Samsung Mobile Devices vulnerabilities
374 known vulnerabilities affecting samsung_mobile/samsung_mobile_devices.
Total CVEs
374
CISA KEV
11
actively exploited
Public exploits
0
Exploited in wild
11
Severity breakdown
CRITICAL37HIGH100MEDIUM142LOW95
Vulnerabilities
Page 4 of 19
CVE-2021-25485P3HIGHCVSS 8.0≥ Q(10.0), R(11.0), < SMR Oct-2021 Release 12021-10-06
CVE-2021-25485 [HIGH] CWE-20 CVE-2021-25485: Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attac
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Oct-2021 Release 1 allows attackers to write file as system UID via BT remote socket.
nvd
CVE-2021-25461P3HIGHCVSS 7.8≥ O(8.1), < SMR Sep-2021 Release 12021-09-09
CVE-2021-25461 [HIGH] CWE-120 CVE-2021-25461: An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer
An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow.
nvd
CVE-2023-21421P3HIGHCVSS 7.8≥ Q(10), R(11), S(12), T(13), < SMR Jan-2023 Release 12023-02-09
CVE-2023-21421 [HIGH] CWE-280 CVE-2023-21421: Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerServic
Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.
nvd
CVE-2021-25511P3HIGHCVSS 7.8≥ P(9.0), Q(10.0), R(11.0), < SMR Dec-2021 Release 12021-12-08
CVE-2021-25511 [HIGH] CWE-20 CVE-2021-25511: An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attack
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path traversal vulnerability.
nvd
CVE-2022-39902P3HIGHCVSS 7.5≥ Exynos baseband, < SMR Dec-2022 Release 12022-12-08
CVE-2022-39902 [HIGH] CWE-285 CVE-2022-39902: Improper authorization in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to
Improper authorization in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to get sensitive information including IMEI via emergency call.
nvd
CVE-2021-25426P3HIGHCVSS 7.5≥ P(9.0), Q(10.0) , R(11.0), < SMR July-2021 Release 12021-07-08
CVE-2021-25426 [HIGH] CWE-200 CVE-2021-25426: Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR Jul
Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files.
nvd
CVE-2021-25417P3HIGHCVSS 7.5≥ P(9.0), Q(10.0), < SMA JUN-2021 Release 12021-06-11
CVE-2021-25417 [HIGH] CWE-285 CVE-2021-25417: Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage.
Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage.
nvd
CVE-2021-25479P3HIGHCVSS 7.2≥ O(8.1), P(9.0), Q(10.0), R(11.0), < SMR Oct-2021 Release 12021-10-06
CVE-2021-25479 [HIGH] CWE-122 CVE-2021-25479: A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Relea
A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.
nvd
CVE-2022-27574P3HIGHCVSS 7.2≥ Q(10), R(11), S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-27574 [HIGH] CWE-20 CVE-2022-27574: Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsi
Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker.
nvd
CVE-2023-21501P3HIGHCVSS 7.8≥ Select Android 13 devices, < SMR May-2023 Release 12023-05-04
CVE-2023-21501 [HIGH] CWE-20 CVE-2023-21501: Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 all
Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.
nvd
CVE-2023-21502P3HIGHCVSS 7.8≥ Android 12, 13, < SMR May-2023 Release 12023-05-04
CVE-2023-21502 [HIGH] CWE-20 CVE-2023-21502: Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 a
Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands.
nvd
CVE-2023-21451P3HIGHCVSS 7.8≥ unspecified, < Android S(12)2023-02-09
CVE-2023-21451 [HIGH] CWE-20 CVE-2023-21451: A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allow
A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allows attacker to cause memory corruptions.
nvd
CVE-2021-25510P3HIGHCVSS 7.8≥ P(9.0), Q(10.0), R(11.0), < SMR Dec-2021 Release 12021-12-08
CVE-2021-25510 [HIGH] CWE-20 CVE-2021-25510: An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local
An improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows local arbitrary code execution.
nvd
CVE-2022-39852P3HIGHCVSS 7.8≥ Q(10), R(11), S(12), < SMR Oct-2022 Release 12022-10-07
CVE-2022-39852 [HIGH] CWE-122 CVE-2022-39852: A heap-based overflow vulnerability in makeContactAGIF in libagifencoder.quram.so library prior to S
A heap-based overflow vulnerability in makeContactAGIF in libagifencoder.quram.so library prior to SMR Oct-2022 Release 1 allows attacker to perform code execution.
nvd
CVE-2022-33695P3HIGHCVSS 7.8≥ Q(10), R(11), S(12), < SMR Jul-2022 Release 12022-07-12
CVE-2022-33695 [HIGH] CWE-732 CVE-2022-33695: Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorize
Use of improper permission in InputManagerService prior to SMR Jul-2022 Release 1 allows unauthorized access to the service.
nvd
CVE-2022-39880P3HIGHCVSS 7.8≥ R(11), S(12), < SMR Nov-2022 Release 12022-11-09
CVE-2022-39880 [HIGH] CWE-20 CVE-2022-39880: Improper input validation vulnerability in DualOutFocusViewer prior to SMR Nov-2022 Release 1 allows
Improper input validation vulnerability in DualOutFocusViewer prior to SMR Nov-2022 Release 1 allows local attacker to perform an arbitrary code execution.
nvd
CVE-2022-27573P3HIGHCVSS 7.2≥ Q(10), R(11), S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-27573 [HIGH] CWE-20 CVE-2022-27573: Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsi
Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers.
nvd
CVE-2023-21439P3HIGHCVSS 7.8≥ S(12), T(13), < SMR Feb-2023 Release 12023-02-09
CVE-2023-21439 [HIGH] CWE-20 CVE-2023-21439: Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allo
Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allows attackers to launch certain activities.
nvd
CVE-2023-21430P3HIGHCVSS 7.8≥ Q(10), R(11), S(12), T(13), < SMR Jan-2023 Release 12023-02-09
CVE-2023-21430 [HIGH] CWE-125 CVE-2023-21430: An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.
An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR JAN-2023 Release 1 allows attacker to cause memory access fault.
nvd
CVE-2023-21491P3HIGHCVSS 7.8≥ Android 12, 13, < SMR May-2023 Release 12023-05-04
CVE-2023-21491 [HIGH] CWE-284 CVE-2023-21491: Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local a
Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege.
nvd