cbcvebase.

Samsung Mobile Devices vulnerabilities

374 known vulnerabilities affecting samsung_mobile/samsung_mobile_devices.

Total CVEs
374
CISA KEV
11
actively exploited
Public exploits
0
Exploited in wild
11
Severity breakdown
CRITICAL37HIGH100MEDIUM142LOW95

Vulnerabilities

Page 9 of 19
CVE-2022-33730P4MEDIUMCVSS 6.8≥ S(12), < SMR Aug-2022 Release 12022-08-05
CVE-2022-33730 [MEDIUM] CWE-787 CVE-2022-33730: Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allow Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers.
nvd
CVE-2023-21427P4MEDIUMCVSS 6.5≥ R(11), S(12), T(13), < SMR Jan-2023 Release 12023-02-09
CVE-2023-21427 [MEDIUM] CWE-284 CVE-2023-21427: Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition.
nvd
CVE-2022-33723P4MEDIUMCVSS 6.1≥ Q(10), R(11), S(12), < SMR Aug-2022 Release 12022-08-05
CVE-2022-33723 [MEDIUM] CWE-1021 CVE-2022-33723: A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attacke A vulnerable code in onCreate of BluetoothScanDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.
nvd
CVE-2022-33727P4MEDIUMCVSS 6.1≥ Q(10), R(11), S(12), < SMR Aug-2022 Release 12022-08-05
CVE-2022-33727 [MEDIUM] CWE-1021 CVE-2022-33727: A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attac A vulnerable code in onCreate of SecDevicePickerDialog prior to SMR Aug-2022 Release 1, allows attackers to trick the user to select an unwanted bluetooth device via tapjacking/overlay attack.
nvd
CVE-2021-25389P4MEDIUMCVSS 6.1≥ P(9.0), < SMR MAY-2021 Release 12021-06-11
CVE-2021-25389 [MEDIUM] CWE-287 CVE-2021-25389: Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use lock Improper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication.
nvd
CVE-2022-23426P4MEDIUMCVSS 6.0≥ P(9.0), Q(10.0), R(11.0), < SMR Feb-2022 Release 12022-02-11
CVE-2022-23426 [MEDIUM] CWE-94 CVE-2022-23426: A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allow A vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system privilege.
nvd
CVE-2022-22271P4MEDIUMCVSS 5.5≥ P(9.0), Q(10.0), R(11.0), < SMR Jan-2022 Release 12022-01-10
CVE-2022-22271 [MEDIUM] CWE-125 CVE-2022-22271: A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allow A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory.
nvd
CVE-2022-22263P4MEDIUMCVSS 5.5≥ R(11.0), < SMR Jan-2022 Release 12022-01-10
CVE-2022-22263 [MEDIUM] CWE-269 CVE-2022-22263: Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applica Unprotected dynamic receiver in SecSettings prior to SMR Jan-2022 Release 1 allows untrusted applications to launch arbitrary activity.
nvd
CVE-2022-27824P4HIGHCVSS 7.1≥ Q(10), R(11), S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-27824 [HIGH] CWE-125 CVE-2022-27824: Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior t Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file
nvd
CVE-2022-27823P4HIGHCVSS 7.1≥ Q(10), R(11), S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-27823 [HIGH] CWE-125 CVE-2022-27823: Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SM Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file.
nvd
CVE-2022-26091P4MEDIUMCVSS 6.8≥ Q(10), R(11), S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-26091 [MEDIUM] CWE-284 CVE-2022-26091: Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that phy Improper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that physical attackers can bypass Knox Manage using a function key of hardware keyboard.
nvd
CVE-2021-25481P4MEDIUMCVSS 6.7≥ O(8.1), P(9.0), Q(10.0), R(11.0), < SMR Oct-2021 Release 12021-10-06
CVE-2021-25481 [MEDIUM] CWE-754 CVE-2021-25481: An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory.
nvd
CVE-2021-25456P4MEDIUMCVSS 5.5≥ O(8.1), P(9.0), Q(10.0), R(11.0), < SMR Sep-2021 Release 12021-09-09
CVE-2021-25456 [MEDIUM] CWE-125 CVE-2021-25456: OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attacke OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.
nvd
CVE-2021-25413P4MEDIUMCVSS 5.5≥ P(9.0), Q(10.0), R(11.0), < SMA JUN-2021 Release 12021-06-11
CVE-2021-25413 [MEDIUM] CWE-20 CVE-2021-25413: Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege.
nvd
CVE-2023-21423P4MEDIUMCVSS 5.5≥ S(12), T(13), < SMR Jan-2023 Release 12023-02-09
CVE-2023-21423 [MEDIUM] CWE-285 CVE-2023-21423: Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attac Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action.
nvd
CVE-2021-25397P4MEDIUMCVSS 5.5≥ P(9.0), Q(10.0), R(11.0), < SMR MAY-2021 Release 12021-06-11
CVE-2021-25397 [MEDIUM] CWE-926 CVE-2021-25397: An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.
nvd
CVE-2021-25443P4MEDIUMCVSS 5.3≥ O(8.1), P(9.0), Q(10.0) , R(11.0), < SMR AUG-2021 Release 12021-08-05
CVE-2021-25443 [MEDIUM] CWE-825 CVE-2021-25443: A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows maliciou A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker.
nvd
CVE-2022-27825P4HIGHCVSS 7.1≥ Q(10), R(11), S(12), < SMR Apr-2022 Release 12022-04-11
CVE-2022-27825 [HIGH] CWE-125 CVE-2022-27825: Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Ap Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file.
nvd
CVE-2021-25416P4MEDIUMCVSS 6.5≥ Q(10.0), R(11.0) devices with Exynos9610, 9810, 9820, 9830, < SMA JUN-2021 Release 12021-06-11
CVE-2021-25416 [MEDIUM] CWE-94 CVE-2021-25416: Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 a Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area.
nvd
CVE-2022-22268P4MEDIUMCVSS 6.1≥ P(9.0), Q(10.0), R(11.0), S(12.0), < SMR Jan-2022 Release 12022-01-10
CVE-2022-22268 [MEDIUM] CWE-285 CVE-2022-22268: Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate a Incorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox Guard via Samsung DeX mode.
nvd
Samsung Mobile Devices vulnerabilities | cvebase