ReportizFlow
Filtered by vendor Samsung
Subscriptions
Total
1380 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-21471 | 1 Samsung | 2 Mobile, Samsung Mobile | 2025-09-03 | 4 Medium |
| Improper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows attackers to read arbitrary files with system permission. | ||||
| CVE-2025-21028 | 1 Samsung | 3 Mobile, Samsung, Samsung Mobile | 2025-09-03 | 5.5 Medium |
| Improper privilege management in ThemeManager prior to SMR Sep-2025 Release 1 allows local privileged attackers to reuse trial items. | ||||
| CVE-2025-21038 | 2 Google, Samsung | 5 Android, Assistant, Mobile and 2 more | 2025-09-03 | 5.1 Medium |
| Improper verification of intent by SamsungExceptionalBroadcastReceiver in S Assistant prior to version 9.3.2 allows local attackers to modify itinerary information. | ||||
| CVE-2023-21482 | 2 Google, Samsung | 4 Android, Camera, Mobile and 1 more | 2025-09-03 | 6.1 Medium |
| Missing authorization vulnerability in Camera prior to versions 11.1.02.18 in Android 11, 12.1.03.8 in Android 12 and 13.1.01.4 in Android 13 allows physical attackers to install package through Galaxy store before completion of Setup wizard. | ||||
| CVE-2025-21032 | 1 Samsung | 3 Mobile, One Ui, Samsung Mobile | 2025-09-03 | 5.9 Medium |
| Improper access control in One UI Home prior to SMR Sep-2025 Release 1 allows physical attackers to bypass Kiosk mode under limited conditions. | ||||
| CVE-2025-21033 | 2 Google, Samsung | 3 Android, Mobile, Samsung Mobile | 2025-09-03 | 4 Medium |
| Improper access control in ContactProvider prior to SMR Sep-2025 Release 1 allows local attackers to access sensitive information. | ||||
| CVE-2023-21466 | 2 Google, Samsung | 3 Android, Mobile, Samsung Mobile | 2025-09-03 | 5.3 Medium |
| PendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023 Release 1 allows local attackers to access contentProvider without proper permission. | ||||
| CVE-2025-21041 | 2 Google, Samsung | 3 Android, Mobile, Secure Folder | 2025-09-03 | 6.2 Medium |
| Insecure Storage of Sensitive Information in Secure Folder prior to Android 16 allows local attackers to access sensitive information. | ||||
| CVE-2023-21483 | 1 Samsung | 1 Galaxy Store | 2025-09-03 | 6.4 Medium |
| Improper Access Control vulnerability in Galaxy Store prior to version 4.5.53.6 allows local attacker to access protected data using exported service. | ||||
| CVE-2023-21481 | 1 Samsung | 1 Account | 2025-09-03 | 5.4 Medium |
| Improper URL input validation vulnerability in Samsung Account application prior to version 14.1.0.0 allows remote attackers to get sensitive information. | ||||
| CVE-2023-21478 | 1 Samsung | 2 Mobile, Samsung Mobile | 2025-09-03 | 6 Medium |
| Improper input validation vulnerability in TIGERF trustlet prior to SMR Apr-2023 Release 1 allows local attackers to access protected data. | ||||
| CVE-2025-32098 | 2 Microsoft, Samsung | 2 Windows, Magician | 2025-09-03 | 5.3 Medium |
| An issue was discovered in Samsung Magician 6.3 through 8.3 on Windows. An attacker can achieve Elevation of Privileges to SYSTEM by exploiting insecure file delete operations during the update process. | ||||
| CVE-2023-21470 | 1 Samsung | 1 Mobile Devices | 2025-09-03 | 4 Medium |
| Improper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location information using com.samsung.android.wifi.NETWORK_LOCATION action. | ||||
| CVE-2025-21036 | 1 Samsung | 1 Notes | 2025-09-03 | 5 Medium |
| Improper access control in Samsung Notes prior to version 4.4.30.63 allows local privileged attackers to access exported note files. User interaction is required for triggering this vulnerability. | ||||
| CVE-2025-21037 | 1 Samsung | 1 Notes | 2025-09-03 | 4.1 Medium |
| Improper access control in Samsung Notes prior to version 4.4.30.63 allows physical attackers to access data across multiple user profiles. User interaction is required for triggering this vulnerability. | ||||
| CVE-2025-21031 | 1 Samsung | 1 Mobile Devices | 2025-09-03 | 6.8 Medium |
| Improper access control in ImsService prior to SMR Sep-2025 Release 1 allows local attackers to use the privileged APIs. | ||||
| CVE-2024-32502 | 1 Samsung | 17 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 14 more | 2025-08-28 | 8.4 High |
| An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor lacks proper reference count checking, which can result in a UAF (Use-After-Free) vulnerability. | ||||
| CVE-2024-29152 | 1 Samsung | 32 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 29 more | 2025-08-27 | 5.9 Medium |
| An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400, Exynos Modem 5123, and Exynos Modem 5300. The baseband software does not properly check states specified by the RRC (Radio Resource Control) Reconfiguration message. This can lead to disclosure of sensitive information. | ||||
| CVE-2024-27372 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 7 more | 2025-08-27 | 6.7 Medium |
| An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on disc_attr->infrastructure_ssid_len coming from userspace, which can lead to a heap overwrite. | ||||
| CVE-2024-27360 | 1 Samsung | 16 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 13 more | 2025-08-27 | 6 Medium |
| A vulnerability was discovered in Samsung Mobile Processors Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, and Exynos W930 where they do not properly check length of the data, which can lead to a Denial of Service. | ||||