Samsung Mobile Devices vulnerabilities
374 known vulnerabilities affecting samsung_mobile/samsung_mobile_devices.
Total CVEs
374
CISA KEV
11
actively exploited
Public exploits
0
Exploited in wild
11
Severity breakdown
CRITICAL37HIGH100MEDIUM142LOW95
Vulnerabilities
Page 17 of 19
CVE-2022-36852P4LOWCVSS 3.3≥ R(11), S(12), < SMR Sep-2022 Release 12022-09-09
CVE-2022-36852 [LOW] CWE-285 CVE-2022-36852: Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local at
Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local attacker to access internal application data.
nvd
CVE-2021-25472P4LOWCVSS 3.3≥ O(8.1), P(9.0), Q(10.0), R(11.0), < SMR Oct-2021 Release 12021-10-06
CVE-2021-25472 [LOW] CWE-264 CVE-2021-25472: An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release
An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information.
nvd
CVE-2021-25457P4LOWCVSS 3.3≥ Q(10.0), R(11.0) devices with Exynos 980, 9830, 2100 chipsets, < SMR Sep-2021 Release 12021-09-09
CVE-2021-25457 [LOW] CWE-20 CVE-2021-25457: An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows loca
An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information.
nvd
CVE-2022-33692P4LOWCVSS 3.3≥ R(11), S(12), < SMR Jul-2022 Release 12022-07-12
CVE-2022-33692 [LOW] CWE-213 CVE-2022-33692: Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows lo
Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.
nvd
CVE-2022-33696P4LOWCVSS 3.3≥ S(12), < SMR Jul-2022 Release 12022-07-12
CVE-2022-33696 [LOW] CWE-213 CVE-2022-33696: Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local
Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log.
nvd
CVE-2021-25486P4LOWCVSS 3.3≥ O(8.1), P(9.0), Q(10.0), R(11.0), < SMR Oct-2021 Release 12021-10-06
CVE-2021-25486 [LOW] CWE-200 CVE-2021-25486: Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker
Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log.
nvd
CVE-2021-25501P4LOWCVSS 3.3≥ Q(10.0), R(11.0), < SMR Nov-2021 Release 12021-11-05
CVE-2021-25501 [LOW] CWE-284 CVE-2021-25501: An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR N
An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows untrusted application to call some protected providers.
nvd
CVE-2022-33689P4LOWCVSS 3.3≥ Q(10), R(11), S(12), < SMR Jul-2022 Release 12022-07-12
CVE-2022-33689 [LOW] CWE-287 CVE-2022-33689: Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attacker
Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attackers to change preferred network type by unprotected binder call.
nvd
CVE-2022-33729P4LOWCVSS 3.3≥ Q(10), R(11), S(12), < SMR Aug-2022 Release 12022-08-05
CVE-2022-33729 [LOW] CWE-20 CVE-2022-33729: Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 R
Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connected Bluetooth device.
nvd
CVE-2022-33728P4LOWCVSS 3.3≥ Q(10), R(11), S(12), < SMR Aug-2022 Release 12022-08-05
CVE-2022-33728 [LOW] CWE-200 CVE-2022-33728: Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attacker
Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal.
nvd
CVE-2022-39898P4LOWCVSS 3.3≥ Q(10), R(11), S(12), T(13), < SMR Dec-2022 Release 12022-12-08
CVE-2022-39898 [LOW] CWE-284 CVE-2022-39898: Improper access control vulnerability in IIccPhoneBook prior to SMR Dec-2022 Release 1 allows attack
Improper access control vulnerability in IIccPhoneBook prior to SMR Dec-2022 Release 1 allows attackers to access some information of usim.
nvd
CVE-2022-33718P4LOWCVSS 3.3≥ Q(10), R(11), S(12), < SMR Aug-2022 Release 12022-08-05
CVE-2022-33718 [LOW] CWE-863 CVE-2022-33718: An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows unt
An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data.
nvd
CVE-2022-33701P4LOWCVSS 3.3≥ Q(10), R(11), S(12), < SMR Jul-2022 Release 12022-07-12
CVE-2022-33701 [LOW] CWE-284 CVE-2022-33701: Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 al
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by sending braodcast intent.
nvd
CVE-2022-39914P4LOWCVSS 3.3≥ unspecified, < Android T(13)2022-12-08
CVE-2022-39914 [LOW] CWE-200 CVE-2022-39914: Exposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung DisplayManager
Exposure of Sensitive Information from an Unauthorized Actor vulnerability in Samsung DisplayManagerService prior to Android T(13) allows local attacker to access connected DLNA device information.
nvd
CVE-2022-39903P4LOWCVSS 3.3≥ Select Q(10), R(11), S(12), T(13) devices supporting RCS, < SMR Dec-2022 Release 12022-12-08
CVE-2022-39903 [LOW] CWE-200 CVE-2022-39903: Improper access control vulnerability in RCS call prior to SMR Dec-2022 Release 1 allows local attac
Improper access control vulnerability in RCS call prior to SMR Dec-2022 Release 1 allows local attackers to access RCS incoming call number.
nvd
CVE-2022-39895P4LOWCVSS 3.3≥ Q(10), R(11), S(12), < SMR Dec-2022 Release 12022-12-08
CVE-2022-39895 [LOW] CWE-284 CVE-2022-39895: Improper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 a
Improper access control vulnerability in ContactListUtils in Phone prior to SMR Dec-2022 Release 1 allows to access contact group information via implicit intent.
nvd
CVE-2022-39886P4LOWCVSS 3.3≥ Q(10), R(11), S(12), < SMR Nov-2022 Release 12022-11-09
CVE-2022-39886 [LOW] CWE-280 CVE-2022-39886: Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Re
Improper access control vulnerability in IpcRxServiceModeBigDataInfo in RIL prior to SMR Nov-2022 Release 1 allows local attacker to access Device information.
nvd
CVE-2022-39885P4LOWCVSS 3.3≥ Q(10), R(11), S(12), < SMR Nov-2022 Release 12022-11-09
CVE-2022-39885 [LOW] CWE-280 CVE-2022-39885: Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR
Improper access control vulnerability in BootCompletedReceiver_CMCC in DeviceManagement prior to SMR Nov-2022 Release 1 allows local attacker to access to Device information.
nvd
CVE-2022-39848P4LOWCVSS 3.3≥ Q(10), R(11), S(12), < SMR Oct-2022 Release 12022-10-07
CVE-2022-39848 [LOW] CWE-213 CVE-2022-39848: Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local att
Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log.
nvd
CVE-2022-39912P4LOWCVSS 3.3≥ unspecified, < Android T(13)2022-12-08
CVE-2022-39912 [LOW] CWE-280 CVE-2022-39912: Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManag
Improper handling of insufficient permissions vulnerability in setSecureFolderPolicy in PersonaManagerService prior to Android T(13) allows local attackers to set some setting value in Secure folder.
nvd