VYPR

Vendor CVEs

Samsung Mobile

All CVEs

2,204 total · sorted by risk
  • CVE-2025-21050Oct 10, 2025
    risk 0.00cvss epss 0.00

    Improper input validiation in Contacts prior to SMR Oct-2025 Release 1 allows local attackers to access data across multiple user profiles.

  • CVE-2025-21070Oct 10, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds write in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to write out-of-bounds memory.

  • CVE-2025-21069Oct 10, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds read in the parsing of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.

  • CVE-2025-21068Oct 10, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds read in the reading of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.

  • CVE-2025-21067Oct 10, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds read in the allocation of image buffer in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.

  • CVE-2025-21066Oct 10, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds read in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.

  • CVE-2025-21064Oct 10, 2025
    risk 0.00cvss epss 0.00

    Improper authentication in Smart Switch prior to version 3.7.66.6 allows adjacent attackers to access transferring data.

  • CVE-2025-21062Oct 10, 2025
    risk 0.00cvss epss 0.00

    Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.67.2 allows local attackers to replace the restoring application. User interaction is required for triggering this vulnerability.

  • CVE-2025-21061Oct 10, 2025
    risk 0.00cvss epss 0.00

    Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access sensitive data. User interaction is required for triggering this vulnerability.

  • CVE-2025-21060Oct 10, 2025
    risk 0.00cvss epss 0.00

    Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access backup data from applications. User interaction is required for triggering this vulnerability.

  • CVE-2025-21059Oct 10, 2025
    risk 0.00cvss epss 0.00

    Improper authorization in Samsung Health prior to version 6.30.5.105 allows local attackers to access data in Samsung Health.

  • CVE-2025-21057Oct 10, 2025
    risk 0.00cvss epss 0.00

    Use of implicit intent for sensitive communication in Samsung Notes prior to version 4.4.30.63 allows local attackers to access shared notes.

  • CVE-2025-21055Oct 10, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds read and write in libimagecodec.quram.so prior to SMR Oct-2025 Release 1 allows remote attackers to access out-of-bounds memory.

  • CVE-2025-21054Oct 10, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds read in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to potentially access out-of-bounds memory.

  • CVE-2025-21053Oct 10, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds write in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption.

  • CVE-2025-21052Oct 10, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds write under specific condition in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption.

  • CVE-2025-21051Oct 10, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds write in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to write out-of-bounds memory.

  • CVE-2025-21049Oct 10, 2025
    risk 0.00cvss epss 0.00

    Improper access control in SecSettings prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability.

  • CVE-2025-21048Oct 10, 2025
    risk 0.00cvss epss 0.00

    Relative path traversal in Knox Enterprise prior to SMR Oct-2025 Release 1 allows local attackers to execute arbitrary code.

  • CVE-2025-21047Oct 10, 2025
    risk 0.00cvss epss 0.00

    Improper access control in KnoxGuard prior to SMR Oct-2025 Release 1 allows physical attackers to use the privileged APIs.

  • CVE-2025-21046Oct 10, 2025
    risk 0.00cvss epss 0.00

    Improper access control in WindowManager in Samsung DeX prior to SMR Oct-2025 Release 1 allows physical attackers to temporarily access to recent app list.

  • CVE-2025-21045Oct 10, 2025
    risk 0.00cvss epss 0.00

    Insecure storage of sensitive information in Galaxy Watch prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information.

  • CVE-2025-21044Oct 10, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds write in fingerprint trustlet prior to SMR Oct-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.

  • CVE-2025-21041Sep 3, 2025
    risk 0.00cvss epss 0.00

    Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information.

  • CVE-2025-21040Sep 3, 2025
    risk 0.00cvss epss 0.00

    Improper verification of intent by ExternalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.

  • CVE-2025-21039Sep 3, 2025
    risk 0.00cvss epss 0.00

    Improper verification of intent by SystemExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.

  • CVE-2025-21038Sep 3, 2025
    risk 0.00cvss epss 0.00

    Improper verification of intent by SamsungExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.

  • CVE-2025-21037Sep 3, 2025
    risk 0.00cvss epss 0.00

    Improper access control in Samsung Notes prior to version 4.4.30.63 allows physical attackers to access data across multiple user profiles. User interaction is required for triggering this vulnerability.

  • CVE-2025-21036Sep 3, 2025
    risk 0.00cvss epss 0.00

    Improper access control in Samsung Notes prior to version 4.4.30.63 allows local privileged attackers to access exported note files. User interaction is required for triggering this vulnerability.

  • CVE-2025-21034Sep 3, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 allows local attackers to potentially execute arbitrary code.

  • CVE-2025-21033Sep 3, 2025
    risk 0.00cvss epss 0.00

    Improper access control in ContactProvider prior to SMR Sep-2025 Release 1 allows local attackers to access sensitive information.

  • CVE-2025-21032Sep 3, 2025
    risk 0.00cvss epss 0.00

    Improper access control in One UI Home prior to SMR Sep-2025 Release 1 allows physical attackers to bypass Kiosk mode under limited conditions.

  • CVE-2025-21031Sep 3, 2025
    risk 0.00cvss epss 0.00

    Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs.

  • CVE-2025-21029Sep 3, 2025
    risk 0.00cvss epss 0.00

    Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display.

  • CVE-2025-21028Sep 3, 2025
    risk 0.00cvss epss 0.00

    Improper privilege management in ThemeManager prior to SMR Sep-2025 Release 1 allows local privileged attackers to reuse trial items.

  • CVE-2025-21027Sep 3, 2025
    risk 0.00cvss epss 0.00

    Improper verification of intent by broadcast receiver in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to temporarily disable the SIM.

  • CVE-2025-21026Sep 3, 2025
    risk 0.00cvss epss 0.00

    Improper handling of insufficient permission in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to interrupt the call.

  • CVE-2025-21025Sep 3, 2025
    risk 0.00cvss epss 0.00

    Improper access control in MARsExemptionManager prior to SMR Sep-2025 Release 1 allows local attackers to be excluded from background execution management.

  • CVE-2023-21474Sep 3, 2025
    risk 0.00cvss epss 0.00

    Intent redirection vulnerability in SecSettings prior to SMR Apr-2022 Release 1 allows attackers to access arbitrary file with system privilege.

  • CVE-2023-21483Sep 3, 2025
    risk 0.00cvss epss 0.00

    Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using exported service.

  • CVE-2023-21481Sep 3, 2025
    risk 0.00cvss epss 0.00

    Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information.

  • CVE-2023-21480Sep 3, 2025
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in CertByte prior to SMR Apr-2023 Release 1 allows local attackers to launch privileged activities.

  • CVE-2023-21479Sep 3, 2025
    risk 0.00cvss epss 0.00

    Improper authorization in Smart suggestions prior to SMR Apr-2023 Release 1 in Android 13 and 4.1.01.0 in Android 12 allows remote attackers to register a schedule.

  • CVE-2023-21478Sep 3, 2025
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data.

  • CVE-2023-21477Sep 3, 2025
    risk 0.00cvss epss 0.00

    Access of Memory Location After End of Buffer vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data.

  • CVE-2023-21476Sep 3, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code.

  • CVE-2023-21475Sep 3, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code.

  • CVE-2023-21473Sep 3, 2025
    risk 0.00cvss epss 0.00

    Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader.

  • CVE-2023-21472Sep 3, 2025
    risk 0.00cvss epss 0.00

    Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader.

  • CVE-2023-21471Sep 3, 2025
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows attackers to read arbitrary files with system permission.

Page 10 of 45