Assistant
CVEs (13)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-21033 | Hig | 0.46 | 7.1 | 0.00 | Jun 5, 2026 | Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script. | ||
| CVE-2026-21032 | Hig | 0.46 | 7.1 | 0.00 | Jun 5, 2026 | Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script. | ||
| CVE-2026-20993 | Med | 0.36 | 5.5 | 0.00 | Mar 16, 2026 | Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker to access saved information. | ||
| CVE-2022-22289 | Med | 0.35 | 5.3 | 0.01 | Jan 10, 2022 | Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotely get senstive information. | ||
| CVE-2023-30735 | Med | 0.33 | 5.1 | 0.00 | Oct 4, 2023 | Improper Preservation of Permissions vulnerability in SAssistant prior to version 8.7 allows local attackers to access backup data in SAssistant. | ||
| CVE-2023-30736 | Med | 0.29 | 4.4 | 0.00 | Oct 4, 2023 | Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface. To trigger this vulnerability, user interaction is required. | ||
| CVE-2024-34661 | Med | 0.28 | 4.3 | 0.00 | Sep 4, 2024 | Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7 allows remote attackers to access location data. User interaction is required for triggering this vulnerability. | ||
| CVE-2025-58484 | Med | 0.26 | 4.0 | 0.00 | Dec 2, 2025 | Incorrect default permissions in Samsung Cloud Assistant prior to version 8.0.03.8 allows local attacker to access partial data in sandbox. | ||
| CVE-2024-34670 | Med | 0.26 | 4.0 | 0.00 | Oct 8, 2024 | Use of implicit intent for sensitive communication in Sound Assistant prior to version 6.1.0.9 allows local attackers to get sensitive information. | ||
| CVE-2021-25341 | Med | 0.26 | 4.0 | 0.00 | Mar 4, 2021 | Calling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actions including denial of service attack by hijacking the provider. | ||
| CVE-2025-21040 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper verification of intent by ExternalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. | |||
| CVE-2025-21039 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper verification of intent by SystemExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. | |||
| CVE-2025-21038 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper verification of intent by SamsungExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. |
- risk 0.46cvss 7.1epss 0.00
Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
- risk 0.46cvss 7.1epss 0.00
Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.
- risk 0.36cvss 5.5epss 0.00
Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker to access saved information.
- risk 0.35cvss 5.3epss 0.01
Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotely get senstive information.
- risk 0.33cvss 5.1epss 0.00
Improper Preservation of Permissions vulnerability in SAssistant prior to version 8.7 allows local attackers to access backup data in SAssistant.
- risk 0.29cvss 4.4epss 0.00
Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface. To trigger this vulnerability, user interaction is required.
- risk 0.28cvss 4.3epss 0.00
Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7 allows remote attackers to access location data. User interaction is required for triggering this vulnerability.
- risk 0.26cvss 4.0epss 0.00
Incorrect default permissions in Samsung Cloud Assistant prior to version 8.0.03.8 allows local attacker to access partial data in sandbox.
- risk 0.26cvss 4.0epss 0.00
Use of implicit intent for sensitive communication in Sound Assistant prior to version 6.1.0.9 allows local attackers to get sensitive information.
- risk 0.26cvss 4.0epss 0.00
Calling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actions including denial of service attack by hijacking the provider.
- CVE-2025-21040Sep 3, 2025risk 0.00cvss —epss 0.00
Improper verification of intent by ExternalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.
- CVE-2025-21039Sep 3, 2025risk 0.00cvss —epss 0.00
Improper verification of intent by SystemExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.
- CVE-2025-21038Sep 3, 2025risk 0.00cvss —epss 0.00
Improper verification of intent by SamsungExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.