Vendor CVEs
Samsung Mobile
All CVEs
2,204 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-21050 | 0.00 | — | 0.00 | Oct 10, 2025 | Improper input validiation in Contacts prior to SMR Oct-2025 Release 1 allows local attackers to access data across multiple user profiles. | |||
| CVE-2025-21070 | 0.00 | — | 0.00 | Oct 10, 2025 | Out-of-bounds write in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to write out-of-bounds memory. | |||
| CVE-2025-21069 | 0.00 | — | 0.00 | Oct 10, 2025 | Out-of-bounds read in the parsing of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory. | |||
| CVE-2025-21068 | 0.00 | — | 0.00 | Oct 10, 2025 | Out-of-bounds read in the reading of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory. | |||
| CVE-2025-21067 | 0.00 | — | 0.00 | Oct 10, 2025 | Out-of-bounds read in the allocation of image buffer in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory. | |||
| CVE-2025-21066 | 0.00 | — | 0.00 | Oct 10, 2025 | Out-of-bounds read in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory. | |||
| CVE-2025-21064 | 0.00 | — | 0.00 | Oct 10, 2025 | Improper authentication in Smart Switch prior to version 3.7.66.6 allows adjacent attackers to access transferring data. | |||
| CVE-2025-21062 | 0.00 | — | 0.00 | Oct 10, 2025 | Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.67.2 allows local attackers to replace the restoring application. User interaction is required for triggering this vulnerability. | |||
| CVE-2025-21061 | 0.00 | — | 0.00 | Oct 10, 2025 | Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access sensitive data. User interaction is required for triggering this vulnerability. | |||
| CVE-2025-21060 | 0.00 | — | 0.00 | Oct 10, 2025 | Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access backup data from applications. User interaction is required for triggering this vulnerability. | |||
| CVE-2025-21059 | 0.00 | — | 0.00 | Oct 10, 2025 | Improper authorization in Samsung Health prior to version 6.30.5.105 allows local attackers to access data in Samsung Health. | |||
| CVE-2025-21057 | 0.00 | — | 0.00 | Oct 10, 2025 | Use of implicit intent for sensitive communication in Samsung Notes prior to version 4.4.30.63 allows local attackers to access shared notes. | |||
| CVE-2025-21055 | 0.00 | — | 0.00 | Oct 10, 2025 | Out-of-bounds read and write in libimagecodec.quram.so prior to SMR Oct-2025 Release 1 allows remote attackers to access out-of-bounds memory. | |||
| CVE-2025-21054 | 0.00 | — | 0.00 | Oct 10, 2025 | Out-of-bounds read in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to potentially access out-of-bounds memory. | |||
| CVE-2025-21053 | 0.00 | — | 0.00 | Oct 10, 2025 | Out-of-bounds write in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption. | |||
| CVE-2025-21052 | 0.00 | — | 0.00 | Oct 10, 2025 | Out-of-bounds write under specific condition in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption. | |||
| CVE-2025-21051 | 0.00 | — | 0.00 | Oct 10, 2025 | Out-of-bounds write in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to write out-of-bounds memory. | |||
| CVE-2025-21049 | 0.00 | — | 0.00 | Oct 10, 2025 | Improper access control in SecSettings prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability. | |||
| CVE-2025-21048 | 0.00 | — | 0.00 | Oct 10, 2025 | Relative path traversal in Knox Enterprise prior to SMR Oct-2025 Release 1 allows local attackers to execute arbitrary code. | |||
| CVE-2025-21047 | 0.00 | — | 0.00 | Oct 10, 2025 | Improper access control in KnoxGuard prior to SMR Oct-2025 Release 1 allows physical attackers to use the privileged APIs. | |||
| CVE-2025-21046 | 0.00 | — | 0.00 | Oct 10, 2025 | Improper access control in WindowManager in Samsung DeX prior to SMR Oct-2025 Release 1 allows physical attackers to temporarily access to recent app list. | |||
| CVE-2025-21045 | 0.00 | — | 0.00 | Oct 10, 2025 | Insecure storage of sensitive information in Galaxy Watch prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information. | |||
| CVE-2025-21044 | 0.00 | — | 0.00 | Oct 10, 2025 | Out-of-bounds write in fingerprint trustlet prior to SMR Oct-2025 Release 1 allows local privileged attackers to write out-of-bounds memory. | |||
| CVE-2025-21041 | 0.00 | — | 0.00 | Sep 3, 2025 | Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information. | |||
| CVE-2025-21040 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper verification of intent by ExternalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. | |||
| CVE-2025-21039 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper verification of intent by SystemExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. | |||
| CVE-2025-21038 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper verification of intent by SamsungExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. | |||
| CVE-2025-21037 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper access control in Samsung Notes prior to version 4.4.30.63 allows physical attackers to access data across multiple user profiles. User interaction is required for triggering this vulnerability. | |||
| CVE-2025-21036 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper access control in Samsung Notes prior to version 4.4.30.63 allows local privileged attackers to access exported note files. User interaction is required for triggering this vulnerability. | |||
| CVE-2025-21034 | 0.00 | — | 0.00 | Sep 3, 2025 | Out-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 allows local attackers to potentially execute arbitrary code. | |||
| CVE-2025-21033 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper access control in ContactProvider prior to SMR Sep-2025 Release 1 allows local attackers to access sensitive information. | |||
| CVE-2025-21032 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper access control in One UI Home prior to SMR Sep-2025 Release 1 allows physical attackers to bypass Kiosk mode under limited conditions. | |||
| CVE-2025-21031 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs. | |||
| CVE-2025-21029 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display. | |||
| CVE-2025-21028 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper privilege management in ThemeManager prior to SMR Sep-2025 Release 1 allows local privileged attackers to reuse trial items. | |||
| CVE-2025-21027 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper verification of intent by broadcast receiver in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to temporarily disable the SIM. | |||
| CVE-2025-21026 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper handling of insufficient permission in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to interrupt the call. | |||
| CVE-2025-21025 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper access control in MARsExemptionManager prior to SMR Sep-2025 Release 1 allows local attackers to be excluded from background execution management. | |||
| CVE-2023-21474 | 0.00 | — | 0.00 | Sep 3, 2025 | Intent redirection vulnerability in SecSettings prior to SMR Apr-2022 Release 1 allows attackers to access arbitrary file with system privilege. | |||
| CVE-2023-21483 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using exported service. | |||
| CVE-2023-21481 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information. | |||
| CVE-2023-21480 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper input validation vulnerability in CertByte prior to SMR Apr-2023 Release 1 allows local attackers to launch privileged activities. | |||
| CVE-2023-21479 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper authorization in Smart suggestions prior to SMR Apr-2023 Release 1 in Android 13 and 4.1.01.0 in Android 12 allows remote attackers to register a schedule. | |||
| CVE-2023-21478 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper input validation vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data. | |||
| CVE-2023-21477 | 0.00 | — | 0.00 | Sep 3, 2025 | Access of Memory Location After End of Buffer vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data. | |||
| CVE-2023-21476 | 0.00 | — | 0.00 | Sep 3, 2025 | Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code. | |||
| CVE-2023-21475 | 0.00 | — | 0.00 | Sep 3, 2025 | Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code. | |||
| CVE-2023-21473 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader. | |||
| CVE-2023-21472 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader. | |||
| CVE-2023-21471 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows attackers to read arbitrary files with system permission. |
- CVE-2025-21050Oct 10, 2025risk 0.00cvss —epss 0.00
Improper input validiation in Contacts prior to SMR Oct-2025 Release 1 allows local attackers to access data across multiple user profiles.
- CVE-2025-21070Oct 10, 2025risk 0.00cvss —epss 0.00
Out-of-bounds write in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to write out-of-bounds memory.
- CVE-2025-21069Oct 10, 2025risk 0.00cvss —epss 0.00
Out-of-bounds read in the parsing of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
- CVE-2025-21068Oct 10, 2025risk 0.00cvss —epss 0.00
Out-of-bounds read in the reading of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
- CVE-2025-21067Oct 10, 2025risk 0.00cvss —epss 0.00
Out-of-bounds read in the allocation of image buffer in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
- CVE-2025-21066Oct 10, 2025risk 0.00cvss —epss 0.00
Out-of-bounds read in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.
- CVE-2025-21064Oct 10, 2025risk 0.00cvss —epss 0.00
Improper authentication in Smart Switch prior to version 3.7.66.6 allows adjacent attackers to access transferring data.
- CVE-2025-21062Oct 10, 2025risk 0.00cvss —epss 0.00
Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.67.2 allows local attackers to replace the restoring application. User interaction is required for triggering this vulnerability.
- CVE-2025-21061Oct 10, 2025risk 0.00cvss —epss 0.00
Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access sensitive data. User interaction is required for triggering this vulnerability.
- CVE-2025-21060Oct 10, 2025risk 0.00cvss —epss 0.00
Cleartext storage of sensitive information in Smart Switch prior to version 3.7.67.2 allows local attackers to access backup data from applications. User interaction is required for triggering this vulnerability.
- CVE-2025-21059Oct 10, 2025risk 0.00cvss —epss 0.00
Improper authorization in Samsung Health prior to version 6.30.5.105 allows local attackers to access data in Samsung Health.
- CVE-2025-21057Oct 10, 2025risk 0.00cvss —epss 0.00
Use of implicit intent for sensitive communication in Samsung Notes prior to version 4.4.30.63 allows local attackers to access shared notes.
- CVE-2025-21055Oct 10, 2025risk 0.00cvss —epss 0.00
Out-of-bounds read and write in libimagecodec.quram.so prior to SMR Oct-2025 Release 1 allows remote attackers to access out-of-bounds memory.
- CVE-2025-21054Oct 10, 2025risk 0.00cvss —epss 0.00
Out-of-bounds read in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to potentially access out-of-bounds memory.
- CVE-2025-21053Oct 10, 2025risk 0.00cvss —epss 0.00
Out-of-bounds write in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption.
- CVE-2025-21052Oct 10, 2025risk 0.00cvss —epss 0.00
Out-of-bounds write under specific condition in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to cause memory corruption.
- CVE-2025-21051Oct 10, 2025risk 0.00cvss —epss 0.00
Out-of-bounds write in the pre-processing of JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to write out-of-bounds memory.
- CVE-2025-21049Oct 10, 2025risk 0.00cvss —epss 0.00
Improper access control in SecSettings prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information. User interaction is required for triggering this vulnerability.
- CVE-2025-21048Oct 10, 2025risk 0.00cvss —epss 0.00
Relative path traversal in Knox Enterprise prior to SMR Oct-2025 Release 1 allows local attackers to execute arbitrary code.
- CVE-2025-21047Oct 10, 2025risk 0.00cvss —epss 0.00
Improper access control in KnoxGuard prior to SMR Oct-2025 Release 1 allows physical attackers to use the privileged APIs.
- CVE-2025-21046Oct 10, 2025risk 0.00cvss —epss 0.00
Improper access control in WindowManager in Samsung DeX prior to SMR Oct-2025 Release 1 allows physical attackers to temporarily access to recent app list.
- CVE-2025-21045Oct 10, 2025risk 0.00cvss —epss 0.00
Insecure storage of sensitive information in Galaxy Watch prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive information.
- CVE-2025-21044Oct 10, 2025risk 0.00cvss —epss 0.00
Out-of-bounds write in fingerprint trustlet prior to SMR Oct-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.
- CVE-2025-21041Sep 3, 2025risk 0.00cvss —epss 0.00
Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information.
- CVE-2025-21040Sep 3, 2025risk 0.00cvss —epss 0.00
Improper verification of intent by ExternalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.
- CVE-2025-21039Sep 3, 2025risk 0.00cvss —epss 0.00
Improper verification of intent by SystemExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.
- CVE-2025-21038Sep 3, 2025risk 0.00cvss —epss 0.00
Improper verification of intent by SamsungExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information.
- CVE-2025-21037Sep 3, 2025risk 0.00cvss —epss 0.00
Improper access control in Samsung Notes prior to version 4.4.30.63 allows physical attackers to access data across multiple user profiles. User interaction is required for triggering this vulnerability.
- CVE-2025-21036Sep 3, 2025risk 0.00cvss —epss 0.00
Improper access control in Samsung Notes prior to version 4.4.30.63 allows local privileged attackers to access exported note files. User interaction is required for triggering this vulnerability.
- CVE-2025-21034Sep 3, 2025risk 0.00cvss —epss 0.00
Out-of-bounds write in libsavsvc.so prior to SMR Sep-2025 Release 1 allows local attackers to potentially execute arbitrary code.
- CVE-2025-21033Sep 3, 2025risk 0.00cvss —epss 0.00
Improper access control in ContactProvider prior to SMR Sep-2025 Release 1 allows local attackers to access sensitive information.
- CVE-2025-21032Sep 3, 2025risk 0.00cvss —epss 0.00
Improper access control in One UI Home prior to SMR Sep-2025 Release 1 allows physical attackers to bypass Kiosk mode under limited conditions.
- CVE-2025-21031Sep 3, 2025risk 0.00cvss —epss 0.00
Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs.
- CVE-2025-21029Sep 3, 2025risk 0.00cvss —epss 0.00
Improper handling of insufficient permission in System UI prior to SMR Sep-2025 Release 1 allows local attackers to send arbitrary replies to messages from the cover display.
- CVE-2025-21028Sep 3, 2025risk 0.00cvss —epss 0.00
Improper privilege management in ThemeManager prior to SMR Sep-2025 Release 1 allows local privileged attackers to reuse trial items.
- CVE-2025-21027Sep 3, 2025risk 0.00cvss —epss 0.00
Improper verification of intent by broadcast receiver in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to temporarily disable the SIM.
- CVE-2025-21026Sep 3, 2025risk 0.00cvss —epss 0.00
Improper handling of insufficient permission in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to interrupt the call.
- CVE-2025-21025Sep 3, 2025risk 0.00cvss —epss 0.00
Improper access control in MARsExemptionManager prior to SMR Sep-2025 Release 1 allows local attackers to be excluded from background execution management.
- CVE-2023-21474Sep 3, 2025risk 0.00cvss —epss 0.00
Intent redirection vulnerability in SecSettings prior to SMR Apr-2022 Release 1 allows attackers to access arbitrary file with system privilege.
- CVE-2023-21483Sep 3, 2025risk 0.00cvss —epss 0.00
Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using exported service.
- CVE-2023-21481Sep 3, 2025risk 0.00cvss —epss 0.00
Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information.
- CVE-2023-21480Sep 3, 2025risk 0.00cvss —epss 0.00
Improper input validation vulnerability in CertByte prior to SMR Apr-2023 Release 1 allows local attackers to launch privileged activities.
- CVE-2023-21479Sep 3, 2025risk 0.00cvss —epss 0.00
Improper authorization in Smart suggestions prior to SMR Apr-2023 Release 1 in Android 13 and 4.1.01.0 in Android 12 allows remote attackers to register a schedule.
- CVE-2023-21478Sep 3, 2025risk 0.00cvss —epss 0.00
Improper input validation vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data.
- CVE-2023-21477Sep 3, 2025risk 0.00cvss —epss 0.00
Access of Memory Location After End of Buffer vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data.
- CVE-2023-21476Sep 3, 2025risk 0.00cvss —epss 0.00
Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code.
- CVE-2023-21475Sep 3, 2025risk 0.00cvss —epss 0.00
Out-of-bounds Write vulnerability in libaudiosaplus_sec.so library prior to SMR Apr-2023 Release 1 allows local attacker to execute arbitrary code.
- CVE-2023-21473Sep 3, 2025risk 0.00cvss —epss 0.00
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader.
- CVE-2023-21472Sep 3, 2025risk 0.00cvss —epss 0.00
Improper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitrary code in bootloader.
- CVE-2023-21471Sep 3, 2025risk 0.00cvss —epss 0.00
Improper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows attackers to read arbitrary files with system permission.
Page 10 of 45