Filtered by vendor Samsung
Subscribe
Total
1539 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25500 | 2 Google, Samsung | 5 Android, Exynos 2100, Exynos 980 and 2 more | 2024-11-21 | 2.1 LOW | 7.2 HIGH |
|
A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise.
|
|||||
| CVE-2021-25499 | 1 Samsung | 1 Galaxy Store | 2024-11-21 | 2.1 LOW | 7.1 HIGH |
|
Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store.
|
|||||
| CVE-2021-25498 | 1 Samsung | 1 Notes | 2024-11-21 | 4.6 MEDIUM | 7.3 HIGH |
|
A possible buffer overflow vulnerability in maetd_eco_cb_mode of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution.
|
|||||
| CVE-2021-25497 | 1 Samsung | 1 Notes | 2024-11-21 | 4.6 MEDIUM | 7.3 HIGH |
|
A possible buffer overflow vulnerability in maetd_cpy_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution.
|
|||||
| CVE-2021-25496 | 1 Samsung | 1 Notes | 2024-11-21 | 4.6 MEDIUM | 7.3 HIGH |
|
A possible buffer overflow vulnerability in maetd_dec_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution.
|
|||||
| CVE-2021-25495 | 1 Samsung | 1 Notes | 2024-11-21 | 4.6 MEDIUM | 7.3 HIGH |
|
A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution.
|
|||||
| CVE-2021-25494 | 1 Samsung | 1 Notes | 2024-11-21 | 4.6 MEDIUM | 4.0 MEDIUM |
|
A possible buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution.
|
|||||
| CVE-2021-25493 | 1 Samsung | 1 Notes | 2024-11-21 | 3.6 LOW | 4.0 MEDIUM |
|
Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read
|
|||||
| CVE-2021-25492 | 1 Samsung | 1 Notes | 2024-11-21 | 3.6 LOW | 7.3 HIGH |
|
Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read.
|
|||||
| CVE-2021-25491 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 2.1 LOW | 2.3 LOW |
|
A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer dereference.
|
|||||
| CVE-2021-25488 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read.
|
|||||
| CVE-2021-25481 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 4.6 MEDIUM | 6.4 MEDIUM |
|
An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory.
|
|||||
| CVE-2021-25479 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.
|
|||||
| CVE-2021-25478 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 6.5 MEDIUM | 7.2 HIGH |
|
A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.
|
|||||
| CVE-2021-25476 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 2.1 LOW | 4.1 MEDIUM |
|
An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE.
|
|||||
| CVE-2021-25475 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2024-11-21 | 7.2 HIGH | 3.9 LOW |
|
A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution.
|
|||||
| CVE-2021-25471 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 5.0 MEDIUM | 3.7 LOW |
|
A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion.
|
|||||
| CVE-2021-25470 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 3.6 LOW | 7.9 HIGH |
|
An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE.
|
|||||
| CVE-2021-25469 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 4.6 MEDIUM | 6.0 MEDIUM |
|
A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution.
|
|||||
| CVE-2021-25468 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory address.
|
|||||
| CVE-2021-25467 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2024-11-21 | 7.2 HIGH | 5.3 MEDIUM |
|
Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library.
|
|||||
| CVE-2021-25466 | 1 Samsung | 1 Internet | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
|
Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token.
|
|||||
| CVE-2021-25465 | 1 Samsung | 1 Themes | 2024-11-21 | 4.4 MEDIUM | 3.3 LOW |
|
An improper scheme check vulnerability in Samsung Themes prior to version 5.2.01 allows attackers to perform Man-in-the-middle attack.
|
|||||
| CVE-2021-25464 | 1 Samsung | 1 Capture | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
An improper file management vulnerability in SamsungCapture prior to version 4.8.02 allows sensitive information leak.
|
|||||
| CVE-2021-25463 | 1 Samsung | 1 Penup | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
|
Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview.
|
|||||
| CVE-2021-25457 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2024-11-21 | 2.1 LOW | 5.9 MEDIUM |
|
An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information.
|
|||||
| CVE-2021-25452 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device.
|
|||||
| CVE-2021-25448 | 1 Samsung | 1 Smart Touch Call | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Improper access control vulnerability in Smart Touch Call prior to version 1.0.0.5 allows arbitrary webpage loading in webview.
|
|||||
| CVE-2021-25447 | 1 Samsung | 2 Smartthings, Smartthings Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview.
|
|||||
| CVE-2021-25446 | 1 Samsung | 2 Smartthings, Smartthings Firmware | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview.
|
|||||
| CVE-2021-25445 | 1 Samsung | 1 Internet | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted application to access internal files in Samsung Internet.
|
|||||
| CVE-2021-25442 | 1 Samsung | 1 Knox Cloud Services | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Improper MDM policy management vulnerability in KME module prior to KCS version 1.39 allows MDM users to bypass Knox Manage authentication.
|
|||||
| CVE-2021-25441 | 2 Google, Samsung | 2 Android, Ar Emoji Editor | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Improper input validation vulnerability in AR Emoji Editor prior to version 4.4.03.5 in Android Q(10.0) and above allows untrusted applications to access arbitrary files with an escalated privilege.
|
|||||
| CVE-2021-25440 | 1 Samsung | 1 Factorycamerafb | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege.
|
|||||
| CVE-2021-25439 | 2 Google, Samsung | 2 Android, Members | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview.
|
|||||
| CVE-2021-25438 | 2 Google, Samsung | 2 Android, Members | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview.
|
|||||
| CVE-2021-25432 | 2 Google, Samsung | 2 Android, Samsung Members | 2024-11-21 | 2.1 LOW | 3.3 LOW |
|
Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data.
|
|||||
| CVE-2021-25431 | 2 Google, Samsung | 2 Android, Cameralyzer | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
Improper access control vulnerability in Cameralyzer prior to versions 3.2.1041 in 3.2.x, 3.3.1040 in 3.3.x, and 3.4.4210 in 3.4.x allows untrusted applications to access some functions of Cameralyzer.
|
|||||
| CVE-2021-25425 | 1 Samsung | 1 Health | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component.
|
|||||
| CVE-2021-25424 | 1 Samsung | 18 Galaxy Watch, Galaxy Watch 3, Galaxy Watch 3 Firmware and 15 more | 2024-11-21 | 5.8 MEDIUM | 8.8 HIGH |
|
Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness.
|
|||||