Samsung Mobile Devices vulnerabilities
374 known vulnerabilities affecting samsung_mobile/samsung_mobile_devices.
Total CVEs
374
CISA KEV
11
actively exploited
Public exploits
0
Exploited in wild
11
Severity breakdown
CRITICAL37HIGH100MEDIUM142LOW95
Vulnerabilities
Page 15 of 19
CVE-2021-25455P4LOWCVSS 3.3≥ O(8.1), P(9.0), Q(10.0), R(11.0), < SMR Sep-2021 Release 12021-09-09
CVE-2021-25455 [LOW] CWE-125 CVE-2021-25455: OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attacke
OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.
nvd
CVE-2022-33690P4LOWCVSS 3.3≥ S(12), < SMR Jul-2022 Release 12022-07-12
CVE-2022-33690 [LOW] CWE-20 CVE-2022-33690: Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to acc
Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file.
nvd
CVE-2022-24929P4LOWCVSS 3.3≥ Q(10), R(11), S(12), < SMR Mar-2022 Release 12022-03-10
CVE-2022-24929 [LOW] CWE-926 CVE-2022-24929: Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list o
Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication.
nvd
CVE-2023-21429P4LOWCVSS 3.3≥ Q(10), R(11), S(12), T(13), < SMR Jan-2023 Release 12023-02-09
CVE-2023-21429 [LOW] CWE-285 CVE-2023-21429: Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access S
Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID.
nvd
CVE-2023-21424P4LOWCVSS 3.3≥ R(11), S(12), T(13), < SMR Jan-2023 Release 12023-02-09
CVE-2023-21424 [LOW] CWE-285 CVE-2023-21424: Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prio
Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand.
nvd
CVE-2022-25833P4LOWCVSS 3.3≥ Q(10), R(11), < SMR Apr-2022 Release 12022-04-11
CVE-2022-25833 [LOW] CWE-287 CVE-2022-25833: Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI w
Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission.
nvd
CVE-2021-25484P4LOWCVSS 3.3≥ O(8.1 go), Q(10.0 go), R(11.0 go), < SMR Oct-2021 Release 12021-10-06
CVE-2021-25484 [LOW] CWE-287 CVE-2021-25484: Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the
Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event.
nvd
CVE-2022-25817P4LOWCVSS 3.3≥ Q(10), R(11), < SMR Mar-2022 Release 12022-03-10
CVE-2022-25817 [LOW] CWE-287 CVE-2022-25817: Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate p
Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent.
nvd
CVE-2022-33726P4LOWCVSS 3.3≥ Q(10), R(11), S(12), < SMR Aug-2022 Release 12022-08-05
CVE-2022-33726 [LOW] CWE-561 CVE-2022-33726: Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attack
Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity.
nvd
CVE-2021-25336P4LOWCVSS 3.3≥ P(9.0), Q(10.0), < SMR Mar-2021 Release 12021-03-04
CVE-2021-25336 [LOW] CWE-269 CVE-2021-25336: Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-202
Improper access control in NotificationManagerService in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to acquire notification access via sending a crafted malicious intent.
nvd
CVE-2021-25451P4LOWCVSS 3.3≥ P(9.0), Q(10.0), R(11.0), < SMR Sep-2021 Release 12021-09-09
CVE-2021-25451 [LOW] CWE-287 CVE-2021-25451: A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows atta
A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.
nvd
CVE-2023-21428P4LOWCVSS 3.3≥ R(11), S(12), T(13), < SMR Jan-2023 Release 12023-02-09
CVE-2023-21428 [LOW] CWE-20 CVE-2023-21428: Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attack
Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call. The patch removes unused code.
nvd
CVE-2023-21458P4LOWCVSS 3.3≥ Android 11, 12, 13, < SMR Mar-2023 Release 12023-03-16
CVE-2023-21458 [LOW] CWE-269 CVE-2023-21458: Improper privilege management vulnerability in PhoneStatusBarPolicy in System UI prior to SMR Mar-20
Improper privilege management vulnerability in PhoneStatusBarPolicy in System UI prior to SMR Mar-2023 Release 1 allows attacker to turn off Do not disturb via unprotected intent.
nvd
CVE-2023-21452P4LOWCVSS 3.3≥ Android 11, 12, 13, < SMR Mar-2023 Release 12023-03-16
CVE-2023-21452 [LOW] CWE-285 CVE-2023-21452: Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to ge
Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device.
nvd
CVE-2023-21436P4LOWCVSS 3.3≥ Q(10), R(11), S(12), T(13), < SMR Feb-2023 Release 12023-02-09
CVE-2023-21436 [LOW] CWE-285 CVE-2023-21436: Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get
Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID.
nvd
CVE-2022-33725P4LOWCVSS 3.3≥ Q(10), R(11), < SMR Aug-2022 Release 12022-08-05
CVE-2022-33725 [LOW] CWE-94 CVE-2022-33725: A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to
A vulnerability using PendingIntent in Knox VPN prior to SMR Aug-2022 Release 1 allows attackers to access content providers with system privilege.
nvd
CVE-2022-22272P4LOWCVSS 3.3≥ Q(10.0), R(11.0), S(12.0), < SMR Jan-2022 Release 12022-01-10
CVE-2022-22272 [LOW] CWE-285 CVE-2022-22272: Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get I
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission
nvd
CVE-2021-25515P4LOWCVSS 3.3≥ P(9.0), Q(10.0), R(11.0), < SMR Dec-2021 Release 12021-12-08
CVE-2021-25515 [LOW] CWE-269 CVE-2021-25515: An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows atta
An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID.
nvd
CVE-2022-30757P4LOWCVSS 3.3≥ Q(10), R(11), S(12), < SMR Jul-2022 Release 12022-07-12
CVE-2022-30757 [LOW] CWE-285 CVE-2022-30757: Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CI
Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission.
nvd
CVE-2022-30752P4LOWCVSS 3.3≥ Q(10), R(11), S(12), < SMR Jul-2022 Release 12022-07-12
CVE-2022-30752 [LOW] CWE-284 CVE-2022-30752: Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to S
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action.
nvd