cbcvebase.

Samsung Mobile Devices vulnerabilities

374 known vulnerabilities affecting samsung_mobile/samsung_mobile_devices.

Total CVEs
374
CISA KEV
11
actively exploited
Public exploits
0
Exploited in wild
11
Severity breakdown
CRITICAL37HIGH100MEDIUM142LOW95

Vulnerabilities

Page 2 of 19
CVE-2023-21503P3CRITICALCVSS 9.8≥ Select devices using Exynos CP chipsets, < SMR May-2023 Release 12023-05-04
CVE-2023-21503 [CRITICAL] CWE-20 CVE-2023-21503: Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to S Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.
nvd
CVE-2022-26098P3CRITICALCVSS 9.8≥ Q(10), R(11), S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-26098 [CRITICAL] CWE-122 CVE-2022-26098: Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Heap-based buffer overflow vulnerability in sheifd_create function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.
nvd
CVE-2022-27572P3CRITICALCVSS 9.8≥ Q(10), R(11), S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-27572 [CRITICAL] CWE-122 CVE-2022-27572: Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Ap Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.
nvd
CVE-2021-25346P3CRITICALCVSS 9.8≥ O(8.x), P(9.0), Q(10.0), < SMR Jan-2021 Release 12021-03-04
CVE-2021-25346 [CRITICAL] CWE-787 CVE-2021-25346: A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 A possible arbitrary memory overwrite vulnerabilities in quram library version prior to SMR Jan-2021 Release 1 allow arbitrary code execution.
nvd
CVE-2021-25384P3CRITICALCVSS 9.8≥ O(8.1), P(9.x), Q(10.0), R(11.0), < SMR MAY-2021 Release 12021-06-11
CVE-2021-25384 [CRITICAL] CWE-122 CVE-2021-25384: An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in li An improper input validation vulnerability in sdfffd_parse_chunk_PROP() with Sample Rate Chunk in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
nvd
CVE-2022-39862P3CRITICALCVSS 9.8≥ R(11), S(12), < SMR Oct-2022 Release 12022-10-07
CVE-2022-39862 [CRITICAL] CWE-285 CVE-2022-39862: Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3. Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api.
nvd
CVE-2021-25360P3CRITICALCVSS 9.8≥ Q(10.0), < SMR APR-2021 Release 12021-04-09
CVE-2021-25360 [CRITICAL] CWE-122 CVE-2021-25360: An improper input validation vulnerability in libswmfextractor library prior to SMR APR-2021 Release An improper input validation vulnerability in libswmfextractor library prior to SMR APR-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
nvd
CVE-2021-25386P3CRITICALCVSS 9.8≥ O(8.1), P(9.x), Q(10.0), R(11.0), < SMR MAY-2021 Release 12021-06-11
CVE-2021-25386 [CRITICAL] CWE-121 CVE-2021-25386: An improper input validation vulnerability in sdfffd_parse_chunk_FVER() in libsdffextractor library An improper input validation vulnerability in sdfffd_parse_chunk_FVER() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
nvd
CVE-2021-25385P3CRITICALCVSS 9.8≥ O(8.1), P(9.x), Q(10.0), R(11.0), < SMR MAY-2021 Release 12021-06-11
CVE-2021-25385 [CRITICAL] CWE-121 CVE-2021-25385: An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library An improper input validation vulnerability in sdfffd_parse_chunk_PROP() in libsdffextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
nvd
CVE-2021-25383P3CRITICALCVSS 9.8≥ O(8.1), P(9.x), Q(10.0), R(11.0), < SMR MAY-2021 Release 12021-06-11
CVE-2021-25383 [CRITICAL] CWE-122 CVE-2021-25383: An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to An improper input validation vulnerability in scmn_mfal_read() in libsapeextractor library prior to SMR MAY-2021 Release 1 allows attackers to execute arbitrary code on mediaextractor process.
nvd
CVE-2022-23425P3CRITICALCVSS 9.8≥ P(9.0), Q(10.0), R(11.0), S(12.0) with select Exynos devices, < SMR Feb-2022 Release 12022-02-11
CVE-2022-23425 [CRITICAL] CWE-20 CVE-2022-23425: Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to sen Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station.
nvd
CVE-2021-25449P3CRITICALCVSS 9.8≥ O(8.1), P(9.0), Q(10.0), R(11.0), < SMR Sep-2021 Release 12021-09-09
CVE-2021-25449 [CRITICAL] CWE-122 CVE-2021-25449: An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.
nvd
CVE-2022-39881P3CRITICALCVSS 9.1≥ Select devices using Exynos CP chipsets, < SMR Nov-2022 Release 12022-11-09
CVE-2022-39881 [CRITICAL] CWE-20 CVE-2022-39881: Improper input validation vulnerability for processing SIB12 PDU in Exynos modems prior to SMR Sep-2 Improper input validation vulnerability for processing SIB12 PDU in Exynos modems prior to SMR Sep-2022 Release allows remote attacker to read out of bounds memory.
nvd
CVE-2022-30722P3CRITICALCVSS 9.8≥ Q(10), R(11), S(12), < SMR Jun-2022 Release 12022-06-07
CVE-2022-30722 [CRITICAL] CWE-285 CVE-2022-30722: Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows at Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account.
nvd
CVE-2022-26093P3CRITICALCVSS 9.8≥ Q(10), R(11), S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-26093 [CRITICAL] CWE-476 CVE-2022-26093: Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr- Null pointer dereference vulnerability in parser_irot function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
nvd
CVE-2022-26096P3CRITICALCVSS 9.8≥ Q(10), R(11), S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-26096 [CRITICAL] CWE-476 CVE-2022-26096: Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr- Null pointer dereference vulnerability in parser_ispe function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
nvd
CVE-2022-26095P3CRITICALCVSS 9.8≥ Q(10), R(11), S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-26095 [CRITICAL] CWE-476 CVE-2022-26095: Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr- Null pointer dereference vulnerability in parser_colr function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
nvd
CVE-2022-26094P3CRITICALCVSS 9.8≥ Q(10), R(11), S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-26094 [CRITICAL] CWE-476 CVE-2022-26094: Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr- Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
nvd
CVE-2022-26097P3CRITICALCVSS 9.8≥ Q(10), R(11), S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-26097 [CRITICAL] CWE-476 CVE-2022-26097: Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior Null pointer dereference vulnerability in parser_unknown_property function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
nvd
CVE-2023-21459P3CRITICALCVSS 9.8≥ Android 11, 12, 13 devices with Exynos2100 chipset, < SMR Mar-2023 Release 12023-03-16
CVE-2023-21459 [CRITICAL] CWE-416 CVE-2023-21459: Use after free vulnerability in decon driver prior to SMR Mar-2023 Release 1 allows attackers to cau Use after free vulnerability in decon driver prior to SMR Mar-2023 Release 1 allows attackers to cause memory access fault.
nvd
Samsung Mobile Devices vulnerabilities | cvebase