Filtered by vendor Samsung
Subscribe
Total
1539 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-21032 | 1 Samsung | 1 Android | 2025-09-11 | N/A | 5.9 MEDIUM |
|
Improper access control in One UI Home prior to SMR Sep-2025 Release 1 allows physical attackers to bypass Kiosk mode under limited conditions.
|
|||||
| CVE-2025-21029 | 1 Samsung | 1 Android | 2025-09-11 | N/A | 4.0 MEDIUM |
|
Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display.
|
|||||
| CVE-2025-21028 | 1 Samsung | 1 Android | 2025-09-11 | N/A | 5.5 MEDIUM |
|
Improper privilege management in ThemeManager prior to SMR Sep-2025 Release 1 allows local privileged attackers to reuse trial items.
|
|||||
| CVE-2025-21026 | 1 Samsung | 1 Android | 2025-09-11 | N/A | 4.0 MEDIUM |
|
Improper handling of insufficient permission in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to interrupt the call.
|
|||||
| CVE-2025-21027 | 1 Samsung | 1 Android | 2025-09-11 | N/A | 5.1 MEDIUM |
|
Improper verification of intent by broadcast receiver in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to temporarily disable the SIM.
|
|||||
| CVE-2025-21025 | 1 Samsung | 1 Android | 2025-09-11 | N/A | 5.1 MEDIUM |
|
Improper access control in MARsExemptionManager prior to SMR Sep-2025 Release 1 allows local attackers to be excluded from background execution management.
|
|||||
| CVE-2023-21483 | 1 Samsung | 1 Galaxy Store | 2025-09-09 | N/A | 6.4 MEDIUM |
|
Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using exported service.
|
|||||
| CVE-2025-21036 | 1 Samsung | 1 Notes | 2025-09-09 | N/A | 5.0 MEDIUM |
|
Improper access control in Samsung Notes prior to version 4.4.30.63 allows local privileged attackers to access exported note files. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2025-21037 | 1 Samsung | 1 Notes | 2025-09-09 | N/A | 4.1 MEDIUM |
|
Improper access control in Samsung Notes prior to version 4.4.30.63 allows physical attackers to access data across multiple user profiles. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2023-21466 | 1 Samsung | 1 Android | 2025-09-08 | N/A | 5.3 MEDIUM |
|
PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023 Release 1 allows local attackers to access contentProvider without proper permission.
|
|||||
| CVE-2023-21467 | 1 Samsung | 1 Exynos | 2025-09-08 | N/A | 4.6 MEDIUM |
|
Error in 3GPP specification implementation in Exynos baseband prior to SMR Apr-2023 Release 1 allows incorrect handling of unencrypted message.
|
|||||
| CVE-2025-32098 | 2 Microsoft, Samsung | 2 Windows, Magician | 2025-09-05 | N/A | 5.3 MEDIUM |
|
An issue was discovered in Samsung Magician 6.3 through 8.3 on Windows. An attacker can achieve Elevation of Privileges to SYSTEM by exploiting insecure file delete operations during the update process.
|
|||||
| CVE-2025-32100 | 1 Samsung | 38 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 35 more | 2025-09-05 | N/A | 6.5 MEDIUM |
|
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. A programming mistake for buffer copy leads to out-of-bounds writes via malformed ROHC packets.
|
|||||
| CVE-2025-21038 | 1 Samsung | 1 Sassistant | 2025-09-05 | N/A | 5.1 MEDIUM |
|
Improper verification of intent by SamsungExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.
|
|||||
| CVE-2025-21039 | 1 Samsung | 1 Sassistant | 2025-09-05 | N/A | 5.1 MEDIUM |
|
Improper verification of intent by SystemExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.
|
|||||
| CVE-2023-21471 | 1 Samsung | 1 Android | 2025-09-05 | N/A | 4.0 MEDIUM |
|
Improper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows attackers to read arbitrary files with system permission.
|
|||||
| CVE-2023-21472 | 1 Samsung | 1 Android | 2025-09-05 | N/A | 6.8 MEDIUM |
|
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader.
|
|||||
| CVE-2023-21473 | 1 Samsung | 1 Android | 2025-09-05 | N/A | 6.8 MEDIUM |
|
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader.
|
|||||
| CVE-2023-21475 | 1 Samsung | 1 Android | 2025-09-05 | N/A | 8.0 HIGH |
|
Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code.
|
|||||
| CVE-2023-21476 | 1 Samsung | 1 Android | 2025-09-05 | N/A | 8.0 HIGH |
|
Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code.
|
|||||
| CVE-2025-21040 | 1 Samsung | 1 Sassistant | 2025-09-05 | N/A | 5.1 MEDIUM |
|
Improper verification of intent by ExternalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.
|
|||||
| CVE-2025-21031 | 1 Samsung | 1 Android | 2025-09-05 | N/A | 6.8 MEDIUM |
|
Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs.
|
|||||
| CVE-2024-29152 | 1 Samsung | 32 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 29 more | 2025-08-27 | N/A | 5.9 MEDIUM |
|
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400, Exynos Modem 5123, and Exynos Modem 5300. The baseband software does not properly check states specified by the RRC (Radio Resource Control) Reconfiguration message. This can lead to disclosure of sensitive information.
|
|||||
| CVE-2024-27372 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 7 more | 2025-08-27 | N/A | 6.7 MEDIUM |
|
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on disc_attr->infrastructure_ssid_len coming from userspace, which can lead to a heap overwrite.
|
|||||
| CVE-2025-3885 | 1 Samsung | 2 Harman Mgu21, Harman Mgu21 Firmware | 2025-08-15 | N/A | 6.5 MEDIUM |
|
Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Harman Becker MGU21 devices. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Bluetooth stack of the BCM89359 chipset. The issue results from the lack of proper validation of Bluetooth frames. An attacker can leverage this vulnerability to ...
Show More |
|||||
| CVE-2025-21017 | 1 Samsung | 1 Blockchain Keystore | 2025-08-15 | N/A | 6.3 MEDIUM |
|
Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.
|
|||||
| CVE-2025-21018 | 1 Samsung | 1 Blockchain Keystore | 2025-08-15 | N/A | 4.4 MEDIUM |
|
Out-of-bounds read in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to read out-of-bounds memory.
|
|||||
| CVE-2025-21019 | 1 Samsung | 1 Health | 2025-08-15 | N/A | 5.5 MEDIUM |
|
Improper authorization in Samsung Health prior to version 6.30.1.003 allows local attackers to access data in Samsung Health. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2025-21020 | 1 Samsung | 1 Blockchain Keystore | 2025-08-15 | N/A | 5.7 MEDIUM |
|
Out-of-bounds write in creating bitmap images in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.
|
|||||
| CVE-2025-21021 | 1 Samsung | 1 Blockchain Keystore | 2025-08-15 | N/A | 5.7 MEDIUM |
|
Out-of-bounds write in drawing pinpad in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.
|
|||||
| CVE-2025-54445 | 1 Samsung | 1 Magicinfo 9 Server | 2025-08-15 | N/A | 8.2 HIGH |
|
Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics MagicINFO 9 Server allows Server Side Request Forgery.This issue affects MagicINFO 9 Server: less than 21.1080.0.
|
|||||
| CVE-2025-21010 | 1 Samsung | 1 Android | 2025-08-12 | N/A | 6.0 MEDIUM |
|
Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account.
|
|||||
| CVE-2025-20990 | 1 Samsung | 1 Android | 2025-08-12 | N/A | 4.0 MEDIUM |
|
Improper access control in accessing system device node prior to SMR Aug-2025 Release 1 allows local attackers to access device identifier.
|
|||||
| CVE-2025-53082 | 1 Samsung | 2 Data Management Server, Data Management Server Firmware | 2025-08-11 | N/A | 6.1 MEDIUM |
|
An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.
|
|||||
| CVE-2025-53081 | 1 Samsung | 2 Data Management Server, Data Management Server Firmware | 2025-08-11 | N/A | 6.4 MEDIUM |
|
An 'Arbitrary File Creation' in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.
|
|||||
| CVE-2025-53080 | 1 Samsung | 2 Data Management Server, Data Management Server Firmware | 2025-08-11 | N/A | 7.1 HIGH |
|
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem
|
|||||
| CVE-2025-53079 | 1 Samsung | 2 Data Management Server, Data Management Server Firmware | 2025-08-11 | N/A | 4.9 MEDIUM |
|
Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files
|
|||||
| CVE-2025-53078 | 1 Samsung | 2 Data Management Server, Data Management Server Firmware | 2025-08-11 | N/A | 8.0 HIGH |
|
Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system
|
|||||
| CVE-2025-53077 | 1 Samsung | 2 Data Management Server, Data Management Server Firmware | 2025-08-11 | N/A | 6.5 MEDIUM |
|
An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability.
|
|||||
| CVE-2025-2233 | 1 Samsung | 1 Smartthings | 2025-08-08 | N/A | 8.8 HIGH |
|
Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Samsung SmartThings. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the Hub Local API service, which listens on TCP port 8766 by default. The issue results from the lack of proper verification of a cryptographic signature. An attacker can ...
Show More |
|||||