Filtered by vendor Samsung
Subscribe
Total
1539 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-20944 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 6.2 MEDIUM |
|
Out-of-bounds read in parsing audio data in libsavsac.so prior to SMR Apr-2025 Release 1 allows local attackers to read out-of-bounds memory.
|
|||||
| CVE-2025-20947 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 5.5 MEDIUM |
|
Improper handling of insufficient permission or privileges in ClipboardService prior to SMR Apr-2025 Release 1 allows local attackers to access image files across multiple users. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2025-20948 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 5.5 MEDIUM |
|
Out-of-bounds read in enrollment with cdsp frame secfr trustlet prior to SMR Apr-2025 Release 1 allows local privileged attackers to read out-of-bounds memory.
|
|||||
| CVE-2025-20938 | 1 Samsung | 1 Android | 2026-02-05 | N/A | 5.5 MEDIUM |
|
Improper access control in SamsungContacts prior to SMR Apr-2025 Release 1 allows local attackers to access protected data in SamsungContacts.
|
|||||
| CVE-2025-20952 | 1 Samsung | 1 Android | 2026-02-02 | N/A | 5.5 MEDIUM |
|
Improper access control in Mdecservice prior to SMR Apr-2025 Release 1 allows local attackers to access arbitrary files with system privilege.
|
|||||
| CVE-2026-20974 | 1 Samsung | 1 Android | 2026-02-02 | N/A | 4.6 MEDIUM |
|
Improper input validation in data related to network restrictions prior to SMR Jan-2026 Release 1 allows physical attackers to bypass Carrier Relock.
|
|||||
| CVE-2026-20973 | 1 Samsung | 1 Android | 2026-02-02 | N/A | 5.3 MEDIUM |
|
Out-of-bounds read in libimagecodec.quram.so prior to SMR Jan-2026 Release 1 allows remote attacker to access out-of-bounds memory.
|
|||||
| CVE-2025-20984 | 1 Samsung | 11 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 8 more | 2026-02-02 | N/A | 6.8 MEDIUM |
|
Incorrect default permission in Samsung Cloud for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to access data in Samsung Cloud for Galaxy Watch.
|
|||||
| CVE-2025-20986 | 1 Samsung | 11 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 8 more | 2026-02-02 | N/A | 5.5 MEDIUM |
|
Improper access control in ScreenCapture for Galaxy Watch prior to SMR Jun-2025 Release 1 allows local attackers to take screenshots.
|
|||||
| CVE-2025-20912 | 1 Samsung | 11 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 8 more | 2026-02-02 | N/A | 6.2 MEDIUM |
|
Incorrect default permission in DiagMonAgent prior to SMR Mar-2025 Release 1 allows local attackers to access data within Galaxy Watch.
|
|||||
| CVE-2025-20910 | 1 Samsung | 11 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 8 more | 2026-02-02 | N/A | 6.2 MEDIUM |
|
Incorrect default permission in Galaxy Watch Gallery prior to SMR Mar-2025 Release 1 allows local attackers to access data in Galaxy Watch Gallery.
|
|||||
| CVE-2025-20911 | 1 Samsung | 11 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 8 more | 2026-02-02 | N/A | 4.4 MEDIUM |
|
Improper access control in sem_wifi service prior to SMR Mar-2025 Release 1 allows privileged local attackers to update MAC address of Galaxy Watch.
|
|||||
| CVE-2024-49422 | 1 Samsung | 1 Android | 2026-02-02 | N/A | 5.2 MEDIUM |
|
Protection Mechanism Failure in bootloader prior to SMR Oct-2024 Release 1 allows physical attackers to reset lockscreen failure count by hardware fault injection. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2025-20966 | 1 Samsung | 2 Android, Gallery | 2026-01-30 | N/A | 4.6 MEDIUM |
|
Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across multiple user profiles.
|
|||||
| CVE-2025-20967 | 1 Samsung | 2 Android, Gallery | 2026-01-30 | N/A | 5.1 MEDIUM |
|
Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read and write arbitrary file with the privilege of Samsung Gallery.
|
|||||
| CVE-2025-20968 | 1 Samsung | 2 Android, Gallery | 2026-01-30 | N/A | 7.2 HIGH |
|
Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery.
|
|||||
| CVE-2025-20969 | 1 Samsung | 2 Android, Gallery | 2026-01-30 | N/A | 5.5 MEDIUM |
|
Improper input validation in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows local attackers to access data within Samsung Gallery.
|
|||||
| CVE-2025-52519 | 1 Samsung | 12 Exynos 1330, Exynos 1330 Firmware, Exynos 1380 and 9 more | 2026-01-30 | N/A | 7.1 HIGH |
|
An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, and 2500. Improper validation of user-space input in the issimian device driver leads to information disclosure and a denial of service.
|
|||||
| CVE-2025-57836 | 2 Microsoft, Samsung | 2 Windows, Magician | 2026-01-30 | N/A | 7.8 HIGH |
|
An issue was discovered in Samsung Magician 6.3.0 through 8.3.2 on Windows. The installer creates a temporary folder with weak permissions during installation, allowing a non-admin user to perform DLL hijacking and escalate privileges.
|
|||||
| CVE-2023-21477 | 1 Samsung | 1 Android | 2026-01-28 | N/A | 7.9 HIGH |
|
Access of Memory Location After End of Buffer vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data.
|
|||||
| CVE-2023-21479 | 1 Samsung | 2 Android, Smart Suggestions | 2026-01-28 | N/A | 5.3 MEDIUM |
|
Improper authorization in Smart suggestions prior to SMR Apr-2023 Release 1 in Android 13 and 4.1.01.0 in Android 12 allows remote attackers to register a schedule.
|
|||||
| CVE-2025-52517 | 1 Samsung | 12 Exynos 1330, Exynos 1330 Firmware, Exynos 1380 and 9 more | 2026-01-27 | N/A | 5.9 MEDIUM |
|
An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. A race condition in the issimian device driver results in a double free, leading to a denial of service.
|
|||||
| CVE-2025-20946 | 1 Samsung | 11 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 8 more | 2026-01-27 | N/A | 8.8 HIGH |
|
Improper handling of exceptional conditions in pairing specific bluetooth devices in Galaxy Watch Bluetooth pairing prior to SMR Apr-2025 Release 1 allows local attackers to pair with specific bluetooth devices without user interaction.
|
|||||
| CVE-2025-20945 | 1 Samsung | 11 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 8 more | 2026-01-27 | N/A | 4.0 MEDIUM |
|
Improper access control in Galaxy Watch prior to SMR Apr-2025 Release 1 allows local attackers to access sensitive information of Galaxy watch.
|
|||||
| CVE-2025-20939 | 1 Samsung | 11 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 8 more | 2026-01-27 | N/A | 5.4 MEDIUM |
|
Improper authorization in wireless download protocol in Galaxy Watch prior to SMR Apr-2025 Release 1 allows physical attackers to update device unique identifier of Watch devices.
|
|||||
| CVE-2025-0634 | 1 Samsung | 1 Rlottie | 2026-01-22 | N/A | 9.8 CRITICAL |
|
Use After Free vulnerability in Samsung Open Source rLottie allows Remote Code Inclusion.This issue affects rLottie: V0.2.
|
|||||
| CVE-2025-20936 | 1 Samsung | 1 Android | 2026-01-22 | N/A | 8.8 HIGH |
|
Improper access control in HDCP trustlet prior to SMR Apr-2025 Release 1 allows local attackers with shell privilege to escalate their privileges to root.
|
|||||
| CVE-2025-20997 | 1 Samsung | 11 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 8 more | 2026-01-20 | N/A | 6.2 MEDIUM |
|
Incorrect default permission in Framework for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to reset some configuration of Galaxy Watch.
|
|||||
| CVE-2025-20998 | 1 Samsung | 11 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 8 more | 2026-01-20 | N/A | 5.5 MEDIUM |
|
Improper access control in SamsungAccount for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to access phone number.
|
|||||
| CVE-2025-21004 | 1 Samsung | 11 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 8 more | 2026-01-20 | N/A | 6.2 MEDIUM |
|
Improper verification of intent by broadcast receiver in System UI for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to power off the device.
|
|||||
| CVE-2026-20976 | 1 Samsung | 1 Galaxy Store | 2026-01-15 | N/A | 7.8 HIGH |
|
Improper input validation in Galaxy Store prior to version 4.6.02 allows local attacker to execute arbitrary script.
|
|||||
| CVE-2026-20975 | 1 Samsung | 1 Cloud | 2026-01-15 | N/A | 5.5 MEDIUM |
|
Improper handling of insufficient permission in Samsung Cloud prior to version 5.6.11 allows local attackers to access specific files in arbitrary path.
|
|||||
| CVE-2026-20969 | 1 Samsung | 1 Android | 2026-01-15 | N/A | 5.5 MEDIUM |
|
Improper input validation in SecSettings prior to SMR Jan-2026 Release 1 allows local attacker to access file with system privilege. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2026-20972 | 1 Samsung | 1 Android | 2026-01-15 | N/A | 3.3 LOW |
|
Improper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB.
|
|||||
| CVE-2026-20971 | 1 Samsung | 1 Android | 2026-01-15 | N/A | 7.8 HIGH |
|
Use After Free in PROCA driver prior to SMR Jan-2026 Release 1 allows local attackers to potentially execute arbitrary code.
|
|||||
| CVE-2026-20970 | 1 Samsung | 1 Android | 2026-01-15 | N/A | 7.8 HIGH |
|
Improper access control in SLocation prior to SMR Jan-2026 Release 1 allows local attackers to execute the privileged APIs.
|
|||||
| CVE-2026-20968 | 1 Samsung | 1 Android | 2026-01-15 | N/A | 6.7 MEDIUM |
|
Use after free in DualDAR prior to SMR Jan-2026 Release 1 allows local privileged attackers to execute arbitrary code.
|
|||||
| CVE-2025-20956 | 1 Samsung | 11 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 8 more | 2026-01-15 | N/A | 4.3 MEDIUM |
|
Improper export of android application components in Settings in Galaxy Watch prior to SMR May-2025 Release 1 allows physical attackers to access developer settings.
|
|||||
| CVE-2021-25372 | 1 Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2026-01-14 | 7.2 HIGH | 6.1 MEDIUM |
|
An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.
|
|||||
| CVE-2021-25370 | 1 Samsung | 1 Android | 2026-01-14 | 4.9 MEDIUM | 6.1 MEDIUM |
|
An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.
|
|||||