Vendor CVEs
Samsung Mobile
All CVEs
2,204 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-25461 | 0.00 | — | 0.00 | Sep 9, 2021 | An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow. | |||
| CVE-2021-25460 | 0.00 | — | 0.00 | Sep 9, 2021 | An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService. | |||
| CVE-2021-25459 | 0.00 | — | 0.00 | Sep 9, 2021 | An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService. | |||
| CVE-2021-25458 | 0.00 | — | 0.00 | Sep 9, 2021 | NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption. | |||
| CVE-2021-25457 | 0.00 | — | 0.00 | Sep 9, 2021 | An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information. | |||
| CVE-2021-25456 | 0.00 | — | 0.00 | Sep 9, 2021 | OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file. | |||
| CVE-2021-25455 | 0.00 | — | 0.00 | Sep 9, 2021 | OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file. | |||
| CVE-2021-25454 | 0.00 | — | 0.00 | Sep 9, 2021 | OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file. | |||
| CVE-2021-25453 | 0.00 | — | 0.00 | Sep 9, 2021 | Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information. | |||
| CVE-2021-25452 | 0.00 | — | 0.00 | Sep 9, 2021 | An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device. | |||
| CVE-2021-25451 | 0.00 | — | 0.00 | Sep 9, 2021 | A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data. | |||
| CVE-2021-25450 | 0.00 | — | 0.00 | Sep 9, 2021 | Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket. | |||
| CVE-2021-25449 | 0.00 | — | 0.00 | Sep 9, 2021 | An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process. | |||
| CVE-2021-39373 | 0.00 | — | 0.00 | Sep 1, 2021 | Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers to bypass intended access controls on disk management. WideCharToMultiByte, WideCharStr, and MultiByteStr can contribute to password exposure. | |||
| CVE-2021-25448 | 0.00 | — | 0.01 | Aug 5, 2021 | Improper access control vulnerability in Smart Touch Call prior to version 1.0.0.5 allows arbitrary webpage loading in webview. | |||
| CVE-2021-25447 | 0.00 | — | 0.01 | Aug 5, 2021 | Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview. | |||
| CVE-2021-25446 | 0.00 | — | 0.01 | Aug 5, 2021 | Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview. | |||
| CVE-2021-25445 | 0.00 | — | 0.01 | Aug 5, 2021 | Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted application to access internal files in Samsung Internet. | |||
| CVE-2021-25444 | 0.00 | — | 0.01 | Aug 5, 2021 | An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process. | |||
| CVE-2021-25443 | 0.00 | — | 0.00 | Aug 5, 2021 | A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker. | |||
| CVE-2021-25442 | 0.00 | — | 0.01 | Jul 8, 2021 | Improper MDM policy management vulnerability in KME module prior to KCS version 1.39 allows MDM users to bypass Knox Manage authentication. | |||
| CVE-2021-25441 | 0.00 | — | 0.00 | Jul 8, 2021 | Improper input validation vulnerability in AR Emoji Editor prior to version 4.4.03.5 in Android Q(10.0) and above allows untrusted applications to access arbitrary files with an escalated privilege. | |||
| CVE-2021-25440 | 0.00 | — | 0.00 | Jul 8, 2021 | Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege. | |||
| CVE-2021-25439 | 0.00 | — | 0.00 | Jul 8, 2021 | Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview. | |||
| CVE-2021-25438 | 0.00 | — | 0.02 | Jul 8, 2021 | Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview. | |||
| CVE-2021-25437 | 0.00 | — | 0.02 | Jul 8, 2021 | Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows attackers to arbitrary code execution by replacing FOTA update file. | |||
| CVE-2021-25436 | 0.00 | — | 0.02 | Jul 8, 2021 | Improper input validation vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows arbitrary code execution via Samsung Accessory Protocol. | |||
| CVE-2021-25435 | 0.00 | — | 0.02 | Jul 8, 2021 | Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using recovery partition in wireless firmware download mode. | |||
| CVE-2021-25434 | 0.00 | — | 0.02 | Jul 8, 2021 | Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using param partition in wireless firmware download mode. | |||
| CVE-2021-25432 | 0.00 | — | 0.00 | Jul 8, 2021 | Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data. | |||
| CVE-2021-25431 | 0.00 | — | 0.00 | Jul 8, 2021 | Improper access control vulnerability in Cameralyzer prior to versions 3.2.1041 in 3.2.x, 3.3.1040 in 3.3.x, and 3.4.4210 in 3.4.x allows untrusted applications to access some functions of Cameralyzer. | |||
| CVE-2021-25430 | 0.00 | — | 0.00 | Jul 8, 2021 | Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application. | |||
| CVE-2021-25429 | 0.00 | — | 0.00 | Jul 8, 2021 | Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application. | |||
| CVE-2021-25428 | 0.00 | — | 0.00 | Jul 8, 2021 | Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances. | |||
| CVE-2021-25427 | 0.00 | — | 0.00 | Jul 8, 2021 | SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access to paired device information | |||
| CVE-2021-25426 | 0.00 | — | 0.01 | Jul 8, 2021 | Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files. | |||
| CVE-2021-25403 | 0.00 | — | 0.00 | Jun 11, 2021 | Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component. | |||
| CVE-2021-25400 | 0.00 | — | 0.00 | Jun 11, 2021 | Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action. | |||
| CVE-2021-25404 | 0.00 | — | 0.00 | Jun 11, 2021 | Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log. | |||
| CVE-2021-25406 | 0.00 | — | 0.00 | Jun 11, 2021 | Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information. | |||
| CVE-2021-25401 | 0.00 | — | 0.00 | Jun 11, 2021 | Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action. | |||
| CVE-2021-25402 | 0.00 | — | 0.00 | Jun 11, 2021 | Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information. | |||
| CVE-2021-25405 | 0.00 | — | 0.00 | Jun 11, 2021 | An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files. | |||
| CVE-2021-25392 | 0.00 | — | 0.00 | Jun 11, 2021 | Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path. | |||
| CVE-2021-25397 | 0.00 | — | 0.00 | Jun 11, 2021 | An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications. | |||
| CVE-2021-25391 | 0.00 | — | 0.00 | Jun 11, 2021 | Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. | |||
| CVE-2021-25398 | 0.00 | — | 0.00 | Jun 11, 2021 | Intent redirection vulnerability in Bixby Voice prior to version 3.1.12 allows attacker to access contacts. | |||
| CVE-2021-25393 | 0.00 | — | 0.00 | Jun 11, 2021 | Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data. | |||
| CVE-2021-25396 | 0.00 | — | 0.00 | Jun 11, 2021 | An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution. | |||
| CVE-2021-25390 | 0.00 | — | 0.00 | Jun 11, 2021 | Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action. |
- CVE-2021-25461Sep 9, 2021risk 0.00cvss —epss 0.00
An improper length check in APAService prior to SMR Sep-2021 Release 1 results in stack based Buffer Overflow.
- CVE-2021-25460Sep 9, 2021risk 0.00cvss —epss 0.00
An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService.
- CVE-2021-25459Sep 9, 2021risk 0.00cvss —epss 0.00
An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService.
- CVE-2021-25458Sep 9, 2021risk 0.00cvss —epss 0.00
NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
- CVE-2021-25457Sep 9, 2021risk 0.00cvss —epss 0.00
An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information.
- CVE-2021-25456Sep 9, 2021risk 0.00cvss —epss 0.00
OOB read vulnerability in libswmfextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute memcpy at arbitrary address via forged wmf file.
- CVE-2021-25455Sep 9, 2021risk 0.00cvss —epss 0.00
OOB read vulnerability in libsaviextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to access arbitrary address through pointer via forged avi file.
- CVE-2021-25454Sep 9, 2021risk 0.00cvss —epss 0.00
OOB read vulnerability in libsaacextractor.so library prior to SMR Sep-2021 Release 1 allows attackers to execute remote DoS via forged aac file.
- CVE-2021-25453Sep 9, 2021risk 0.00cvss —epss 0.00
Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.
- CVE-2021-25452Sep 9, 2021risk 0.00cvss —epss 0.00
An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device.
- CVE-2021-25451Sep 9, 2021risk 0.00cvss —epss 0.00
A PendingIntent hijacking in NetworkPolicyManagerService prior to SMR Sep-2021 Release 1 allows attackers to get IMSI data.
- CVE-2021-25450Sep 9, 2021risk 0.00cvss —epss 0.00
Path traversal vulnerability in FactoryAirCommnadManger prior to SMR Sep-2021 Release 1 allows attackers to write file as system uid via remote socket.
- CVE-2021-25449Sep 9, 2021risk 0.00cvss —epss 0.00
An improper input validation vulnerability in libsapeextractor library prior to SMR Sep-2021 Release 1 allows attackers to execute arbitrary code in mediaextractor process.
- CVE-2021-39373Sep 1, 2021risk 0.00cvss —epss 0.00
Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers to bypass intended access controls on disk management. WideCharToMultiByte, WideCharStr, and MultiByteStr can contribute to password exposure.
- CVE-2021-25448Aug 5, 2021risk 0.00cvss —epss 0.01
Improper access control vulnerability in Smart Touch Call prior to version 1.0.0.5 allows arbitrary webpage loading in webview.
- CVE-2021-25447Aug 5, 2021risk 0.00cvss —epss 0.01
Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview.
- CVE-2021-25446Aug 5, 2021risk 0.00cvss —epss 0.01
Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview.
- CVE-2021-25445Aug 5, 2021risk 0.00cvss —epss 0.01
Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted application to access internal files in Samsung Internet.
- CVE-2021-25444Aug 5, 2021risk 0.00cvss —epss 0.01
An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process.
- CVE-2021-25443Aug 5, 2021risk 0.00cvss —epss 0.00
A use after free vulnerability in conn_gadget driver prior to SMR AUG-2021 Release 1 allows malicious action by an attacker.
- CVE-2021-25442Jul 8, 2021risk 0.00cvss —epss 0.01
Improper MDM policy management vulnerability in KME module prior to KCS version 1.39 allows MDM users to bypass Knox Manage authentication.
- CVE-2021-25441Jul 8, 2021risk 0.00cvss —epss 0.00
Improper input validation vulnerability in AR Emoji Editor prior to version 4.4.03.5 in Android Q(10.0) and above allows untrusted applications to access arbitrary files with an escalated privilege.
- CVE-2021-25440Jul 8, 2021risk 0.00cvss —epss 0.00
Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege.
- CVE-2021-25439Jul 8, 2021risk 0.00cvss —epss 0.00
Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview.
- CVE-2021-25438Jul 8, 2021risk 0.00cvss —epss 0.02
Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview.
- CVE-2021-25437Jul 8, 2021risk 0.00cvss —epss 0.02
Improper access control vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows attackers to arbitrary code execution by replacing FOTA update file.
- CVE-2021-25436Jul 8, 2021risk 0.00cvss —epss 0.02
Improper input validation vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows arbitrary code execution via Samsung Accessory Protocol.
- CVE-2021-25435Jul 8, 2021risk 0.00cvss —epss 0.02
Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using recovery partition in wireless firmware download mode.
- CVE-2021-25434Jul 8, 2021risk 0.00cvss —epss 0.02
Improper input validation vulnerability in Tizen bootloader prior to Firmware update JUL-2021 Release allows arbitrary code execution using param partition in wireless firmware download mode.
- CVE-2021-25432Jul 8, 2021risk 0.00cvss —epss 0.00
Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data.
- CVE-2021-25431Jul 8, 2021risk 0.00cvss —epss 0.00
Improper access control vulnerability in Cameralyzer prior to versions 3.2.1041 in 3.2.x, 3.3.1040 in 3.3.x, and 3.4.4210 in 3.4.x allows untrusted applications to access some functions of Cameralyzer.
- CVE-2021-25430Jul 8, 2021risk 0.00cvss —epss 0.00
Improper access control vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.
- CVE-2021-25429Jul 8, 2021risk 0.00cvss —epss 0.00
Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.
- CVE-2021-25428Jul 8, 2021risk 0.00cvss —epss 0.00
Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances.
- CVE-2021-25427Jul 8, 2021risk 0.00cvss —epss 0.00
SQL injection vulnerability in Bluetooth prior to SMR July-2021 Release 1 allows unauthorized access to paired device information
- CVE-2021-25426Jul 8, 2021risk 0.00cvss —epss 0.01
Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files.
- CVE-2021-25403Jun 11, 2021risk 0.00cvss —epss 0.00
Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component.
- CVE-2021-25400Jun 11, 2021risk 0.00cvss —epss 0.00
Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action.
- CVE-2021-25404Jun 11, 2021risk 0.00cvss —epss 0.00
Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log.
- CVE-2021-25406Jun 11, 2021risk 0.00cvss —epss 0.00
Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information.
- CVE-2021-25401Jun 11, 2021risk 0.00cvss —epss 0.00
Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action.
- CVE-2021-25402Jun 11, 2021risk 0.00cvss —epss 0.00
Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information.
- CVE-2021-25405Jun 11, 2021risk 0.00cvss —epss 0.00
An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files.
- CVE-2021-25392Jun 11, 2021risk 0.00cvss —epss 0.00
Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path.
- CVE-2021-25397Jun 11, 2021risk 0.00cvss —epss 0.00
An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.
- CVE-2021-25391Jun 11, 2021risk 0.00cvss —epss 0.00
Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
- CVE-2021-25398Jun 11, 2021risk 0.00cvss —epss 0.00
Intent redirection vulnerability in Bixby Voice prior to version 3.1.12 allows attacker to access contacts.
- CVE-2021-25393Jun 11, 2021risk 0.00cvss —epss 0.00
Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data.
- CVE-2021-25396Jun 11, 2021risk 0.00cvss —epss 0.00
An improper input validation vulnerability in NPU firmware prior to SMR MAY-2021 Release 1 allows arbitrary memory write and code execution.
- CVE-2021-25390Jun 11, 2021risk 0.00cvss —epss 0.00
Intent redirection vulnerability in PhotoTable prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
Page 35 of 45