VYPR

Vendor CVEs

Samsung Mobile

All CVEs

2,204 total · sorted by risk
  • CVE-2023-21470Sep 3, 2025
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.NETWORK_LOCATION action.

  • CVE-2023-21469Sep 3, 2025
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.GEOFENCE action.

  • CVE-2023-21468Sep 3, 2025
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Telephony prior to SMR Apr-2023 Release 1 allows attackers to access files with escalated permission.

  • CVE-2023-21467Sep 3, 2025
    risk 0.00cvss epss 0.00

    Error in 3GPP specification implementation in Exynos baseband prior to SMR Apr-2023 Release 1 allows incorrect handling of unencrypted message.

  • CVE-2023-21466Sep 3, 2025
    risk 0.00cvss epss 0.00

    PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023 Release 1 allows local attackers to access contentProvider without proper permission.

  • CVE-2025-32100Sep 2, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. A programming mistake for buffer copy leads to…

  • CVE-2025-32098Sep 2, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Magician 6.3 through 8.3 on Windows. An attacker can achieve Elevation of Privileges to SYSTEM by exploiting insecure file delete operations during the update process.

  • CVE-2025-21024Aug 6, 2025
    risk 0.00cvss epss 0.00

    Use of Implicit Intent for Sensitive Communication in Smart View prior to Android 16 allows local attackers to access sensitive information.

  • CVE-2025-21022Aug 6, 2025
    risk 0.00cvss epss 0.00

    Improper access control in Galaxy Wearable prior to version 2.2.63.25042861 allows local attackers to access sensitive information.

  • CVE-2025-21021Aug 6, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds write in drawing pinpad in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.

  • CVE-2025-21020Aug 6, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds write in creating bitmap images in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.

  • CVE-2025-21019Aug 6, 2025
    risk 0.00cvss epss 0.00

    Improper authorization in Samsung Health prior to version 6.30.1.003 allows local attackers to access data in Samsung Health. User interaction is required for triggering this vulnerability.

  • CVE-2025-21018Aug 6, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds read in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to read out-of-bounds memory.

  • CVE-2025-21017Aug 6, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.

  • CVE-2025-21015Aug 6, 2025
    risk 0.00cvss epss 0.00

    Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege.

  • CVE-2025-21014Aug 6, 2025
    risk 0.00cvss epss 0.00

    Improper export of android application component in Emergency SoS prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information.

  • CVE-2025-21010Aug 6, 2025
    risk 0.00cvss epss 0.00

    Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account.

  • CVE-2025-20990Aug 6, 2025
    risk 0.00cvss epss 0.00

    Improper access control in accessing system device node prior to SMR Aug-2025 Release 1 allows local attackers to access device identifier.

  • CVE-2024-45183Aug 4, 2025
    risk 0.00cvss epss 0.00

    An issue was discovered in Samsung Mobile Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, and 2400. A lack of a JPEG length check leads to an out-of-bound write.

  • CVE-2025-53082Jul 29, 2025
    risk 0.00cvss epss 0.00

    An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.

  • CVE-2025-53081Jul 29, 2025
    risk 0.00cvss epss 0.00

    An 'Arbitrary File Creation' in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.

  • CVE-2025-53080Jul 29, 2025
    risk 0.00cvss epss 0.00

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem

  • CVE-2025-53079Jul 29, 2025
    risk 0.00cvss epss 0.00

    Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files

  • CVE-2025-53078Jul 29, 2025
    risk 0.00cvss epss 0.00

    Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system

  • CVE-2025-53077Jul 29, 2025
    risk 0.00cvss epss 0.00

    An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability.

  • CVE-2025-54439Jul 23, 2025
    risk 0.00cvss epss 0.07

    Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

  • CVE-2025-54438Jul 23, 2025
    risk 0.00cvss epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0

  • CVE-2025-54444Jul 23, 2025
    risk 0.00cvss epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

  • CVE-2025-54443Jul 23, 2025
    risk 0.00cvss epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0

  • CVE-2025-54442Jul 23, 2025
    risk 0.00cvss epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

  • CVE-2025-54441Jul 23, 2025
    risk 0.00cvss epss 0.07

    Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

  • CVE-2025-54440Jul 23, 2025
    risk 0.00cvss epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

  • CVE-2025-54447Jul 23, 2025
    risk 0.00cvss epss 0.00

    Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

  • CVE-2025-54446Jul 23, 2025
    risk 0.00cvss epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0

  • CVE-2025-54445Jul 23, 2025
    risk 0.00cvss epss 0.09

    Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics MagicINFO 9 Server allows Server Side Request Forgery.This issue affects MagicINFO 9 Server: less than 21.1080.0.

  • CVE-2025-54448Jul 23, 2025
    risk 0.00cvss epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

  • CVE-2025-54453Jul 23, 2025
    risk 0.00cvss epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

  • CVE-2025-54452Jul 23, 2025
    risk 0.00cvss epss 0.00

    Improper Authentication vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.

  • CVE-2025-54451Jul 23, 2025
    risk 0.00cvss epss 0.01

    Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

  • CVE-2025-54450Jul 23, 2025
    risk 0.00cvss epss 0.01

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

  • CVE-2025-54449Jul 23, 2025
    risk 0.00cvss epss 0.01

    Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.

  • CVE-2025-54455Jul 23, 2025
    risk 0.00cvss epss 0.01

    Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.

  • CVE-2025-54454Jul 23, 2025
    risk 0.00cvss epss 0.01

    Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.

  • CVE-2025-21009Jul 8, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.

  • CVE-2025-21008Jul 8, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.

  • CVE-2025-21007Jul 8, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds write in accessing uninitialized memory in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.

  • CVE-2025-21006Jul 8, 2025
    risk 0.00cvss epss 0.00

    Out-of-bounds write in handling of macro blocks for MPEG4 codec in libsavsvc.so prior to Android 15 allows local attackers to write out-of-bounds memory.

  • CVE-2025-21004Jul 8, 2025
    risk 0.00cvss epss 0.00

    Improper verification of intent by broadcast receiver in System UI for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to power off the device.

  • CVE-2025-21003Jul 8, 2025
    risk 0.00cvss epss 0.00

    Insecure storage of sensitive information in Emergency SOS prior to SMR Jul-2025 Release 1 allows local attackers to access sensitive information.

  • CVE-2025-21002Jul 8, 2025
    risk 0.00cvss epss 0.00

    Improper access control in LeAudioService prior to SMR Jul-2025 Release 1 allows local attackers to manipulate broadcasting Auracast.

Page 11 of 45