Samsung Mobile Devices vulnerabilities
374 known vulnerabilities affecting samsung_mobile/samsung_mobile_devices.
Total CVEs
374
CISA KEV
11
actively exploited
Public exploits
0
Exploited in wild
11
Severity breakdown
CRITICAL37HIGH100MEDIUM142LOW95
Vulnerabilities
Page 12 of 19
CVE-2023-21435P4MEDIUMCVSS 5.5≥ Select R(11), S(12), T(13) devices, < SMR Feb-2023 Release 12023-02-09
CVE-2023-21435 [MEDIUM] CWE-200 CVE-2023-21435: Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 al
Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log.
nvd
CVE-2023-21440P4MEDIUMCVSS 5.5≥ T(13), < SMR Feb-2023 Release 12023-02-09
CVE-2023-21440 [MEDIUM] CWE-285 CVE-2023-21440: Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows
Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture.
nvd
CVE-2021-25415P4MEDIUMCVSS 5.5≥ Q(10.0), R(11.0) devices with Exynos9610, 9810, 9820, 9830, < SMA JUN-2021 Release 12021-06-11
CVE-2021-25415 [MEDIUM] CWE-94 CVE-2021-25415: Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 a
Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable.
nvd
CVE-2021-25459P4MEDIUMCVSS 5.5≥ Select Q(10.0), R(11.0) devices, < SMR Sep-2021 Release 12021-09-09
CVE-2021-25459 [MEDIUM] CWE-285 CVE-2021-25459: An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 R
An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService.
nvd
CVE-2021-25357P4MEDIUMCVSS 5.5≥ O(8.x), P(9.0), Q(10.0), R(11.0), < SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0) and 3.6.80.7 in Android R(11.0)2021-04-09
CVE-2021-25357 [MEDIUM] CWE-200 CVE-2021-25357: A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O
A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged applications to access contact information.
nvd
CVE-2021-25392P4MEDIUMCVSS 5.5≥ P(9.0), Q(10.0) , R(11.0), < SMR MAY-2021 Release 12021-06-11
CVE-2021-25392 [MEDIUM] CWE-200 CVE-2021-25392: Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allo
Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path.
nvd
CVE-2022-39897P4MEDIUMCVSS 5.5≥ Selected Q(10), R(11), S(12) Qualcomm devices, < SMR Dec-2022 Release 12022-12-08
CVE-2022-39897 [MEDIUM] CWE-200 CVE-2022-39897: Exposure of Sensitive Information vulnerability in kernel prior to SMR Dec-2022 Release 1 allows att
Exposure of Sensitive Information vulnerability in kernel prior to SMR Dec-2022 Release 1 allows attackers to access the kernel address information via log.
nvd
CVE-2022-30727P4MEDIUMCVSS 5.5≥ Q(10), R(11), S(12), < SMR Jun-2022 Release 12022-06-07
CVE-2022-30727 [MEDIUM] CWE-280 CVE-2022-30727: Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in Perso
Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space.
nvd
CVE-2021-25347P4MEDIUMCVSS 5.3≥ P(9.0), Q(10.0), R(11.0), < SMR Feb-2021 Release 12021-03-04
CVE-2021-25347 [MEDIUM] CWE-287 CVE-2021-25347: Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows
Hijacking vulnerability in Samsung Email application version prior to SMR Feb-2021 Release 1 allows attackers to intercept when the provider is executed.
nvd
CVE-2021-25454P4MEDIUMCVSS 5.5≥ O(8.1), P(9.0), Q(10.0), R(11.0), < SMR Sep-2021 Release 12021-09-09
CVE-2021-25454 [MEDIUM] CWE-125 CVE-2021-25454: OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attacke
OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.
nvd
CVE-2023-21461P4MEDIUMCVSS 5.5≥ Android 12, 13, < SMR Mar-2023 Release 12023-03-16
CVE-2023-21461 [MEDIUM] CWE-285 CVE-2023-21461: Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-202
Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device off via unprotected activity.
nvd
CVE-2021-25339P4MEDIUMCVSS 5.2≥ Selected Q(10.0), R(11.0), < SMR Mar-2021 Release 12021-03-04
CVE-2021-25339 [MEDIUM] CWE-20 CVE-2021-25339: Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows
Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory.
nvd
CVE-2021-25482P4MEDIUMCVSS 4.4≥ R(11.0), < SMR Oct-2021 Release 12021-10-06
CVE-2021-25482 [MEDIUM] CWE-264 CVE-2021-25482: SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted appl
SQL injection vulnerabilities in CMFA framework prior to SMR Oct-2021 Release 1 allow untrusted application to overwrite some CMFA framework information.
nvd
CVE-2022-39855P4MEDIUMCVSS 4.3≥ Q(10), R(11), S(12), < SMR Oct-2022 Release 12022-10-07
CVE-2022-39855 [MEDIUM] CWE-284 CVE-2022-39855: Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a l
Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices.
nvd
CVE-2021-25462P4MEDIUMCVSS 5.5≥ P(9.0), Q(10.0) , R(11.0) devices with Exynos chipsets, < SMR Sep-2021 Release 12021-09-09
CVE-2021-25462 [MEDIUM] CWE-476 CVE-2021-25462: NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attacker
NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
nvd
CVE-2021-25458P4MEDIUMCVSS 5.5≥ O(8.1), P(9.0), Q(10.0) , R(11.0) devices with Exynos chipsets, < SMR Sep-2021 Release 12021-09-09
CVE-2021-25458 [MEDIUM] CWE-476 CVE-2021-25458: NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attacker
NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
nvd
CVE-2021-25460P4MEDIUMCVSS 5.5≥ Select Q(10.0), R(11.0) devices, < SMR Sep-2021 Release 12021-09-09
CVE-2021-25460 [MEDIUM] CWE-285 CVE-2021-25460: An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 R
An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService.
nvd
CVE-2021-25477P4MEDIUMCVSS 4.9≥ P(9.0), Q(10.0), R(11.0), < SMR Oct-2021 Release 12021-10-06
CVE-2021-25477 [MEDIUM] CWE-415 CVE-2021-25477: An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows mod
An improper error handling in Mediatek RRC Protocol stack prior to SMR Oct-2021 Release 1 allows modem crash and remote denial of service.
nvd
CVE-2023-21460P4MEDIUMCVSS 4.4≥ Android 11, 12, 13, < SMR Mar-2023 Release 12023-03-16
CVE-2023-21460 [MEDIUM] CWE-287 CVE-2023-21460: Improper authentication in SecSettings prior to SMR Mar-2023 Release 1 allows attacker to reset the
Improper authentication in SecSettings prior to SMR Mar-2023 Release 1 allows attacker to reset the setting.
nvd
CVE-2022-39899P4MEDIUMCVSS 4.3≥ Select Q(10), R(11), S(12), T(13) devices, < SMR Dec-2022 Release 12022-12-08
CVE-2022-39899 [MEDIUM] CWE-287 CVE-2022-39899: Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release
Improper authentication vulnerability in Samsung WindowManagerService prior to SMR Dec-2022 Release 1 allows attacker to send the input event using S Pen gesture.
nvd