Filtered by vendor Samsung
Subscribe
Total
1539 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20887 | 1 Samsung | 1 Galaxy Buds Manager | 2026-01-14 | N/A | 6.2 MEDIUM |
|
Arbitrary directory creation in GalaxyBudsManager PC prior to version 2.1.240315.51 allows attacker to create arbitrary directory.
|
|||||
| CVE-2024-20851 | 1 Samsung | 1 Cloud | 2026-01-12 | N/A | 4.4 MEDIUM |
|
Improper access control vulnerability in Samsung Data Store prior to version 5.3.00.4 allows local attackers to launch arbitrary activity with Samsung Data Store privilege.
|
|||||
| CVE-2024-20853 | 1 Samsung | 1 Galaxy Themes | 2026-01-12 | N/A | 5.1 MEDIUM |
|
Improper verification of intent by broadcast receiver vulnerability in ThemeStore prior to 5.3.05.2 allows local attackers to write arbitrary files to sandbox of ThemeStore.
|
|||||
| CVE-2024-34598 | 1 Samsung | 1 Good Lock | 2026-01-12 | N/A | 7.7 HIGH |
|
Improper export of component in GoodLock prior to version 2.2.04.95 allows local attackers to install arbitrary applications from Galaxy Store.
|
|||||
| CVE-2025-21045 | 1 Samsung | 11 Galaxy Watch, Galaxy Watch 4, Galaxy Watch 4 Classic and 8 more | 2026-01-09 | N/A | 4.0 MEDIUM |
|
Insecure storage of sensitive information in Galaxy Watch prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information.
|
|||||
| CVE-2025-53966 | 1 Samsung | 8 Exynos 1380, Exynos 1380 Firmware, Exynos 1480 and 5 more | 2026-01-09 | N/A | 8.4 HIGH |
|
An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, and 1580. Incorrect Handling of the NL80211 vendor command leads to a buffer overflow during handling of an IOCTL message.
|
|||||
| CVE-2025-27807 | 1 Samsung | 38 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 35 more | 2026-01-09 | N/A | 9.1 CRITICAL |
|
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The lack of a length check leads to out-of-bounds writes via malformed NAS packets.
|
|||||
| CVE-2025-43706 | 1 Samsung | 22 Exynos 1080, Exynos 1080 Firmware, Exynos 1580 and 19 more | 2026-01-09 | N/A | 7.5 HIGH |
|
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2400, 1580, 9110, W920, W930, Modem 5123, and Modem 5400. Incorrect handling of RRC packets leads to a Denial of Service.
|
|||||
| CVE-2025-49495 | 1 Samsung | 8 Exynos 1380, Exynos 1380 Firmware, Exynos 1480 and 5 more | 2026-01-09 | N/A | 8.4 HIGH |
|
An issue was discovered in the WiFi driver in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580. Mishandling of an NL80211 vendor command leads to a buffer overflow.
|
|||||
| CVE-2025-52515 | 1 Samsung | 12 Exynos 1330, Exynos 1330 Firmware, Exynos 1380 and 9 more | 2026-01-09 | N/A | 5.1 MEDIUM |
|
An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. A race condition in the issimian device driver results in an out-of-bounds access, leading to a denial of service.
|
|||||
| CVE-2025-52516 | 1 Samsung | 12 Exynos 1330, Exynos 1330 Firmware, Exynos 1380 and 9 more | 2026-01-09 | N/A | 6.2 MEDIUM |
|
An issue was discovered in the Camera in Samsung Mobile Processor and Wearable Processor Exynos 1330, 1380, 1480, 2400, 1580, 2500. An invalid kernel address dereference in the issimian device driver leads to a denial of service.
|
|||||
| CVE-2024-49417 | 1 Samsung | 1 Smart Touch Call | 2026-01-09 | N/A | 2.0 LOW |
|
Use of implicit intent for sensitive communication in Smart Touch Call prior to 1.0.0.8 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2024-34670 | 1 Samsung | 1 Sound Assistant | 2026-01-08 | N/A | 4.0 MEDIUM |
|
Use of implicit intent for sensitive communication in Sound Assistant prior to version 6.1.0.9 allows local attackers to get sensitive information.
|
|||||
| CVE-2024-34672 | 1 Samsung | 2 Android, Video Player | 2026-01-08 | N/A | 5.5 MEDIUM |
|
Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows local attackers to access video file of other users.
|
|||||
| CVE-2025-21063 | 1 Samsung | 2 Android, Voice Recorder | 2026-01-08 | N/A | 4.6 MEDIUM |
|
Improper access control in Samsung Voice Recorder prior to version 21.5.73.12 in Android 15 and 21.5.81.40 in Android 16 allows physical attackers to access recording files on the lock screen.
|
|||||
| CVE-2025-58488 | 1 Samsung | 1 Smart Touch Call | 2026-01-08 | N/A | 4.5 MEDIUM |
|
Improper verification of source of a communication channel in SmartTouchCall prior to version 1.0.1.1 allows remote attackers to access sensitive information. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2024-20871 | 1 Samsung | 1 One Ui | 2026-01-07 | N/A | 4.9 MEDIUM |
|
Improper authorization vulnerability in Samsung Keyboard prior to version One UI 5.1.1 allows physical attackers to partially bypass the factory reset protection.
|
|||||
| CVE-2024-20872 | 1 Samsung | 1 Android | 2026-01-07 | N/A | 6.2 MEDIUM |
|
Improper handling of insufficient privileges vulnerability in TalkbackSE prior to version Android 14 allows local attackers to modify setting value of TalkbackSE.
|
|||||
| CVE-2025-21022 | 1 Samsung | 1 Galaxy Wearable | 2025-12-08 | N/A | 3.3 LOW |
|
Improper access control in Galaxy Wearable prior to version 2.2.63.25042861 allows local attackers to access sensitive information.
|
|||||
| CVE-2024-34671 | 1 Samsung | 1 Internet | 2025-12-06 | N/A | 3.3 LOW |
|
Use of implicit intent for sensitive communication in translation혻in Samsung Internet prior to version 26.0.3.1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2025-21080 | 1 Samsung | 1 Android | 2025-12-05 | N/A | 6.2 MEDIUM |
|
Improper export of android application components in Dynamic Lockscreen prior to SMR Dec-2025 Release 1 allows local attackers to access files with Dynamic Lockscreen's privilege.
|
|||||
| CVE-2025-21072 | 1 Samsung | 1 Android | 2025-12-05 | N/A | 5.7 MEDIUM |
|
Out-of-bounds write in decoding metadata in fingerprint trustlet prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
|
|||||
| CVE-2025-58475 | 1 Samsung | 1 Android | 2025-12-05 | N/A | 5.6 MEDIUM |
|
Improper input validation in libsec-ril.so prior to SMR Dec-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
|
|||||
| CVE-2025-58476 | 1 Samsung | 1 Android | 2025-12-05 | N/A | 4.2 MEDIUM |
|
Out-of-bounds read vulnerability in bootloader prior to SMR Dec-2025 Release 1 allows physical attackers to access out-of-bounds memory.
|
|||||
| CVE-2025-58477 | 1 Samsung | 1 Android | 2025-12-05 | N/A | 4.3 MEDIUM |
|
Out-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
|
|||||
| CVE-2025-58478 | 1 Samsung | 1 Android | 2025-12-05 | N/A | 4.3 MEDIUM |
|
Out-of-bounds write in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
|
|||||
| CVE-2025-58479 | 1 Samsung | 1 Android | 2025-12-05 | N/A | 4.3 MEDIUM |
|
Out-of-bounds read in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
|
|||||
| CVE-2025-58480 | 1 Samsung | 1 Android | 2025-12-05 | N/A | 4.3 MEDIUM |
|
Heap-based buffer overflow in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-bounds memory.
|
|||||
| CVE-2025-53965 | 1 Samsung | 36 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 33 more | 2025-12-05 | N/A | 5.3 MEDIUM |
|
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to decode the SOR transparent container lacks bounds checking, which can cause a fatal error.
|
|||||
| CVE-2025-54326 | 1 Samsung | 4 Exynos 1280, Exynos 1280 Firmware, Exynos 2200 and 1 more | 2025-12-05 | N/A | 7.5 HIGH |
|
An issue was discovered in Camera in Samsung Mobile Processor Exynos 1280 and 2200. Unnecessary registration of a hardware IP address in the Camera device driver can lead to a NULL pointer dereference, resulting in a denial of service.
|
|||||
| CVE-2025-20994 | 1 Samsung | 1 Internet | 2025-12-04 | N/A | 4.5 MEDIUM |
|
Improper handling of insufficient permission in SyncClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to access read and write arbitrary files.
|
|||||
| CVE-2025-20995 | 1 Samsung | 1 Internet | 2025-12-04 | N/A | 4.9 MEDIUM |
|
Improper handling of insufficient permission in ClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.59 allows local attackers to read and write arbitrary files.
|
|||||
| CVE-2025-58481 | 1 Samsung | 1 Motionphoto | 2025-12-04 | N/A | 7.3 HIGH |
|
Improper access control in MPRemoteService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service.
|
|||||
| CVE-2025-58482 | 1 Samsung | 1 Motionphoto | 2025-12-04 | N/A | 7.3 HIGH |
|
Improper access control in MPLocalService of MotionPhoto prior to version 4.1.51 allows local attackers to start privileged service.
|
|||||
| CVE-2025-58483 | 1 Samsung | 1 Galaxy Store | 2025-12-04 | N/A | 5.9 MEDIUM |
|
Improper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to install arbitrary application on Galaxy Store.
|
|||||
| CVE-2025-58485 | 1 Samsung | 1 Internet | 2025-12-03 | N/A | 5.5 MEDIUM |
|
Improper input validation in Samsung Internet prior to version 29.0.0.48 allows local attackers to inject arbitrary script.
|
|||||
| CVE-2025-58486 | 1 Samsung | 1 Account | 2025-12-03 | N/A | 4.0 MEDIUM |
|
Improper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script.
|
|||||
| CVE-2025-58487 | 1 Samsung | 1 Account | 2025-12-03 | N/A | 4.0 MEDIUM |
|
Improper authorization in Samsung Account prior to version 15.5.01.1 allows local attacker to launch arbitrary activity with Samsung Account privilege.
|
|||||
| CVE-2025-21042 | 1 Samsung | 1 Android | 2025-11-12 | N/A | 8.8 HIGH |
|
Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2025-21078 | 1 Samsung | 1 Smart Switch | 2025-11-07 | N/A | 8.8 HIGH |
|
Use of insufficiently random value of secretKey in Smart Switch prior to version 3.7.68.6 allows adjacent attackers to access backup data from applications.
|
|||||