Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by vendor Samsung
Angry Yack Logo
Total 1539 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-25423 1 Samsung 1 Watch Active2 Plugin 2024-11-21 2.1 LOW 5.5 MEDIUM
Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log.
CVE-2021-25422 1 Samsung 1 Watch Active Plugin 2024-11-21 2.1 LOW 5.5 MEDIUM
Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.
CVE-2021-25421 1 Samsung 1 Galaxy Watch 3 Plugin 2024-11-21 2.1 LOW 5.5 MEDIUM
Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.
CVE-2021-25420 1 Samsung 1 Galaxy Watch Plugin 2024-11-21 2.1 LOW 5.5 MEDIUM
Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.
CVE-2021-25419 1 Samsung 1 Internet 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link.
CVE-2021-25418 1 Samsung 1 Internet 2024-11-21 4.4 MEDIUM 7.8 HIGH
Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition.
CVE-2021-25416 2 Google, Samsung 5 Android, Exynos 9610, Exynos 9810 and 2 more 2024-11-21 2.1 LOW 6.5 MEDIUM
Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area.
CVE-2021-25415 2 Google, Samsung 5 Android, Exynos 9610, Exynos 9810 and 2 more 2024-11-21 2.1 LOW 5.5 MEDIUM
Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable.
CVE-2021-25411 2 Google, Samsung 5 Android, Exynos 9610, Exynos 9810 and 2 more 2024-11-21 2.1 LOW 4.4 MEDIUM
Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory.
CVE-2021-25408 2 Google, Samsung 5 Android, Exynos 2100, Exynos 980 and 2 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
A possible buffer overflow vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write and code execution.
CVE-2021-25407 2 Google, Samsung 5 Android, Exynos 2100, Exynos 980 and 2 more 2024-11-21 4.6 MEDIUM 7.8 HIGH
A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write.
CVE-2021-25406 1 Samsung 1 Gear S 2024-11-21 3.3 LOW 6.5 MEDIUM
Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information.
CVE-2021-25405 1 Samsung 1 Notes 2024-11-21 2.1 LOW 5.5 MEDIUM
An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files.
CVE-2021-25404 1 Samsung 2 Smartthings, Smartthings Firmware 2024-11-21 2.1 LOW 3.3 LOW
Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log.
CVE-2021-25403 2 Google, Samsung 2 Android, Account 2024-11-21 2.1 LOW 3.3 LOW
Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component.
CVE-2021-25402 1 Samsung 1 Notes 2024-11-21 2.1 LOW 3.3 LOW
Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information.
CVE-2021-25401 1 Samsung 1 Health 2024-11-21 4.6 MEDIUM 7.8 HIGH
Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action.
CVE-2021-25400 1 Samsung 1 Internet 2024-11-21 4.6 MEDIUM 7.8 HIGH
Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action.
CVE-2021-25399 1 Samsung 1 Smart Manager 2024-11-21 3.6 LOW 7.1 HIGH
Improper configuration in Smart Manager prior to version 11.0.05.0 allows attacker to access the file with system privilege.
CVE-2021-25398 1 Samsung 1 Bixby Voice 2024-11-21 2.1 LOW 3.3 LOW
Intent redirection vulnerability in Bixby Voice prior to version 3.1.12 allows attacker to access contacts.
CVE-2021-25396 2 Google, Samsung 5 Android, Exynos 2100, Exynos 980 and 2 more 2024-11-21 4.6 MEDIUM 6.7 MEDIUM
An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution.
CVE-2021-25381 2 Google, Samsung 2 Android, Account 2024-11-21 4.6 MEDIUM 5.5 MEDIUM
Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
CVE-2021-25380 1 Samsung 1 Bixby 2024-11-21 7.5 HIGH 5.8 MEDIUM
Improper handling of exceptional conditions in Bixby prior to version 3.0.53.02 allows attacker to execute the actions registered by the user.
CVE-2021-25379 1 Samsung 1 Gallery 2024-11-21 2.1 LOW 4.0 MEDIUM
Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action.
CVE-2021-25378 1 Samsung 1 Smartthings 2024-11-21 5.0 MEDIUM 4.3 MEDIUM
Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service.
CVE-2021-25377 2 Google, Samsung 2 Android, Experience Service 2024-11-21 4.6 MEDIUM 3.3 LOW
Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attacker to execute privileged action.
CVE-2021-25376 1 Samsung 1 Email 2024-11-21 5.0 MEDIUM 3.1 LOW
An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed.
CVE-2021-25375 1 Samsung 1 Email 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment.
CVE-2021-25374 2 Google, Samsung 2 Android, Members 2024-11-21 5.0 MEDIUM 8.6 HIGH
An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account.
CVE-2021-25373 2 Google, Samsung 2 Android, Customization Service 2024-11-21 4.6 MEDIUM 5.5 MEDIUM
Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
CVE-2021-25368 1 Samsung 1 Cloud 2024-11-21 5.0 MEDIUM 3.3 LOW
Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed.
CVE-2021-25367 1 Samsung 1 Notes 2024-11-21 5.5 MEDIUM 3.7 LOW
Path Traversal vulnerability in Samsung Notes prior to version 4.2.00.22 allows attackers to access local files without permission.
CVE-2021-25366 1 Samsung 1 Internet 2024-11-21 3.6 LOW 3.2 LOW
Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate attackers to bypass the secret mode's authentication.
CVE-2021-25355 1 Samsung 1 Notes 2024-11-21 4.6 MEDIUM 5.5 MEDIUM
Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 allows local attackers unauthorized action without permission via hijacking the PendingIntent.
CVE-2021-25354 1 Samsung 1 Internet 2024-11-21 6.8 MEDIUM 3.3 LOW
Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink.
CVE-2021-25353 1 Samsung 1 Galaxy Themes 2024-11-21 3.6 LOW 5.5 MEDIUM
Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.1215 allows local attackers to read/write private file directories of Galaxy Themes application without permission via hijacking the PendingIntent.
CVE-2021-25352 1 Samsung 1 Bixby Voice 2024-11-21 4.6 MEDIUM 5.5 MEDIUM
Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent.
CVE-2021-25351 2 Google, Samsung 2 Android, Account 2024-11-21 2.1 LOW 3.2 LOW
Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password.
CVE-2021-25350 2 Google, Samsung 2 Android, Account 2024-11-21 2.1 LOW 2.0 LOW
Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log.
CVE-2021-25349 2 Google, Samsung 2 Android, Slow Motion Editor 2024-11-21 4.6 MEDIUM 5.5 MEDIUM
Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via hijacking the PendingIntent.