Vendor CVEs
Samsung Mobile
All CVEs
2,204 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-21470 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.NETWORK_LOCATION action. | |||
| CVE-2023-21469 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.GEOFENCE action. | |||
| CVE-2023-21468 | 0.00 | — | 0.00 | Sep 3, 2025 | Improper access control vulnerability in Telephony prior to SMR Apr-2023 Release 1 allows attackers to access files with escalated permission. | |||
| CVE-2023-21467 | 0.00 | — | 0.00 | Sep 3, 2025 | Error in 3GPP specification implementation in Exynos baseband prior to SMR Apr-2023 Release 1 allows incorrect handling of unencrypted message. | |||
| CVE-2023-21466 | 0.00 | — | 0.00 | Sep 3, 2025 | PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023 Release 1 allows local attackers to access contentProvider without proper permission. | |||
| CVE-2025-32100 | 0.00 | — | 0.00 | Sep 2, 2025 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. A programming mistake for buffer copy leads to… | |||
| CVE-2025-32098 | 0.00 | — | 0.00 | Sep 2, 2025 | An issue was discovered in Samsung Magician 6.3 through 8.3 on Windows. An attacker can achieve Elevation of Privileges to SYSTEM by exploiting insecure file delete operations during the update process. | |||
| CVE-2025-21024 | 0.00 | — | 0.00 | Aug 6, 2025 | Use of Implicit Intent for Sensitive Communication in Smart View prior to Android 16 allows local attackers to access sensitive information. | |||
| CVE-2025-21022 | 0.00 | — | 0.00 | Aug 6, 2025 | Improper access control in Galaxy Wearable prior to version 2.2.63.25042861 allows local attackers to access sensitive information. | |||
| CVE-2025-21021 | 0.00 | — | 0.00 | Aug 6, 2025 | Out-of-bounds write in drawing pinpad in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. | |||
| CVE-2025-21020 | 0.00 | — | 0.00 | Aug 6, 2025 | Out-of-bounds write in creating bitmap images in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. | |||
| CVE-2025-21019 | 0.00 | — | 0.00 | Aug 6, 2025 | Improper authorization in Samsung Health prior to version 6.30.1.003 allows local attackers to access data in Samsung Health. User interaction is required for triggering this vulnerability. | |||
| CVE-2025-21018 | 0.00 | — | 0.00 | Aug 6, 2025 | Out-of-bounds read in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to read out-of-bounds memory. | |||
| CVE-2025-21017 | 0.00 | — | 0.00 | Aug 6, 2025 | Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. | |||
| CVE-2025-21015 | 0.00 | — | 0.00 | Aug 6, 2025 | Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege. | |||
| CVE-2025-21014 | 0.00 | — | 0.00 | Aug 6, 2025 | Improper export of android application component in Emergency SoS prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information. | |||
| CVE-2025-21010 | 0.00 | — | 0.00 | Aug 6, 2025 | Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account. | |||
| CVE-2025-20990 | 0.00 | — | 0.00 | Aug 6, 2025 | Improper access control in accessing system device node prior to SMR Aug-2025 Release 1 allows local attackers to access device identifier. | |||
| CVE-2024-45183 | 0.00 | — | 0.00 | Aug 4, 2025 | An issue was discovered in Samsung Mobile Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, and 2400. A lack of a JPEG length check leads to an out-of-bound write. | |||
| CVE-2025-53082 | 0.00 | — | 0.00 | Jul 29, 2025 | An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses. | |||
| CVE-2025-53081 | 0.00 | — | 0.00 | Jul 29, 2025 | An 'Arbitrary File Creation' in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses. | |||
| CVE-2025-53080 | 0.00 | — | 0.00 | Jul 29, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem | |||
| CVE-2025-53079 | 0.00 | — | 0.00 | Jul 29, 2025 | Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files | |||
| CVE-2025-53078 | 0.00 | — | 0.00 | Jul 29, 2025 | Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system | |||
| CVE-2025-53077 | 0.00 | — | 0.00 | Jul 29, 2025 | An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability. | |||
| CVE-2025-54439 | 0.00 | — | 0.07 | Jul 23, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0. | |||
| CVE-2025-54438 | 0.00 | — | 0.01 | Jul 23, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0 | |||
| CVE-2025-54444 | 0.00 | — | 0.01 | Jul 23, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0. | |||
| CVE-2025-54443 | 0.00 | — | 0.01 | Jul 23, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0 | |||
| CVE-2025-54442 | 0.00 | — | 0.00 | Jul 23, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0. | |||
| CVE-2025-54441 | 0.00 | — | 0.07 | Jul 23, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0. | |||
| CVE-2025-54440 | 0.00 | — | 0.01 | Jul 23, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0. | |||
| CVE-2025-54447 | 0.00 | — | 0.00 | Jul 23, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0. | |||
| CVE-2025-54446 | 0.00 | — | 0.01 | Jul 23, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0 | |||
| CVE-2025-54445 | 0.00 | — | 0.09 | Jul 23, 2025 | Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics MagicINFO 9 Server allows Server Side Request Forgery.This issue affects MagicINFO 9 Server: less than 21.1080.0. | |||
| CVE-2025-54448 | 0.00 | — | 0.01 | Jul 23, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0. | |||
| CVE-2025-54453 | 0.00 | — | 0.01 | Jul 23, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0. | |||
| CVE-2025-54452 | 0.00 | — | 0.00 | Jul 23, 2025 | Improper Authentication vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0. | |||
| CVE-2025-54451 | 0.00 | — | 0.01 | Jul 23, 2025 | Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0. | |||
| CVE-2025-54450 | 0.00 | — | 0.01 | Jul 23, 2025 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0. | |||
| CVE-2025-54449 | 0.00 | — | 0.01 | Jul 23, 2025 | Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0. | |||
| CVE-2025-54455 | 0.00 | — | 0.01 | Jul 23, 2025 | Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0. | |||
| CVE-2025-54454 | 0.00 | — | 0.01 | Jul 23, 2025 | Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0. | |||
| CVE-2025-21009 | 0.00 | — | 0.00 | Jul 8, 2025 | Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption. | |||
| CVE-2025-21008 | 0.00 | — | 0.00 | Jul 8, 2025 | Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption. | |||
| CVE-2025-21007 | 0.00 | — | 0.00 | Jul 8, 2025 | Out-of-bounds write in accessing uninitialized memory in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption. | |||
| CVE-2025-21006 | 0.00 | — | 0.00 | Jul 8, 2025 | Out-of-bounds write in handling of macro blocks for MPEG4 codec in libsavsvc.so prior to Android 15 allows local attackers to write out-of-bounds memory. | |||
| CVE-2025-21004 | 0.00 | — | 0.00 | Jul 8, 2025 | Improper verification of intent by broadcast receiver in System UI for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to power off the device. | |||
| CVE-2025-21003 | 0.00 | — | 0.00 | Jul 8, 2025 | Insecure storage of sensitive information in Emergency SOS prior to SMR Jul-2025 Release 1 allows local attackers to access sensitive information. | |||
| CVE-2025-21002 | 0.00 | — | 0.00 | Jul 8, 2025 | Improper access control in LeAudioService prior to SMR Jul-2025 Release 1 allows local attackers to manipulate broadcasting Auracast. |
- CVE-2023-21470Sep 3, 2025risk 0.00cvss —epss 0.00
Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.NETWORK_LOCATION action.
- CVE-2023-21469Sep 3, 2025risk 0.00cvss —epss 0.00
Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.GEOFENCE action.
- CVE-2023-21468Sep 3, 2025risk 0.00cvss —epss 0.00
Improper access control vulnerability in Telephony prior to SMR Apr-2023 Release 1 allows attackers to access files with escalated permission.
- CVE-2023-21467Sep 3, 2025risk 0.00cvss —epss 0.00
Error in 3GPP specification implementation in Exynos baseband prior to SMR Apr-2023 Release 1 allows incorrect handling of unencrypted message.
- CVE-2023-21466Sep 3, 2025risk 0.00cvss —epss 0.00
PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023 Release 1 allows local attackers to access contentProvider without proper permission.
- CVE-2025-32100Sep 2, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. A programming mistake for buffer copy leads to…
- CVE-2025-32098Sep 2, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Magician 6.3 through 8.3 on Windows. An attacker can achieve Elevation of Privileges to SYSTEM by exploiting insecure file delete operations during the update process.
- CVE-2025-21024Aug 6, 2025risk 0.00cvss —epss 0.00
Use of Implicit Intent for Sensitive Communication in Smart View prior to Android 16 allows local attackers to access sensitive information.
- CVE-2025-21022Aug 6, 2025risk 0.00cvss —epss 0.00
Improper access control in Galaxy Wearable prior to version 2.2.63.25042861 allows local attackers to access sensitive information.
- CVE-2025-21021Aug 6, 2025risk 0.00cvss —epss 0.00
Out-of-bounds write in drawing pinpad in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.
- CVE-2025-21020Aug 6, 2025risk 0.00cvss —epss 0.00
Out-of-bounds write in creating bitmap images in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.
- CVE-2025-21019Aug 6, 2025risk 0.00cvss —epss 0.00
Improper authorization in Samsung Health prior to version 6.30.1.003 allows local attackers to access data in Samsung Health. User interaction is required for triggering this vulnerability.
- CVE-2025-21018Aug 6, 2025risk 0.00cvss —epss 0.00
Out-of-bounds read in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to read out-of-bounds memory.
- CVE-2025-21017Aug 6, 2025risk 0.00cvss —epss 0.00
Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory.
- CVE-2025-21015Aug 6, 2025risk 0.00cvss —epss 0.00
Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege.
- CVE-2025-21014Aug 6, 2025risk 0.00cvss —epss 0.00
Improper export of android application component in Emergency SoS prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information.
- CVE-2025-21010Aug 6, 2025risk 0.00cvss —epss 0.00
Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account.
- CVE-2025-20990Aug 6, 2025risk 0.00cvss —epss 0.00
Improper access control in accessing system device node prior to SMR Aug-2025 Release 1 allows local attackers to access device identifier.
- CVE-2024-45183Aug 4, 2025risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Mobile Processor Exynos 2100, 1280, 2200, 1330, 1380, 1480, and 2400. A lack of a JPEG length check leads to an out-of-bound write.
- CVE-2025-53082Jul 29, 2025risk 0.00cvss —epss 0.00
An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.
- CVE-2025-53081Jul 29, 2025risk 0.00cvss —epss 0.00
An 'Arbitrary File Creation' in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses.
- CVE-2025-53080Jul 29, 2025risk 0.00cvss —epss 0.00
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem
- CVE-2025-53079Jul 29, 2025risk 0.00cvss —epss 0.00
Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files
- CVE-2025-53078Jul 29, 2025risk 0.00cvss —epss 0.00
Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system
- CVE-2025-53077Jul 29, 2025risk 0.00cvss —epss 0.00
An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability.
- CVE-2025-54439Jul 23, 2025risk 0.00cvss —epss 0.07
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
- CVE-2025-54438Jul 23, 2025risk 0.00cvss —epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0
- CVE-2025-54444Jul 23, 2025risk 0.00cvss —epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
- CVE-2025-54443Jul 23, 2025risk 0.00cvss —epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0
- CVE-2025-54442Jul 23, 2025risk 0.00cvss —epss 0.00
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
- CVE-2025-54441Jul 23, 2025risk 0.00cvss —epss 0.07
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
- CVE-2025-54440Jul 23, 2025risk 0.00cvss —epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
- CVE-2025-54447Jul 23, 2025risk 0.00cvss —epss 0.00
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
- CVE-2025-54446Jul 23, 2025risk 0.00cvss —epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Upload a Web Shell to a Web Server.This issue affects MagicINFO 9 Server: less than 21.1080.0
- CVE-2025-54445Jul 23, 2025risk 0.00cvss —epss 0.09
Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics MagicINFO 9 Server allows Server Side Request Forgery.This issue affects MagicINFO 9 Server: less than 21.1080.0.
- CVE-2025-54448Jul 23, 2025risk 0.00cvss —epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
- CVE-2025-54453Jul 23, 2025risk 0.00cvss —epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
- CVE-2025-54452Jul 23, 2025risk 0.00cvss —epss 0.00
Improper Authentication vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.
- CVE-2025-54451Jul 23, 2025risk 0.00cvss —epss 0.01
Improper Control of Generation of Code ('Code Injection') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
- CVE-2025-54450Jul 23, 2025risk 0.00cvss —epss 0.01
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
- CVE-2025-54449Jul 23, 2025risk 0.00cvss —epss 0.01
Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Electronics MagicINFO 9 Server allows Code Injection.This issue affects MagicINFO 9 Server: less than 21.1080.0.
- CVE-2025-54455Jul 23, 2025risk 0.00cvss —epss 0.01
Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.
- CVE-2025-54454Jul 23, 2025risk 0.00cvss —epss 0.01
Use of Hard-coded Credentials vulnerability in Samsung Electronics MagicINFO 9 Server allows Authentication Bypass.This issue affects MagicINFO 9 Server: less than 21.1080.0.
- CVE-2025-21009Jul 8, 2025risk 0.00cvss —epss 0.00
Out-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.
- CVE-2025-21008Jul 8, 2025risk 0.00cvss —epss 0.00
Out-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.
- CVE-2025-21007Jul 8, 2025risk 0.00cvss —epss 0.00
Out-of-bounds write in accessing uninitialized memory in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.
- CVE-2025-21006Jul 8, 2025risk 0.00cvss —epss 0.00
Out-of-bounds write in handling of macro blocks for MPEG4 codec in libsavsvc.so prior to Android 15 allows local attackers to write out-of-bounds memory.
- CVE-2025-21004Jul 8, 2025risk 0.00cvss —epss 0.00
Improper verification of intent by broadcast receiver in System UI for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers to power off the device.
- CVE-2025-21003Jul 8, 2025risk 0.00cvss —epss 0.00
Insecure storage of sensitive information in Emergency SOS prior to SMR Jul-2025 Release 1 allows local attackers to access sensitive information.
- CVE-2025-21002Jul 8, 2025risk 0.00cvss —epss 0.00
Improper access control in LeAudioService prior to SMR Jul-2025 Release 1 allows local attackers to manipulate broadcasting Auracast.
Page 11 of 45