Filtered by vendor Samsung
Subscribe
Total
1539 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21079 | 1 Samsung | 1 Members | 2025-11-07 | N/A | 7.1 HIGH |
|
Improper input validation in Samsung Members prior to version 5.5.01.3 allows remote attackers to connect arbitrary URL and launch arbitrary activity with Samsung Members privilege. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2025-21071 | 1 Samsung | 1 Android | 2025-11-07 | N/A | 5.7 MEDIUM |
|
Out-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
|
|||||
| CVE-2025-21073 | 1 Samsung | 1 Android | 2025-11-07 | N/A | 6.8 MEDIUM |
|
Insecure default configuration in USB connection mode prior to SMR Nov-2025 Release 1 allows privileged physical attackers to access user data. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2025-21074 | 1 Samsung | 1 Android | 2025-11-07 | N/A | 4.3 MEDIUM |
|
Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.
|
|||||
| CVE-2025-21075 | 1 Samsung | 1 Android | 2025-11-07 | N/A | 4.3 MEDIUM |
|
Out-of-bounds write in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory.
|
|||||
| CVE-2025-21076 | 1 Samsung | 1 Account | 2025-11-07 | N/A | 5.5 MEDIUM |
|
Improper handling of insufficient permissions or privileges in Samsung Account prior to version 15.5.00.18 allows local attackers to access data in Samsung Account. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2025-21077 | 1 Samsung | 1 Email | 2025-11-07 | N/A | 3.3 LOW |
|
Improper input validation in Samsung Email prior to version 6.2.06.0 allows local attackers to launch arbitrary activity with Samsung Email privilege.
|
|||||
| CVE-2025-54335 | 1 Samsung | 8 Exynos 1480, Exynos 1480 Firmware, Exynos 1580 and 5 more | 2025-11-07 | N/A | 6.5 MEDIUM |
|
An issue was discovered in the GPU driver in Samsung Mobile Processor Exynos 1480, 2400, 1580, 2500. There is a use-after-free in the Xclipse GPU Driver.
|
|||||
| CVE-2025-52910 | 1 Samsung | 12 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 9 more | 2025-11-07 | N/A | 9.8 CRITICAL |
|
An issue was discovered in the GPU in Samsung Mobile Processor and Wearable Processor Exynos 1280, 2200, 1330, 1380, 1480, 2400. A Use-After-Free leads to privilege escalation.
|
|||||
| CVE-2025-27374 | 1 Samsung | 22 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 19 more | 2025-11-07 | N/A | 5.3 MEDIUM |
|
An issue was discovered in the Secure Boot component in Samsung Mobile Processor and Wearable Processor Exynos 9820, 9825, 980, 990, 850, 1080, 1280, 2200, 1330, 1380, 1480, 2400. The lack of a length check leads to out-of-bounds writes.
|
|||||
| CVE-2024-56426 | 1 Samsung | 28 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 25 more | 2025-11-07 | N/A | 7.5 HIGH |
|
An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, W920, W930, W1000. The lack of a length check leads to out-of-bounds writes via malformed USB packets to the target.
|
|||||
| CVE-2025-54327 | 1 Samsung | 6 Exynos 1280, Exynos 1280 Firmware, Exynos 1380 and 3 more | 2025-11-07 | N/A | 6.5 MEDIUM |
|
An issue was discovered in VTS in Samsung Mobile Processor and Wearable Processor Exynos 1280, 2200, 1380, W920, W930, W1000. Improper input validation in the VTS driver leads to an arbitrary write.
|
|||||
| CVE-2025-49494 | 1 Samsung | 16 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 13 more | 2025-11-07 | N/A | 7.5 HIGH |
|
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 2100, 1280, 2200, 1330, 1380, 1480, 9110, Modem 5123. Mishandling of an 5G NRMM packet leads to a Denial of Service.
|
|||||
| CVE-2025-54334 | 1 Samsung | 14 Exynos 1280, Exynos 1280 Firmware, Exynos 1380 and 11 more | 2025-11-07 | N/A | 7.5 HIGH |
|
An issue was discovered in the NPU driver in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, 2500. There is a NULL Pointer Dereference of hdev in the __npu_vertex_bootup function.
|
|||||
| CVE-2025-52513 | 1 Samsung | 6 Exynos 1580, Exynos 1580 Firmware, Exynos 2400 and 3 more | 2025-11-07 | N/A | 7.5 HIGH |
|
An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in an out-of-bounds write, leading to a denial of service.
|
|||||
| CVE-2025-52512 | 1 Samsung | 6 Exynos 1580, Exynos 1580 Firmware, Exynos 2400 and 3 more | 2025-11-07 | N/A | 7.5 HIGH |
|
An issue was discovered in Samsung Mobile Processor Exynos 2400, 1580, 2500. A race condition in the HTS driver results in out-of-bounds memory access, leading to a denial of service.
|
|||||
| CVE-2025-54333 | 1 Samsung | 2 Exynos 1380, Exynos 1380 Firmware | 2025-11-07 | N/A | 5.3 MEDIUM |
|
An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. There is an Invalid Pointer Dereference of node in the get_vs4l_profiler_node function.
|
|||||
| CVE-2025-54325 | 1 Samsung | 22 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 19 more | 2025-11-07 | N/A | 5.3 MEDIUM |
|
An issue was discovered in VTS in Samsung Mobile Processor and Wearable Processor Exynos 1080, 1280, 2200, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000. A race condition in the VTS driver results in an out-of-bounds read, leading to an information leak.
|
|||||
| CVE-2025-54332 | 1 Samsung | 2 Exynos 1380, Exynos 1380 Firmware | 2025-11-07 | N/A | 7.5 HIGH |
|
An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. There is a NULL Pointer Dereference of profiler.node in the npu_vertex_profileoff function.
|
|||||
| CVE-2025-54331 | 1 Samsung | 2 Exynos 1380, Exynos 1380 Firmware | 2025-11-07 | N/A | 5.3 MEDIUM |
|
An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. There is an Untrusted Pointer Dereference of src_hdr in the copy_ncp_header function.
|
|||||
| CVE-2025-54330 | 1 Samsung | 2 Exynos 1380, Exynos 1380 Firmware | 2025-11-07 | N/A | 5.3 MEDIUM |
|
An issue was discovered in NPU in Samsung Mobile Processor Exynos 1380 through July 2025. There is an Out-of-bounds Read of q->bufs[] in the __is_done_for_me function.
|
|||||
| CVE-2025-54329 | 1 Samsung | 36 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 33 more | 2025-11-07 | N/A | 7.5 HIGH |
|
An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. The function used to send a multiple-payloads message (including an SMS message) lacks bounds checking, which can lead to a heap overflow.
|
|||||
| CVE-2025-54323 | 1 Samsung | 24 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 21 more | 2025-11-07 | N/A | 7.5 HIGH |
|
An issue was discovered in the camera in Samsung Mobile Processor Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, and 1580. Improper debug printing leads to information leakage.
|
|||||
| CVE-2024-55568 | 1 Samsung | 36 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 33 more | 2025-11-04 | N/A | 7.5 HIGH |
|
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400. The absence of a NULL check leads to a Denial of Service when an attacker sends malformed MM packets to the target.
|
|||||
| CVE-2025-26781 | 1 Samsung | 26 Exynos 1080, Exynos 1080 Firmware, Exynos 1330 and 23 more | 2025-11-04 | N/A | 7.5 HIGH |
|
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300. Incorrect handling of RLC AM PDUs leads to a Denial of Service.
|
|||||
| CVE-2025-4632 | 1 Samsung | 1 Magicinfo 9 Server | 2025-11-03 | N/A | 9.8 CRITICAL |
|
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.
|
|||||
| CVE-2022-22265 | 2 Google, Samsung | 2 Android, Exynos | 2025-10-30 | 4.6 MEDIUM | 5.0 MEDIUM |
|
An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.
|
|||||
| CVE-2021-25337 | 1 Samsung | 1 Android | 2025-10-30 | 5.8 MEDIUM | 4.4 MEDIUM |
|
Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.
|
|||||
| CVE-2021-25369 | 1 Samsung | 1 Android | 2025-10-30 | 2.1 LOW | 6.2 MEDIUM |
|
An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.
|
|||||
| CVE-2021-25371 | 1 Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2025-10-30 | 7.2 HIGH | 6.1 MEDIUM |
|
A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP.
|
|||||
| CVE-2021-25394 | 1 Samsung | 1 Android | 2025-10-30 | 4.4 MEDIUM | 6.4 MEDIUM |
|
A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised.
|
|||||
| CVE-2021-25395 | 1 Samsung | 1 Android | 2025-10-30 | 4.4 MEDIUM | 6.4 MEDIUM |
|
A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised.
|
|||||
| CVE-2021-25487 | 1 Samsung | 1 Android | 2025-10-30 | 4.6 MEDIUM | 7.3 HIGH |
|
Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer.
|
|||||
| CVE-2021-25489 | 1 Samsung | 1 Android | 2025-10-30 | 4.9 MEDIUM | 3.3 LOW |
|
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic.
|
|||||
| CVE-2025-21043 | 1 Samsung | 1 Android | 2025-10-30 | N/A | 8.8 HIGH |
|
Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.
|
|||||
| CVE-2025-48025 | 1 Samsung | 20 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 17 more | 2025-10-28 | N/A | 4.3 MEDIUM |
|
In Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000, there is an improper access control vulnerability related to a log file.
|
|||||
| CVE-2025-26782 | 1 Samsung | 30 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 27 more | 2025-10-28 | N/A | 7.5 HIGH |
|
An issue was discovered in L2 in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 9110, W920, W930, Modem 5123, and Modem 5300. Incorrect handling of RLC AM PDUs leads to a Denial of Service.
|
|||||
| CVE-2025-20996 | 1 Samsung | 1 Smart Switch | 2025-10-28 | N/A | 5.0 MEDIUM |
|
Improper authorization in Smart Switch installed on non-Samsung Device prior to version 3.7.64.10 allows local attackers to read data with the privilege of Smart Switch. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2025-21059 | 1 Samsung | 1 Health | 2025-10-28 | N/A | 6.2 MEDIUM |
|
Improper authorization in Samsung Health prior to version 6.30.5.105 allows local attackers to access data in Samsung Health.
|
|||||
| CVE-2025-21060 | 1 Samsung | 1 Smart Switch | 2025-10-28 | N/A | 5.5 MEDIUM |
|
Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access backup data from applications. User interaction is required for triggering this vulnerability.
|
|||||