cbcvebase.

Samsung Mobile Devices vulnerabilities

374 known vulnerabilities affecting samsung_mobile/samsung_mobile_devices.

Total CVEs
374
CISA KEV
11
actively exploited
Public exploits
0
Exploited in wild
11
Severity breakdown
CRITICAL37HIGH100MEDIUM142LOW95

Vulnerabilities

Page 3 of 19
CVE-2023-21455P3CRITICALCVSS 9.1≥ Select devices using Exynos CP chipsets, < SMR Mar-2023 Release 12023-03-16
CVE-2023-21455 [CRITICAL] CWE-287 CVE-2023-21455: Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows inco Improper authorization implementation in Exynos baseband prior to SMR Mar-2023 Release 1 allows incorrect handling of unencrypted message.
nvd
CVE-2022-30713P3CRITICALCVSS 9.1≥ Q(10), R(11), S(12), < SMR Jun-2022 Release 12022-06-07
CVE-2022-30713 [CRITICAL] CWE-20 CVE-2022-30713: Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.
nvd
CVE-2022-30711P3CRITICALCVSS 9.1≥ Q(10), R(11), S(12), < SMR Jun-2022 Release 12022-06-07
CVE-2022-30711 [CRITICAL] CWE-20 CVE-2022-30711: Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to l Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.
nvd
CVE-2022-30710P3CRITICALCVSS 9.1≥ Q(10), R(11), S(12), < SMR Jun-2022 Release 12022-06-07
CVE-2022-30710 [CRITICAL] CWE-20 CVE-2022-30710: Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.
nvd
CVE-2022-27567P3CRITICALCVSS 9.8≥ Q(10), R(11), S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-27567 [CRITICAL] CWE-476 CVE-2022-27567: Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr- Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers.
nvd
CVE-2022-33719P3CRITICALCVSS 9.8≥ 10, 11, 12, < SMR Aug-2022 Release 12022-08-05
CVE-2022-33719 [CRITICAL] CWE-20 CVE-2022-33719: Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause inte Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow.
nvd
CVE-2022-30712P3CRITICALCVSS 9.1≥ R(11), S(12), < SMR Jun-2022 Release 12022-06-07
CVE-2022-30712 [CRITICAL] CWE-20 CVE-2022-30712: Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.
nvd
CVE-2021-25356P3HIGHCVSS 8.8≥ O(8.x), P(9.0), Q(10.0), R(11.0), < SMR APR-2021 Release 12021-04-09
CVE-2021-25356 [HIGH] CWE-20 CVE-2021-25356: An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allow An improper caller check vulnerability in Managed Provisioning prior to SMR APR-2021 Release 1 allows unprivileged application to install arbitrary application, grant device admin permission and then delete several installed application.
nvd
CVE-2023-21420P3HIGHCVSS 7.8≥ Q(10), R(11) devices with Teegris, < SMR Jan-2023 Release 12023-02-09
CVE-2023-21420 [HIGH] CWE-134 CVE-2023-21420: Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution.
nvd
CVE-2021-25478P3HIGHCVSS 7.2≥ O(8.1), P(9.0), Q(10.0), R(11.0), < SMR Oct-2021 Release 12021-10-06
CVE-2021-25478 [HIGH] CWE-121 CVE-2021-25478: A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Rele A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.
nvd
CVE-2021-25361P3HIGHCVSS 8.8≥ P(9.0), Q(10.0), < SMR APR-2021 Release 12021-04-09
CVE-2021-25361 [HIGH] CWE-22 CVE-2021-25361: An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows loc An improper access control vulnerability in stickerCenter prior to SMR APR-2021 Release 1 allows local attackers to read or write arbitrary files of system process via untrusted applications.
nvd
CVE-2022-27836P3HIGHCVSS 7.8≥ S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-27836 [HIGH] CWE-284 CVE-2022-27836: Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Serv Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. The patch adds proper validation logic to prevent arbitrary files access.
nvd
CVE-2022-30755P3HIGHCVSS 7.8≥ Q(10), R(11), S(12), < SMR Jul-2022 Release 12022-07-12
CVE-2022-30755 [HIGH] CWE-287 CVE-2022-30755: Improper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker to Improper authentication vulnerability in AppLock prior to SMR Jul-2022 Release 1 allows attacker to bypass password confirm activity by hijacking the implicit intent.
nvd
CVE-2023-21499P3HIGHCVSS 7.8≥ Select Android 13 devices, < SMR May-2023 Release 12023-05-04
CVE-2023-21499 [HIGH] CWE-787 CVE-2023-21499: Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.
nvd
CVE-2021-25407P3HIGHCVSS 7.8≥ P(9.0), Q(10.0), R(11.0) devices with Exynos9820, 9830, 980, 2100 chipsets, < SMR JUN-2021 Release 12021-06-11
CVE-2021-25407 [HIGH] CWE-787 CVE-2021-25407: A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows ar A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write.
nvd
CVE-2022-26092P3HIGHCVSS 7.8≥ Q(10), R(11), S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-26092 [HIGH] CWE-122 CVE-2022-26092: Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows arbitrary code execution.
nvd
CVE-2022-24931P3HIGHCVSS 7.8≥ Q(10), R(11), < SMR Mar-2022 Release 12022-03-10
CVE-2022-24931 [HIGH] CWE-269 CVE-2022-24931: Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Rele Improper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to execute arbitrary activity without a proper permission
nvd
CVE-2022-36855P3HIGHCVSS 7.8≥ Q(10), R(11), S(12) devices with exynos9810 and exynos9820 chipsets, < SMR Sep-2022 Release 12022-09-09
CVE-2022-36855 [HIGH] CWE-416 CVE-2022-36855: A use after free vulnerability in iva_ctl driver prior to SMR Sep-2022 Release 1 allows attacker to A use after free vulnerability in iva_ctl driver prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
nvd
CVE-2022-39853P3HIGHCVSS 7.8≥ Q(10), R(11), S(12) devices with Qualcomm SM8150 and SM8250 chipsets, < SMR Oct-2022 Release 12022-10-07
CVE-2022-39853 [HIGH] CWE-416 CVE-2022-39853: A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault.
nvd
CVE-2022-26099P3CRITICALCVSS 9.1≥ Q(10), R(11), S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-26099 [CRITICAL] CWE-476 CVE-2022-26099: Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr- Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds read by remote attackers.
nvd
Samsung Mobile Devices vulnerabilities | cvebase