Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-20891

Summary
Assigner-SamsungMobile
Assigner Org ID-3af57064-a867-422c-b2ad-40307b65c458
Published At-02 Jul, 2024 | 09:20
Updated At-01 Aug, 2024 | 22:06
Rejected At-
Credits

Improper access control in launchFullscreenIntent of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:SamsungMobile
Assigner Org ID:3af57064-a867-422c-b2ad-40307b65c458
Published At:02 Jul, 2024 | 09:20
Updated At:01 Aug, 2024 | 22:06
Rejected At:
▼CVE Numbering Authority (CNA)

Improper access control in launchFullscreenIntent of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.

Affected Products
Vendor
Samsung ElectronicsSamsung Mobile
Product
Samsung Mobile Devices
Default Status
affected
Versions
Unaffected
  • SMR Jul-2024 Release in Android 14
Problem Types
TypeCWE IDDescription
N/AN/ACWE-284 Improper Access Control
Type: N/A
CWE ID: N/A
Description: CWE-284 Improper Access Control
Metrics
VersionBase scoreBase severityVector
3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07
N/A
Hyperlink: https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
Samsungsamsung
Product
android
CPEs
  • cpe:2.3:o:samsung:android:14.0:-:*:*:*:*:*:*
Default Status
affected
Versions
Unaffected
  • From 14.0 before smr_jun-2024 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07
x_transferred
Hyperlink: https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:mobile.security@samsung.com
Published At:02 Jul, 2024 | 10:15
Updated At:05 Jul, 2024 | 15:54

Improper access control in launchFullscreenIntent of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.17.8HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:-:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-apr-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-apr-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-apr-2024-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-aug-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-aug-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-dec-2021-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-dec-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-dec-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-feb-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-feb-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-feb-2024-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-jan-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-jan-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-jan-2024-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-jul-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-jul-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-jun-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-jun-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-jun-2024-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-mar-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-mar-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-mar-2024-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-may-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-may-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-may-2024-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-nov-2021-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-nov-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-nov-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-oct-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-oct-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-sep-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>12.0
cpe:2.3:o:samsung:android:12.0:smr-sep-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:-:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-apr-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-apr-2024-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-aug-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-dec-2022-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-dec-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-feb-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-feb-2024-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-jan-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-jan-2024-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-jul-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-jun-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-jun-2024-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-mar-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-mar-2024-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-may-2023-r1:*:*:*:*:*:*
Samsung
samsung
>>android>>13.0
cpe:2.3:o:samsung:android:13.0:smr-may-2024-r1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-OtherPrimarynvd@nist.gov
CWE ID: NVD-CWE-Other
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07mobile.security@samsung.com
Vendor Advisory
Hyperlink: https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07
Source: mobile.security@samsung.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

261Records found
CVE-2023-30659
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 10.52%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:51
Updated-24 Oct, 2024 | 15:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2020-10841
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.41%
||
7 Day CHG~0.00%
Published-24 Mar, 2020 | 17:24
Updated-04 Aug, 2024 | 11:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 9610 chipsets) software. There is an arbitrary kfree in the vipx and vertex drivers. The Samsung ID is SVE-2019-16294 (February 2020).

Action-Not Available
Vendor-n/aGoogle LLCSamsung
Product-androidexynos_9610n/a
CVE-2023-30686
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.43%
||
7 Day CHG~0.00%
Published-10 Aug, 2023 | 01:18
Updated-10 Oct, 2024 | 17:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds Write in ReqDataRaw of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devicessamsung_mobile_devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2023-30655
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.04% / 10.05%
||
7 Day CHG~0.00%
Published-06 Jul, 2023 | 02:51
Updated-24 Oct, 2024 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2019-16253
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-19.88% / 95.24%
||
7 Day CHG~0.00%
Published-25 Sep, 2019 | 22:40
Updated-05 Aug, 2024 | 01:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 and 3.0.00.101 for Android allows a local attacker to escalate privileges, e.g., to system privileges. The Samsung case ID is 101755.

Action-Not Available
Vendor-n/aSamsung
Product-text-to-speechn/a
CVE-2019-15458
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:27
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXXS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_j7_neo_firmwaregalaxy_j7_neon/a
CVE-2019-15441
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:27
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung on7xeltelgt Android device with a build fingerprint of samsung/on7xeltelgt/on7xeltelgt:8.1.0/M1AJQ/G610LKLU2CSB1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Action-Not Available
Vendor-n/aSamsung
Product-on_7on_7_firmwaren/a
CVE-2019-15460
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:27
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung J7 Neo Android device with a build fingerprint of samsung/j7veltedx/j7velte:8.1.0/M1AJQ/J701FXVS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_j7_neo_firmwaregalaxy_j7_neon/a
CVE-2019-15462
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:27
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung J7 Duo Android device with a build fingerprint of samsung/j7duolteub/j7duolte:8.0.0/R16NW/J720MUBS3ASB2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_j7_duo_firmwaregalaxy_j7_duon/a
CVE-2023-21518
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.11% / 30.46%
||
7 Day CHG~0.00%
Published-28 Jun, 2023 | 00:00
Updated-07 Nov, 2024 | 18:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in SearchWidget prior to version 3.3 in China models allows untrusted applications to start arbitrary activity.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-searchwidgetSamsung SearchWidget
CWE ID-CWE-284
Improper Access Control
CVE-2023-21421
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.9||MEDIUM
EPSS-0.04% / 9.56%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 20:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE ID-CWE-269
Improper Privilege Management
CVE-2019-15450
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:27
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung j3popeltecan Android device with a build fingerprint of samsung/j3popeltevl/j3popeltecan:8.1.0/M1AJQ/J327WVLS3BSA2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_j3_popgalaxy_j3_pop_firmwaren/a
CVE-2023-21498
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6||MEDIUM
EPSS-0.02% / 4.55%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 00:00
Updated-12 Feb, 2025 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2019-15464
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:27
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteub/j7y17lte:8.1.0/M1AJQ/J730GUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_j7_progalaxy_j7_pro_firmwaren/a
CVE-2019-15437
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:26
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltexx/xcover4lte:8.1.0/M1AJQ/G390FXXU3BSA2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_xcover4galaxy_xcover4_firmwaren/a
CVE-2019-19273
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.01% / 1.61%
||
7 Day CHG~0.00%
Published-04 Feb, 2020 | 15:46
Updated-05 Aug, 2024 | 02:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265.

Action-Not Available
Vendor-n/aGoogle LLCSamsung
Product-androidgalaxy_note8galaxy_s8exynos_8895galaxy_s8_plusn/a
CWE ID-CWE-787
Out-of-bounds Write
CVE-2019-15438
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:27
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltedo/xcover4lte:8.1.0/M1AJQ/G390YDXU2BSA1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_xcover4galaxy_xcover4_firmwaren/a
CVE-2019-15457
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:27
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung J6 Android device with a build fingerprint of samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_j6galaxy_j6_firmwaren/a
CVE-2019-15461
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:27
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB4:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_j7_neo_firmwaregalaxy_j7_neon/a
CVE-2019-15453
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:27
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung J4 Android device with a build fingerprint of samsung/j4lteub/j4lte:8.0.0/R16NW/J400MUBS2ASC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_j4galaxy_j4_firmwaren/a
CVE-2019-15434
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:26
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung A5 Android device with a build fingerprint of samsung/a5y17ltexx/a5y17lte:8.0.0/R16NW/A520FXXS8CSC5:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_a5galaxy_a5_firmwaren/a
CVE-2019-15444
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:27
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_s7_firmwaregalaxy_s7n/a
CVE-2019-15449
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:27
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_s7_edgegalaxy_s7_edge_firmwaren/a
CVE-2019-15445
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:27
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung S7 Android device with a build fingerprint of samsung/heroltexx/herolte:8.0.0/R16NW/G930FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_s7_firmwaregalaxy_s7n/a
CVE-2019-15455
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:27
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung J5 Android device with a build fingerprint of samsung/j5y17ltexx/j5y17lte:8.1.0/M1AJQ/J530FXXU3BRL1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_j5_firmwaregalaxy_j5n/a
CVE-2019-15452
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:27
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung J3 Android device with a build fingerprint of samsung/j3y17ltedx/j3y17lte:8.0.0/R16NW/J330GDXS3BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=6010000, versionName=6.1.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_j3galaxy_j3_firmwaren/a
CVE-2019-15435
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:26
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung A7 Android device with a build fingerprint of samsung/a7y17ltexx/a7y17lte:8.0.0/R16NW/A720FXXU7CSC2:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_a7_firmwaregalaxy_a7n/a
CVE-2019-15440
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:27
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung J5 Android device with a build fingerprint of samsung/on5xeltedx/on5xelte:8.0.0/R16NW/G570YDXU2CRL1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=6010000, versionName=6.1.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_j5_firmwaregalaxy_j5n/a
CVE-2019-15456
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:27
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung J6 Android device with a build fingerprint of samsung/j6ltexx/j6lte:8.0.0/R16NW/J600FNXXU3ASC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_j6galaxy_j6_firmwaren/a
CVE-2019-15433
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:26
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung A3 Android device with a build fingerprint of samsung/a3y17ltedx/a3y17lte:8.0.0/R16NW/A320YDXU4CSB3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_a3_firmwaregalaxy_a3n/a
CVE-2019-15439
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:27
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung XCover4 Android device with a build fingerprint of samsung/xcover4ltedo/xcover4lte:8.1.0/M1AJQ/G390YDXU2BSA1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_xcover4galaxy_xcover4_firmwaren/a
CVE-2019-15454
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:27
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung J4 Android device with a build fingerprint of samsung/j4lteub/j4lte:8.0.0/R16NW/J400MUBU2ARL4:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_j4galaxy_j4_firmwaren/a
CVE-2019-15448
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:27
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_s7_edgegalaxy_s7_edge_firmwaren/a
CVE-2019-15447
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:27
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung S7 Edge Android device with a build fingerprint of samsung/hero2ltexx/hero2lte:8.0.0/R16NW/G935FXXS4ESC3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000000, versionName=7.0.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_s7_edgegalaxy_s7_edge_firmwaren/a
CVE-2019-15465
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.10% / 28.75%
||
7 Day CHG~0.00%
Published-14 Nov, 2019 | 16:27
Updated-05 Aug, 2024 | 00:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Samsung J7 Pro Android device with a build fingerprint of samsung/j7y17lteubm/j7y17lte:8.1.0/M1AJQ/J730GMUBS6BSC1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.

Action-Not Available
Vendor-n/aSamsung
Product-galaxy_j7_progalaxy_j7_pro_firmwaren/a
CVE-2023-21497
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 7.17%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 00:00
Updated-12 Feb, 2025 | 16:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-134
Use of Externally-Controlled Format String
CVE-2021-25381
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 9.53%
||
7 Day CHG~0.00%
Published-09 Apr, 2021 | 17:40
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidaccountSamsung Account
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-25418
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-7.8||HIGH
EPSS-0.05% / 14.80%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 14:33
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-internetSamsung Internet
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-21508
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.7||MEDIUM
EPSS-0.03% / 6.43%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 00:00
Updated-12 Feb, 2025 | 16:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-samsung_blockchain_keystoreSamsung Blockchain Keystore
CWE ID-CWE-787
Out-of-bounds Write
CVE-2021-25441
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-7.8||HIGH
EPSS-0.06% / 17.90%
||
7 Day CHG~0.00%
Published-08 Jul, 2021 | 13:48
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in AR Emoji Editor prior to version 4.4.03.5 in Android Q(10.0) and above allows untrusted applications to access arbitrary files with an escalated privilege.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidar_emoji_editorAR Emoji Editor
CWE ID-CWE-20
Improper Input Validation
CVE-2021-3438
Matching Score-8
Assigner-HP Inc.
ShareView Details
Matching Score-8
Assigner-HP Inc.
CVSS Score-7.8||HIGH
EPSS-1.68% / 81.41%
||
7 Day CHG~0.00%
Published-20 May, 2021 | 13:32
Updated-03 Aug, 2024 | 16:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege.

Action-Not Available
Vendor-n/aSamsungHP Inc.
Product-proxpress_sl-c3060_ss211alaserjet_mfp_m438_8af44aproxpress_sl-c3010_ss210jxpress_sl-m2826_ss344aproxpress_sl-m3870_ss377aproxpress_sl-m4020_ss383yxpress_sl-m2621_ss325asf-760_ss199aproxpress_sl-m3375fd_ss368fmultixpress_sl-m5360_ss403ascx-5637_ss182ascx-4833_ss181axpress_sl-m2885_ss359aclx-3305_ss095aml-5510_ss152acolor_laser_mfp_170_4zb96alaser_mfp_130_4zb90ascx-5737_sw045axpress_sl-m2020_ss272acolor_laser_mfp_170_6hu08aproxpress_sl-c4010_ss216sxpress_sl-m2625_ss326alaserjet_mfp_m443_8af72axpress_sl-m2825_ss342axpress_sl-m2676_ss337axpress_sl-m2875_ss353ascx-3405_sv943ascx-3405_sw314aproxpress_sl-m3375fd_ss369cxpress_sl-c480_ss255ascx-3401_ss158aproxpress_sl-m3820_ss372csf-760_ss196ascx-4650_sb983acolor_laser_mfp_170_6hu09aml-3750_ss138alaser_100_4zb81axpress_sl-c1860_ss205axpress_sl-m2070_ss297amultixpress_clx-9301_ss007axpress_sl-m2875_ss352aml-5510_sv897aproxpress_sl-c3060_ss213fmultixpress_clx-9301_sw179aproxpress_sl-m4075_ss394aproxpress_sl-c4010_ss216bml-6510_ss154amultixpress_sl-x7500_ss055alaser_mfp_130_4zb84aproxpress_sl-c3010_ss210flaserjet_mfp_m440_8af46alaser_408_7uq75alaser_mfp_130_4zb91aproxpress_sl-m4580_ss402aproxpress_sl-c4010_ss216fproxpress_sl-c4010_ss216kclp-365_ss066aproxpress_sl-m3375fd_ss369dproxpress_sl-c4010_ss216vproxpress_sl-m3875_ss382amultixpress_scx-8128_ss018amultixpress_sl-k7500_ss040aclx-3305_ss096asf-760_ss197ascx-3401_ss157aproxpress_sl-m3325_ss367aml-6510_sv901aproxpress_sl-m4024_ss385axpress_sl-m2676_ss338ascx-3401_sv393aclp-680_ss075axpress_sl-c480_ss254aproxpress_sl-c3060_ss213dmultixpress_sl-k7500_ss039axpress_sl-m2880_ss358aproxpress_sl-m3820_ss373wproxpress_sl-c3060_ss211lclp-775_ss079aproxpress_sl-c4010_ss216eproxpress_sl-c3060_ss213gxpress_sl-m2820_ss339aproxpress_sl-m3370_ss378ascx-3400_sv938alaserjet_mfp_m42625_8af52axpress_sl-m2675_sw112aproxpress_sl-c4060_ss218alaser_mfp_130_4zb82amultixpress_sl-k7600_ss042aproxpress_sl-m4530_ss398dproxpress_sl-m4025_ss387aml-5017_ss148aclx-3300_ss088aproxpress_sl-c3010_ss210hscx-4021_ss165aproxpress_sl-c4012_ss217aproxpress_sl-m3321_ss366aproxpress_sl-c4010_ss216pproxpress_sl-m3320nd_ss365amultixpress_sl-x4300_ss049axpress_sl-m2620_ss324aproxpress_sl-c4010_ss216dscx-4521_ss168aproxpress_sl-m3820_ss373dproxpress_sl-c3010_ss210aproxpress_sl-c3010_ss210gproxpress_sl-c3060_ss211nproxpress_sl-m3820_ss373sproxpress_sl-m4072_ss391acolor_laser_150_4zb95aclp-680_ss076aclx-3305_ss094aproxpress_sl-m3820_ss371bsf-760_ss195amultixpress_sl-x7600_ss058aproxpress_sl-m4070_ss390cmultixpress_scx-8230_ss021aproxpress_sl-m3820_ss373uscx-5639_st676alaser_100_4zb79ascx-3405_ss162aproxpress_sl-c3010_ss201claserjet_mfp_m42523_7ab26axpress_sl-m2620_ss322alaser_mfp_432_7uq76amultixpress_scx-8128_ss020axpress_sl-m2625_ss327aproxpress_sl-m4025_ss386alaserjet_mfp_m442_8af71axpress_sl-m2821_ss341aproxpress_sl-m4020_ss383cproxpress_sl-m3820_ss373qlaserjet_mfp_m438_8af45axpress_sl-m2675_ss336aproxpress_sl-m3820_ss373lxpress_sl-m2876_ss355axpress_sl-m2070_ss294aproxpress_sl-m3825_ss375aproxpress_sl-m4070_ss389jlaser_mfp_130_4zb87amultixpress_sl-x4220_ss047aclx-6260_ss105aproxpress_sl-c4062_ss219alaserjet_mfp_m72625-m72630_2zn50aproxpress_sl-m4075_ss393aproxpress_sl-m3875_ss380amultixpress_sl-x7600_ss059aproxpress_sl-c3060_ss211eproxpress_sl-m3820_ss373mproxpress_sl-c3060_ss211pml-6510_sv899cmultixpress_sl-k7400_ss038ascx-3405_sw313ascx-5737_ss183axpress_sl-m2871_ss350amultixpress_sl-x7500_ss056aml-5015_ss147axpress_sl-m2875_ss354aclp-775_ss078aproxpress_sl-m3820_ss373jproxpress_sl-c4010_ss216jproxpress_sl-m3375fd_ss369elaserjet_mfp_m436_w7u01amultixpress_scx-8240_ss022alaser_mfp_130_6hu10amultixpress_sl-m4370_ss396axpress_sl-m2825_ss343ascx-3400_ss155ascx-4521_sv968aclx-6260_ss106axpress_sl-m2626_ss328ascx-4521_sv967aproxpress_sl-m3870_ss378ascx-5635_sw041amultixpress_clx-9301_sw152ascx-4655_ss174aproxpress_sl-m3820_ss373tproxpress_sl-c3060_ss211qproxpress_sl-c3060_ss211dproxpress_sl-m4530_ss397escx-4650_ss171ascx-3406_ss164alaser_mfp_130_4zb85axpress_sl-m2671_ss333axpress_sl-m2620_ss323amultixpress_sl-k4250_ss030ascx-4655_sv989amultixpress_sl-x4250_ss048aproxpress_sl-c3010_ss210kxpress_sl-m2870_ss349aproxpress_sl-m4560_ss400aproxpress_sl-c3010_ss210eproxpress_sl-c3010_ss210mproxpress_sl-c4010_ss216claserjet_mfp_m437_7zb19aproxpress_sl-m3820_ss373gproxpress_sl-c3060_ss211mlaser_mfp_130_4zb83aproxpress_sl-c3060_ss211gproxpress_sl-c3060_ss211cxpress_sl-m2070_ss295axpress_sl-m2070_ss298aproxpress_sl-c3060_s221bxpress_sl-m2070_ss293aproxpress_sl-m3820_ss373fproxpress_sl-c3060_ss213axpress_sl-c430_ss229aclp-560_sv611ascx-3400_ss156aclp-560_sv612alaser_mfp_130_4zb86ascx-4835_sw020ascx-3405_ss161axpress_sl-c480_ss257amultixpress_sl-k4300_ss032amultixpress_sl-m5370_sw121alaserjet_mfp_m42625_8af50aproxpress_sl-m4080_ss395amultixpress_clx-9251_sv719aproxpress_sl-m3820_ss373aclp-360_ss062amultixpress_sl-m4370_sw117aproxpress_sl-c3060_ss211hscx-3405_ss159acolor_laser_150_4zb94aproxpress_sl-m3820_ss373nproxpress_sl-c3060_ss211flaser_mfp_130_5ue15alaserjet_mfp_m433_1vr14aclp-366_ss068aclx-3305_ss093ascx-3405_ss163aproxpress_sl-m4560_ss399aproxpress_sl-m3375fd_ss369bproxpress_sl-m4020_ss383kproxpress_sl-m3820_ss371aproxpress_sl-m3875_ss381aclp-368_sv601aproxpress_sl-m3820_ss371dlaserjet_mfp_m439_7zb22ascx-4833_sw019aclx-6260_ss108aproxpress_sl-m3820_ss373pml-6510_sv900aproxpress_sl-c4010_ss216hml-5010_ss145amultixpress_sl-m5370_ss404aclp-365_sw139ascx-4521_sv530ascx-5637_sw043amultixpress_sl-k4250_ss031aml-4510_ss141aproxpress_sl-m3820_ss373vproxpress_sl-m4020_4pt87amultixpress_clx-9251_ss005ascx-5635_sw093axpress_sl-m2876_ss357ascx-5635_sw040amultixpress_sl-k3250_ss027eproxpress_sl-c3010_ss210plaserjet_mfp_m440_8af48ascx-4835_sw021aproxpress_sl-m4030_ss388aproxpress_sl-c3010_ss209alaser_100_4zb80aproxpress_sl-c3060_ss213hproxpress_sl-c4010_ss216qxpress_sl-m2820_ss340ascx-3406_sw127axpress_sl-m2676_sw113alaserjet_mfp_m42523_7zb72aml-5012_ss146aproxpress_sl-c3060_ss213blaserjet_mfp_m437_7zb20amultixpress_sl-k2200_ss025axpress_sl-m2835_ss346axpress_sl-m2670_ss331amultixpress_sl-k3300_ss028aproxpress_sl-c4010_ss216mmultixpress_sl-x7400_ss054alaserjet_mfp_m439_7zb23aproxpress_sl-m3820_ss373hproxpress_sl-m3820_ss373zxpress_sl-m2626_ss329ascx-4650_ss172axpress_sl-m2671_ss332aproxpress_sl-c4010_ss216zproxpress_sl-m3825_ss376aproxpress_sl-m3820_ss373bml-6510_ss153amultixpress_sl-x3280_ss044ascx-5737_sw046aclx-6260_ss107aproxpress_sl-c3060_ss211jlaserjet_mfp_m439_7zb24alaserjet_mfp_m436_w7u02ascx-4521_sw129aclx-3300_sv677alaserjet_mfp_m440_8af47aproxpress_sl-c4010_ss215acolor_laser_mfp_170_4zb97aproxpress_sl-c3060_ss211kmultixpress_sl-k2200_ss024aclx-6260_sw177alaser_mfp_130_4zb88aml-5510_sv898aproxpress_sl-m3820_ss373cxpress_sl-m2876_ss356amultixpress_sl-x3220nr_ss043eclp-366_sv600alaser_mfp_130_6hu11axpress_sl-c480_ss256amultixpress_scx-8128_sw172ascx-4655_sv988alaserjet_mfp_m42523_7zb25ascx-3406_sv946ascx-4521_ss167axpress_sl-m2670_ss330aproxpress_sl-m3375fd_ss369amultixpress_scx-8128_ss019aproxpress_sl-c4010_ss216nproxpress_sl-c4010_ss216gproxpress_sl-m3820_ss373eproxpress_sl-m4020_ss383xproxpress_sl-m4075_ss392aproxpress_sl-c4010_ss216llaserjet_mfp_m436_2ky38ascx-3405_ss160axpress_sl-m2070_ss296aproxpress_sl-c4010_ss216uproxpress_sl-m3825_ss374alaserjet_mfp_m42625_8af49alaser_mfp_130_4zb93aproxpress_sl-m3820_ss371cmultixpress_sl-x7400_ss053asf-760_ss198aclp-365_ss067alaser_100_5ue14axpress_sl-m2675_ss335alaser_mfp_130_9vv52aproxpress_sl-m4020_4pt7blaser_mfp_130_6hu12amultixpress_sl-k7400_ss037aproxpress_sl-c3060_ss213cmultixpress_scx-8240_st717alaser_mfp_130_4zb92aproxpress_sl-m3820_ss373kscx-4833_ss180axpress_sl-c430_ss230ascx-4521_sv966aproxpress_sl-m3875_ss379alaser_mfp_130_4zb89alaserjet_mfp_m42625_8af51aproxpress_sl-m4020_ss383lproxpress_sl-m3820_ss375bproxpress_sl-c3010_ss210lmultixpress_sl-k7600_ss041aml-4512_ss142axpress_sl-m2675_ss334aml-5510_ss151amultixpress_scx-8240_sw185alaserjet_mfp_m437_7zb21ascx-3406_sv298aproxpress_sl-c4010_ss216tproxpress_sl-c3010_ss210bxpress_sl-m3015_ss360axpress_sl-m2870_ss348alaser_100_209u7aml-5510_ss150alaserjet_mfp_m438_8af43alaserjet_mfp_m72625-m72630_2zn49aproxpress_sl-m4530_ss397gxpress_sl-m2875_ss351aproxpress_sl-m4580_ss401aproxpress_sl-c3060_ss213escx-4521_sv969aml-5510_ss149aproxpress_sl-c3010_ss210dscx-3406_sv945amultixpress_sl-k4350_ss033aproxpress_sl-c4010_ss216ascx-3406_sv947axpress_sl-m2020_ss271aCertain HP LaserJet products and Samsung product printers, see Security Bulletin
CWE ID-CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE-2023-21501
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-8.2||HIGH
EPSS-0.02% / 3.90%
||
7 Day CHG~0.00%
Published-04 May, 2023 | 00:00
Updated-12 Feb, 2025 | 16:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2023-21439
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.04% / 12.49%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2024-27372
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.38%
||
7 Day CHG~0.00%
Published-05 Jun, 2024 | 18:37
Updated-27 Aug, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on disc_attr->infrastructure_ssid_len coming from userspace, which can lead to a heap overwrite.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1380exynos_850_firmwareexynos_980_firmwareexynos_1330_firmwareexynos_1330exynos_1280_firmwareexynos_1380_firmwareexynos_1280exynos_980exynos_850n/aexynos_850_firmwareexynos_980_firmwareexynos_1330_firmwareexynos_1280_firmwareexynos_1380_firmware
CWE ID-CWE-122
Heap-based Buffer Overflow
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-27377
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.38%
||
7 Day CHG~0.00%
Published-05 Jun, 2024 | 18:36
Updated-28 Mar, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_get_security_info_nl(), there is no input validation check on sec_info->key_info.body.pmk_info.pmk_len coming from userspace, which can lead to a heap overwrite.

Action-Not Available
Vendor-n/aSamsung ElectronicsSamsung
Product-exynos_980exynos_1380exynos_850_firmwareexynos_980_firmwareexynos_1280_firmwareexynos_1330_firmwareexynos_1280exynos_1380_firmwareexynos_1330exynos_850n/aexynos
CWE ID-CWE-787
Out-of-bounds Write
CVE-2024-27371
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.38%
||
7 Day CHG~0.00%
Published-05 Jun, 2024 | 18:41
Updated-13 Feb, 2025 | 15:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation check on hal_req->service_specific_info_len coming from userspace, which can lead to a heap overwrite.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1330_firmwareexynos_1280exynos_850exynos_1380exynos_850_firmwareexynos_1280_firmwareexynos_980exynos_980_firmwareexynos_1380_firmwareexynos_1330n/aexynos_1330exynos_1280exynos_1380exynos_980exynos_850
CWE ID-CWE-1288
Improper Validation of Consistency within Input
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-39882
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-8||HIGH
EPSS-0.01% / 1.60%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-01 May, 2025 | 19:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Heap overflow vulnerability in sflacf_fal_bytes_peek function in libsmat.so library prior to SMR Nov-2022 Release 1 allows local attacker to execute arbitrary code.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-39907
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.9||MEDIUM
EPSS-0.02% / 4.78%
||
7 Day CHG~0.00%
Published-08 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 15:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Integer overflow vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-Of-Bounds Write.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2024-27379
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-6.7||MEDIUM
EPSS-0.04% / 11.38%
||
7 Day CHG~0.00%
Published-05 Jun, 2024 | 18:28
Updated-29 Mar, 2025 | 00:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_subscribe_get_nl_params(), there is no input validation check on hal_req->num_intf_addr_present coming from userspace, which can lead to a heap overwrite.

Action-Not Available
Vendor-n/aSamsung ElectronicsSamsung
Product-exynos_980exynos_1380exynos_850_firmwareexynos_980_firmwareexynos_1280_firmwareexynos_1330_firmwareexynos_1280exynos_1380_firmwareexynos_1330exynos_850n/aexynos
CWE ID-CWE-787
Out-of-bounds Write
CVE-2025-23098
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-0.02% / 2.57%
||
7 Day CHG~0.00%
Published-03 Jun, 2025 | 00:00
Updated-06 Jun, 2025 | 18:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos 980, 990, 1080, 2100, 1280, 2200, 1380. A Use-After-Free in the mobile processor leads to privilege escalation.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1280_firmwareexynos_980exynos_1080_firmwareexynos_2100exynos_1280exynos_1380_firmwareexynos_990exynos_1380exynos_990_firmwareexynos_2200exynos_2200_firmwareexynos_980_firmwareexynos_2100_firmwareexynos_1080n/a
CWE ID-CWE-416
Use After Free
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found