-2022-33685 [MEDIUM] CWE-561 CVE-2022-33685: Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows atta
Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information.
nvd
CVE-2022-36854P4MEDIUMCVSS 5.5≥ S(12), < SMR Sep-2022 Release 12022-09-09
CVE-2022-36854 [MEDIUM] CWE-20 CVE-2022-36854: Out of bound read in libapexjni.media.samsung.so prior to SMR Sep-2022 Release 1 allows attacker acc
Out of bound read in libapexjni.media.samsung.so prior to SMR Sep-2022 Release 1 allows attacker access unauthorized information.
nvd
CVE-2022-28780P4MEDIUMCVSS 5.5≥ Q(10), R(11), S(12), < SMR May-2022 Release 12022-05-03
CVE-2022-28780 [MEDIUM] CWE-284 CVE-2022-28780: Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attacke
Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information.
nvd
CVE-2022-39905P4MEDIUMCVSS 5.5≥ Q(10), R(11), S(12), T(13), < SMR Dec-2022 Release 12022-12-08
CVE-2022-39905 [MEDIUM] CWE-285 CVE-2022-39905: Implicit intent hijacking vulnerability in Telecom application prior to SMR Dec-2022 Release 1 allow
Implicit intent hijacking vulnerability in Telecom application prior to SMR Dec-2022 Release 1 allows attacker to access sensitive information via implicit intent.
nvd
CVE-2022-39847P4MEDIUMCVSS 5.3≥ Q(10), R(11), S(12), < SMR Oct-2022 Release 12022-10-07
CVE-2022-39847 [MEDIUM] CWE-416 CVE-2022-39847: Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR O
Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions.
nvd
CVE-2022-36850P4MEDIUMCVSS 4.7≥ S(12), < SMR Sep-2022 Release 12022-09-09
CVE-2022-36850 [MEDIUM] CWE-20 CVE-2022-36850: Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to ov
Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid.
nvd
CVE-2022-25822P4MEDIUMCVSS 6.2≥ Select Q(10), R(11), S(12) devices with Exynos and Qualcomm chipsets, < SMR Mar-2022 Release 12022-03-10
CVE-2022-25822 [MEDIUM] CWE-362 CVE-2022-25822: An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash.
An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash.
nvd
CVE-2023-21449P4MEDIUMCVSS 5.5≥ Select Android 11, 12 devices, < SMR Mar-2023 Release 12023-03-16
CVE-2023-21449 [MEDIUM] CWE-200 CVE-2023-21449: Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows loc
Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission.
nvd
CVE-2023-21437P4MEDIUMCVSS 5.5≥ Q(10), R(11), S(12), T(13), < SMR Feb-2023 Release 12023-02-09
CVE-2023-21437 [MEDIUM] CWE-287 CVE-2023-21437: Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows lo
Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast.
nvd
CVE-2023-21425P4MEDIUMCVSS 5.5≥ Q(10), R(11), S(12), T(13), < SMR Jan-2023 Release 12023-02-09
CVE-2023-21425 [MEDIUM] CWE-287 CVE-2023-21425: Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows
Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information.
nvd
CVE-2021-25393P4MEDIUMCVSS 5.5≥ Q(10.0) , R(11.0), < SMR MAY-2021 Release 12021-06-11
CVE-2021-25393 [MEDIUM] CWE-94 CVE-2021-25393: Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local
Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data.
nvd
CVE-2022-27822P4MEDIUMCVSS 5.5≥ Q(10), R(11), S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-27822 [MEDIUM] CWE-284 CVE-2022-27822: Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows
Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission.
nvd
CVE-2021-25488P4MEDIUMCVSS 5.5≥ O(8.1), P(9.0), Q(10.0), R(11.0), < SMR Oct-2021 Release 12021-10-06
CVE-2021-25488 [MEDIUM] CWE-125 CVE-2021-25488: Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021
Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read.
nvd
CVE-2022-22291P4MEDIUMCVSS 5.5≥ Q(10.0), R(11.0), S(12.0), < SMR Feb-2022 Release 12022-02-11
CVE-2022-22291 [MEDIUM] CWE-779 CVE-2022-22291: Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileg
Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device.
nvd
CVE-2021-25453P4MEDIUMCVSS 5.5≥ O(8.1), P(9.0), Q(10.0), R(11.0), < SMR Sep-2021 Release 12021-09-09
CVE-2021-25453 [MEDIUM] CWE-20 CVE-2021-25453: Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted appl
Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.
nvd
CVE-2022-30758P4MEDIUMCVSS 5.5≥ Q(10), R(11), S(12), < SMR Jul-2022 Release 12022-07-12
CVE-2022-30758 [MEDIUM] CWE-276 CVE-2022-30758: Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attac
Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder.
nvd
CVE-2022-33702P4MEDIUMCVSS 5.5≥ Q(10), R(11), S(12), < SMR Jul-2022 Release 12022-07-12
CVE-2022-33702 [MEDIUM] CWE-285 CVE-2022-33702: Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attac
Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset.
nvd
CVE-2021-25502P4MEDIUMCVSS 5.5≥ O(8.1), P(9.0), Q(10.0), R(11.0), < SMR Nov-2021 Release 12021-11-05
CVE-2021-25502 [MEDIUM] CWE-269 CVE-2021-25502: A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-20
A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge.
nvd
CVE-2021-25338P4MEDIUMCVSS 5.2≥ Selected Q(10.0), R(11.0), < SMR Mar-2021 Release 12021-03-04
CVE-2021-25338 [MEDIUM] CWE-20 CVE-2021-25338: Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allo
Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to write certain part of RKP EL2 memory region.
nvd