cbcvebase.

Samsung Mobile Devices vulnerabilities

374 known vulnerabilities affecting samsung_mobile/samsung_mobile_devices.

Total CVEs
374
CISA KEV
11
actively exploited
Public exploits
0
Exploited in wild
11
Severity breakdown
CRITICAL37HIGH100MEDIUM142LOW95

Vulnerabilities

Page 14 of 19
CVE-2022-24932P4MEDIUMCVSS 4.6≥ Q(10), R(11), S(12), < SMR Mar-2022 Release 12022-03-10
CVE-2022-24932 [MEDIUM] CWE-424 CVE-2022-24932: Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Re Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard.
nvd
CVE-2022-30729P4MEDIUMCVSS 4.6≥ S(12), < SMR Jun-2022 Release 12022-06-07
CVE-2022-30729 [MEDIUM] CWE-923 CVE-2022-30729: Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner.
nvd
CVE-2022-25831P4MEDIUMCVSS 4.6≥ Select Q(10), R(11), S(12) devices, < SMR Apr-2022 Release 12022-04-11
CVE-2022-25831 [MEDIUM] CWE-284 CVE-2022-25831: Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical at Improper access control vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to access secured data in certain conditions.
nvd
CVE-2022-28793P4MEDIUMCVSS 4.4≥ -, < Galaxy S222022-05-03
CVE-2022-28793 [MEDIUM] CWE-754 CVE-2022-28793: Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first initialization at boot time.
nvd
CVE-2022-33717P4MEDIUMCVSS 4.4≥ R(11), S(12), < SMR Aug-2022 Release 12022-08-05
CVE-2022-33717 [MEDIUM] CWE-125 CVE-2022-33717: A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory.
nvd
CVE-2022-33716P4MEDIUMCVSS 4.4≥ R(11), S(12), < SMR Aug-2022 Release 12022-08-05
CVE-2022-33716 [MEDIUM] CWE-457 CVE-2022-33716: An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attack An absence of variable initialization in ICCC TA prior to SMR Aug-2022 Release 1 allows local attacker to read uninitialized memory.
nvd
CVE-2021-25430P4MEDIUMCVSS 4.3≥ P(9.0), Q(10.0) , R(11.0), < SMR July-2021 Release 12021-07-08
CVE-2021-25430 [MEDIUM] CWE-287 CVE-2021-25430: Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allo Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.
nvd
CVE-2022-30724P4MEDIUMCVSS 4.3≥ Q(10), R(11), S(12), < SMR Jun-2022 Release 12022-06-07
CVE-2022-30724 [MEDIUM] CWE-280 CVE-2022-30724: Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
nvd
CVE-2022-30725P4MEDIUMCVSS 4.3≥ Q(10), R(11), S(12), < SMR Jun-2022 Release 12022-06-07
CVE-2022-30725 [MEDIUM] CWE-280 CVE-2022-30725: Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
nvd
CVE-2022-30723P4MEDIUMCVSS 4.3≥ Q(10), R(11), S(12), < SMR Jun-2022 Release 12022-06-07
CVE-2022-30723 [MEDIUM] CWE-280 CVE-2022-30723: Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
nvd
CVE-2022-27821P4MEDIUMCVSS 5.5≥ O(10), R(11), S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-27821 [MEDIUM] CWE-125 CVE-2022-27821: Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to ca Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file.
nvd
CVE-2022-28782P4MEDIUMCVSS 4.6≥ Select R(11), S(12) devices, < SMR May-2022 Release 12022-05-03
CVE-2022-28782 [MEDIUM] CWE-424 CVE-2022-28782: Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows p Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability.
nvd
CVE-2021-25476P4MEDIUMCVSS 4.4≥ Select Q(10.0), R(11.0) devices with Exynos chipsets, < SMR Oct-2021 Release 12021-10-06
CVE-2021-25476 [MEDIUM] CWE-1295 CVE-2021-25476: An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows at An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE.
nvd
CVE-2021-25429P4MEDIUMCVSS 4.3≥ O(8.1), P(9.0), Q(10.0), R(11.0), < SMR July-2021 Release 12021-07-08
CVE-2021-25429 [MEDIUM] CWE-269 CVE-2021-25429: Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.
nvd
CVE-2022-28784P4LOWCVSS 3.3≥ Q(10), R(11), S(12), < SMR May-2022 Release 12022-05-03
CVE-2022-28784 [LOW] CWE-22 CVE-2022-28784: Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to li Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic.
nvd
CVE-2021-25491P4MEDIUMCVSS 4.4≥ P(9.0), Q(10.0), R(11.0), < SMR Oct-2021 Release 12021-10-06
CVE-2021-25491 [MEDIUM] CWE-476 CVE-2021-25491: A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-poin A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer dereference.
nvd
CVE-2022-27831P4MEDIUMCVSS 4.4≥ Q(10), R(11), S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-27831 [MEDIUM] CWE-125 CVE-2022-27831: Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior to SMR Apr-2022 Release 1 allo Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior to SMR Apr-2022 Release 1 allows attackers to read out of bounds memory.
nvd
CVE-2021-25473P4MEDIUMCVSS 4.4≥ R(11.0), < SMR Oct-2021 Release 12021-10-06
CVE-2021-25473 [MEDIUM] CWE-755 CVE-2021-25473: Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadi Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_hide_by_meadia_full value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.
nvd
CVE-2021-25474P4MEDIUMCVSS 4.4≥ Q(10.0), R(11.0), < SMR Oct-2021 Release 12021-10-06
CVE-2021-25474 [MEDIUM] CWE-755 CVE-2021-25474: Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspan Assuming a shell privilege is gained, an improper exception handling for multi_sim_bar_show_on_qspanel value in SystemUI prior to SMR Oct-2021 Release 1 allows an attacker to cause a permanent denial of service in user device before factory reset.
nvd
CVE-2022-23429P4MEDIUMCVSS 4.4≥ P(9.0), Q(10.0), R(11.0), < SMR Feb-2022 Release 12022-02-11
CVE-2022-23429 [MEDIUM] CWE-125 CVE-2022-23429: An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to An improper boundary check in audio hal service prior to SMR Feb-2022 Release 1 allows attackers to read invalid memory and it leads to application crash.
nvd
Samsung Mobile Devices vulnerabilities | cvebase