Skip to main content

Samsung

980 CVEs vendor

Monthly

CVE-2024-29152 HIGH This Week

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Exynos 980 Firmware Exynos 990 Firmware Exynos 850 Firmware +13
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2024-20886 MEDIUM This Month

Arbitrary directory creation in Samsung Live Wallpaper PC prior to version 3.3.8.0 allows attacker to create arbitrary directory. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung
NVD
CVSS 3.1
6.2
EPSS
0.2%
CVE-2024-20885 LOW Monitor

Improper component protection vulnerability in Samsung Dialer prior to SMR May-2024 Release 1 allows local attackers to make a call without proper permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-32672 MEDIUM This Month

A Segmentation Fault issue discovered in Samsung Open Source Escargot JavaScript engine allows remote attackers to cause a denial of service via crafted input.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Denial Of Service
NVD GitHub
CVSS 3.1
5.3
EPSS
0.8%
CVE-2024-32669 MEDIUM This Month

Improper Input Validation vulnerability in Samsung Open Source escargot JavaScript engine allows Overflow Buffers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung
NVD GitHub
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-31954 HIGH This Week

An issue was discovered in the installer in Samsung Portable SSD for T5 1.6.10 on Windows. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Samsung Microsoft
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2024-31953 MEDIUM This Month

An issue was discovered in Samsung Magician 8.0.0 on macOS. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Apple RCE Samsung Magician
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2024-31952 MEDIUM This Month

An issue was discovered in Samsung Magician 8.0.0 on macOS. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Apple Samsung Magician
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2024-20871 MEDIUM This Month

Improper authorization vulnerability in Samsung Keyboard prior to version One UI 5.1.1 allows physical attackers to partially bypass the factory reset protection. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Samsung One Ui
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-20869 MEDIUM This Month

Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for cookies. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Internet
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-20868 HIGH This Week

Improper input validation in Samsung Notes prior to version 4.4.15 allows local attackers to delete files with Samsung Notes privilege under certain conditions. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Notes
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2024-20867 MEDIUM This Month

Improper privilege management vulnerability in Samsung Email prior to version 6.1.91.14 allows local attackers to access sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Email
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20854 LOW Monitor

Improper handling of insufficient privileges vulnerability in Samsung Camera prior to versions 12.1.0.31 in Android 12, 13.1.02.07 in Android 13, and 14.0.01.06 in Android 14 allows local attackers. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Samsung Camera
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-20851 MEDIUM This Month

Improper access control vulnerability in Samsung Data Store prior to version 5.3.00.4 allows local attackers to launch arbitrary activity with Samsung Data Store privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Cloud
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-20850 MEDIUM This Month

Use of Implicit Intent for Sensitive Communication in Samsung Pay prior to version 5.4.99 allows local attackers to access information of Samsung Pay. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Samsung Pay
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2024-20841 MEDIUM This Month

Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to access data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Samsung Account
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20840 LOW Monitor

Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers using hardware keyboard to use. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Samsung Voice Recorder
NVD
CVSS 3.1
2.4
EPSS
0.2%
CVE-2024-20839 MEDIUM This Month

Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers to access recording files on the lock. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Samsung Voice Recorder
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2024-20838 HIGH This Week

Improper validation vulnerability in Samsung Internet prior to version 24.0.3.2 allows local attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Samsung Internet
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2024-20837 MEDIUM This Month

Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Internet
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2024-20829 MEDIUM This Month

Missing proper interaction for opening deeplink in Samsung Internet prior to version v24.0.0.0 allows remote attackers to open an application without proper interaction. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Internet
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-23769 MEDIUM This Month

Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Microsoft Magician
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2024-20828 MEDIUM This Month

Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Samsung Internet
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-20827 MEDIUM This Month

Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Gallery
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2024-22386 MEDIUM This Month

A race condition was found in the Linux kernel's drm/exynos device driver in exynos_drm_crtc_atomic_disable() function. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Race Condition Samsung Linux Linux Kernel
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2024-20807 LOW Monitor

Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows local attacker to get sensitive information. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Email
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-20805 LOW Monitor

Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Android Myfiles Samsung
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2024-20804 MEDIUM Monitor

Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Android Myfiles Samsung
NVD
CVSS 3.1
4.0
EPSS
0.1%
CVE-2024-20802 MEDIUM Monitor

Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users' notification in a multi-user environment. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Dex
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2023-45864 MEDIUM This Month

A race condition issue discovered in Samsung Mobile Processor Exynos 9820, 980, 1080, 2100, 2200, 1280, and 1380 allows unintended modifications of values within certain areas. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Samsung Information Disclosure Exynos 9820 Firmware Exynos 980 Firmware +5
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-43122 MEDIUM This Month

Samsung Mobile Processor and Wearable Processor (Exynos 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, and W920) allow Information Disclosure in the Bootloader. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Information Disclosure Samsung Exynos 980 Firmware +8
NVD
CVSS 3.1
4.6
EPSS
0.3%
CVE-2023-42483 MEDIUM This Month

A TOCTOU race condition in Samsung Mobile Processor Exynos 9820, Exynos 980, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, and Exynos 1380 can cause unexpected termination of a system. Rated medium severity (CVSS 4.7). No vendor patch available.

Samsung Information Disclosure Exynos 9820 Firmware Exynos 980 Firmware Exynos 1080 Firmware +4
NVD
CVSS 3.1
4.7
EPSS
0.1%
CVE-2023-41268 CRITICAL PATCH Act Now

Improper input validation vulnerability in Samsung Open Source Escargot allows stack overflow and segmentation fault.0.0 through 4.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Samsung Escargot
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2023-42579 MEDIUM This Month

Improper usage of insecure protocol (i.e. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Samsung Information Disclosure Google Samsung Keyboard
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2023-42578 HIGH This Week

Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.7 allows remote attackers to access location information without permission. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Cloud
NVD
CVSS 3.1
7.5
EPSS
0.7%
CVE-2023-42577 LOW Monitor

Improper Access Control in Samsung Voice Recorder prior to versions 21.4.15.01 in Android 12 and Android 13, 21.4.50.17 in Android 14 allows physical attackers to access Voice Recorder information on. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Google Samsung Voice Recorder
NVD
CVSS 3.1
2.4
EPSS
0.3%
CVE-2023-42576 MEDIUM This Month

Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid exception handler. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Pass
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-42575 MEDIUM This Month

Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Pass
NVD
CVSS 3.1
6.8
EPSS
0.4%
CVE-2023-42572 MEDIUM This Month

Implicit intent hijacking vulnerability in Samsung Account Web SDK prior to version 1.5.24 allows attacker to get sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account Web Software Development Kit
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2023-42571 MEDIUM This Month

Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 allows physical attacker to unlock the device remotely by resetting the Samsung Account password with SMS verification when user. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Find My Mobile
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-42563 HIGH This Week

Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Samsung Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-42562 HIGH This Week

Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Samsung Buffer Overflow Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-41112 HIGH This Week

An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Exynos 9810 Firmware Exynos 9610 Firmware Exynos 9820 Firmware +13
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-41111 HIGH This Week

An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung Exynos 9810 Firmware Exynos 9610 Firmware +14
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-41270 MEDIUM POC This Month

Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV UE40D7000 version T-GAPDEUC-1033.2 and before allows attackers to cause a denial of service via WPS attack. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Samsung Denial Of Service Ue40D7000 Firmware
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2023-42554 MEDIUM This Month

Improper Authentication vulnerabiity in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Pass
NVD
CVSS 3.1
6.8
EPSS
0.3%
CVE-2023-42553 MEDIUM This Month

Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Email
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-42551 MEDIUM This Month

Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-42550 MEDIUM This Month

Use of implicit intent for sensitive communication vulnerability in startSignIn in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-42549 MEDIUM This Month

Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-42548 MEDIUM This Month

Use of implicit intent for sensitive communication vulnerability in startMandatoryCheckActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-42547 MEDIUM This Month

Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-42546 MEDIUM This Month

Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2023-42542 LOW Monitor

Improper access control vulnerability in Samsung Push Service prior to 3.4.10 allows local attackers to get register ID to identify the device. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Push Service
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-42541 MEDIUM This Month

Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10 allows attacker to access unique id. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Push Service
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-42540 MEDIUM This Month

Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive information via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Account
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-42539 MEDIUM This Month

PendingIntent hijacking vulnerability in ChallengeNotificationManager in Samsung Health prior to version 6.25 allows local attackers to access data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Health
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-35649 HIGH This Week

In several functions of Exynos modem files, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE Samsung Android
NVD
CVSS 3.1
7.2
EPSS
0.4%
CVE-2023-30737 MEDIUM This Month

Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Health
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-30736 MEDIUM This Month

Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Samsung Assistant
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2023-30734 MEDIUM This Month

Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Health
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-41911 MEDIUM This Month

Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 of 2). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Exynos 2200 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2023-42482 HIGH This Week

Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Samsung Denial Of Service Memory Corruption Exynos 2200 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-41929 HIGH This Week

A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could allow a local attacker to escalate privileges. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Samsung Microsoft Memory Card Ufd Authentication
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2023-40218 LOW Monitor

An issue was discovered in the NPU kernel driver in Samsung Exynos Mobile Processor 9820, 980, 2100, 2200, 1280, and 1380. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Samsung Buffer Overflow Exynos 9820 Firmware Exynos 980 Firmware +4
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-40353 LOW Monitor

An issue was discovered in Exynos Mobile Processor 980 and 2100. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Samsung Buffer Overflow Exynos 980 Firmware Exynos 2100 Firmware
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2023-37377 HIGH This Week

An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor (Exynos 980, Exynos 850, Exynos 2100, and Exynos W920). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Samsung Exynos 980 Firmware Exynos 850 Firmware +2
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-37368 HIGH This Week

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Samsung Exynos 9810 Firmware Exynos 9610 Firmware +14
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-37367 MEDIUM This Month

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Exynos 9820 Firmware Exynos 980 Firmware Exynos 850 Firmware +9
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2023-30729 HIGH This Week

Improper Certificate Validation in Samsung Email prior to version 6.1.82.0 allows remote attacker to intercept the network traffic including sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Email
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2023-30723 CRITICAL Act Now

Improper input validation vulnerability in Samsung Health prior to version 6.24.2.011 allows attackers to write arbitrary file with Samsung Health privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Health
NVD
CVSS 3.1
9.8
EPSS
0.4%
CVE-2023-30722 HIGH This Week

Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5 allows local attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung RCE Blockchain Keystore
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30707 HIGH This Week

Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows local attackers to delete arbitrary files with Samsung Keyboard. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2023-30706 MEDIUM This Month

Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
4.9
EPSS
0.4%
CVE-2023-36481 HIGH This Week

An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, and W920. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Samsung Exynos 9810 Firmware Exynos 9610 Firmware +11
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-30704 MEDIUM This Month

Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Internet
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2023-30703 MEDIUM This Month

Improper URL validation vulnerability in Samsung Members prior to version 14.0.07.1 allows attackers to access sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Members
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-30702 HIGH This Week

Stack overflow vulnerability in SSHDCPAPP TA prior to "SAMSUNG ELECTONICS, CO, LTD. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung RCE Microsoft Memory Corruption +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30695 HIGH This Week

Out-of-bounds Write vulnerability in SSHDCPAPP TA prior to "SAMSUNG ELECTONICS, CO, LTD. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung RCE Microsoft Memory Corruption +4
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2023-30684 LOW Monitor

Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call acceptRingingCall API without permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2023-36482 MEDIUM This Month

An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN82AB, and S3NRN82. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung S3Nrn4V Firmware S3Nsn4V Firmware S3Nsen4 Firmware +2
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2023-38523 MEDIUM POC This Month

The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Samsung Authentication Bypass Fgn1115 Wp Wh Firmware Fgn1122 Sa Firmware Fgn1122 Cd Firmware +30
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2023-30677 MEDIUM This Month

Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Pass
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2023-30676 MEDIUM This Month

Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Pass
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2023-30675 MEDIUM This Month

Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access stored account information when Samsung Wallet is not installed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Pass
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-30674 MEDIUM This Month

Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Internet
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-30672 MEDIUM This Month

Improper privilege management vulnerability in Samsung Smart Switch for Windows Installer prior to version 4.3.23043_3 allows attackers to cause permanent DoS via directory junction. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Microsoft Smart Switch Pc
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-21517 CRITICAL Act Now

Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Samsung Exynos
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2023-31116 CRITICAL Act Now

An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Samsung Exynos 5123 Firmware Exynos 5300 Firmware
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2023-31115 HIGH This Week

An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Exynos 5123 Firmware Exynos 5300 Firmware
NVD
CVSS 3.1
7.5
EPSS
0.5%
EPSS 0% CVSS 7.5
HIGH This Week

An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400,. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Exynos 980 Firmware +15
NVD
EPSS 0% CVSS 6.2
MEDIUM This Month

Arbitrary directory creation in Samsung Live Wallpaper PC prior to version 3.3.8.0 allows attacker to create arbitrary directory. Rated medium severity (CVSS 6.2), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper component protection vulnerability in Samsung Dialer prior to SMR May-2024 Release 1 allows local attackers to make a call without proper permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Android
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

A Segmentation Fault issue discovered in Samsung Open Source Escargot JavaScript engine allows remote attackers to cause a denial of service via crafted input.0.0. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Denial Of Service
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

Improper Input Validation vulnerability in Samsung Open Source escargot JavaScript engine allows Overflow Buffers. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung
NVD GitHub
EPSS 0% CVSS 7.3
HIGH This Week

An issue was discovered in the installer in Samsung Portable SSD for T5 1.6.10 on Windows. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

RCE Samsung Microsoft
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

An issue was discovered in Samsung Magician 8.0.0 on macOS. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Apple RCE +2
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

An issue was discovered in Samsung Magician 8.0.0 on macOS. Rated medium severity (CVSS 6.7). No vendor patch available.

Privilege Escalation Apple Samsung +1
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Improper authorization vulnerability in Samsung Keyboard prior to version One UI 5.1.1 allows physical attackers to partially bypass the factory reset protection. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Samsung One Ui
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for cookies. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Internet
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper input validation in Samsung Notes prior to version 4.4.15 allows local attackers to delete files with Samsung Notes privilege under certain conditions. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Notes
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper privilege management vulnerability in Samsung Email prior to version 6.1.91.14 allows local attackers to access sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Email
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper handling of insufficient privileges vulnerability in Samsung Camera prior to versions 12.1.0.31 in Android 12, 13.1.02.07 in Android 13, and 14.0.01.06 in Android 14 allows local attackers. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Google Samsung +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control vulnerability in Samsung Data Store prior to version 5.3.00.4 allows local attackers to launch arbitrary activity with Samsung Data Store privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Cloud
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Use of Implicit Intent for Sensitive Communication in Samsung Pay prior to version 5.4.99 allows local attackers to access information of Samsung Pay. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Samsung Pay
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper Handling of Insufficient Privileges in Samsung Account prior to version 14.8.00.3 allows local attackers to access data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Samsung Account
NVD
EPSS 0% CVSS 2.4
LOW Monitor

Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers using hardware keyboard to use. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Samsung +1
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers to access recording files on the lock. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Samsung +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper validation vulnerability in Samsung Internet prior to version 24.0.3.2 allows local attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Samsung Internet
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user. Rated medium severity (CVSS 5.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Internet
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Missing proper interaction for opening deeplink in Samsung Internet prior to version v24.0.0.0 allows remote attackers to open an application without proper interaction. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Internet
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Microsoft +1
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Samsung Internet
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Samsung Gallery
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

A race condition was found in the Linux kernel's drm/exynos device driver in exynos_drm_crtc_atomic_disable() function. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Race Condition Samsung +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows local attacker to get sensitive information. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Email
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Android Myfiles +1
NVD
EPSS 0% CVSS 4.0
MEDIUM Monitor

Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Path Traversal Android Myfiles +1
NVD
EPSS 0% CVSS 4.6
MEDIUM Monitor

Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users' notification in a multi-user environment. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Dex
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

A race condition issue discovered in Samsung Mobile Processor Exynos 9820, 980, 1080, 2100, 2200, 1280, and 1380 allows unintended modifications of values within certain areas. Rated medium severity (CVSS 4.7). No vendor patch available.

Race Condition Samsung Information Disclosure +7
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Samsung Mobile Processor and Wearable Processor (Exynos 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, and W920) allow Information Disclosure in the Bootloader. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Information Disclosure +10
NVD
EPSS 0% CVSS 4.7
MEDIUM This Month

A TOCTOU race condition in Samsung Mobile Processor Exynos 9820, Exynos 980, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, and Exynos 1380 can cause unexpected termination of a system. Rated medium severity (CVSS 4.7). No vendor patch available.

Samsung Information Disclosure Exynos 9820 Firmware +6
NVD
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Improper input validation vulnerability in Samsung Open Source Escargot allows stack overflow and segmentation fault.0.0 through 4.0.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Buffer Overflow Samsung Escargot
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper usage of insecure protocol (i.e. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Samsung Information Disclosure Google +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.7 allows remote attackers to access location information without permission. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Cloud
NVD
EPSS 0% CVSS 2.4
LOW Monitor

Improper Access Control in Samsung Voice Recorder prior to versions 21.4.15.01 in Android 12 and Android 13, 21.4.50.17 in Android 14 allows physical attackers to access Voice Recorder information on. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Google +1
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid exception handler. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Pass
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Pass
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Implicit intent hijacking vulnerability in Samsung Account Web SDK prior to version 1.5.24 allows attacker to get sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account Web Software Development Kit
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 allows physical attacker to unlock the device remotely by resetting the Samsung Account password with SMS verification when user. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Find My Mobile
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Samsung Buffer Overflow +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Integer Overflow Samsung Buffer Overflow +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Exynos 9810 Firmware +15
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow Samsung +16
NVD
EPSS 0% CVSS 4.3
MEDIUM POC This Month

Improper Restriction of Excessive Authentication Attempts vulnerability in Samsung Smart TV UE40D7000 version T-GAPDEUC-1033.2 and before allows attackers to cause a denial of service via WPS attack. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Samsung Denial Of Service Ue40D7000 Firmware
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Improper Authentication vulnerabiity in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Pass
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Email
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Use of implicit intent for sensitive communication vulnerability in startSignIn in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Use of implicit intent for sensitive communication vulnerability in startMandatoryCheckActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper access control vulnerability in Samsung Push Service prior to 3.4.10 allows local attackers to get register ID to identify the device. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Push Service
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10 allows attacker to access unique id. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Push Service
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive information via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Account
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PendingIntent hijacking vulnerability in ChallengeNotificationManager in Samsung Health prior to version 6.25 allows local attackers to access data. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Health
NVD
EPSS 0% CVSS 7.2
HIGH This Week

In several functions of Exynos modem files, there is a possible out of bounds write due to a missing bounds check. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Memory Corruption Buffer Overflow RCE +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Health
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Samsung Assistant
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Health
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 of 2). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Exynos 2200 Firmware
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Samsung Mobile Processor Exynos 2200 allows a GPU Use After Free. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Samsung Denial Of Service +2
NVD
EPSS 0% CVSS 7.3
HIGH This Week

A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could allow a local attacker to escalate privileges. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Samsung Microsoft +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

An issue was discovered in the NPU kernel driver in Samsung Exynos Mobile Processor 9820, 980, 2100, 2200, 1280, and 1380. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Samsung Buffer Overflow +6
NVD
EPSS 0% CVSS 3.3
LOW Monitor

An issue was discovered in Exynos Mobile Processor 980 and 2100. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Samsung Buffer Overflow +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor (Exynos 980, Exynos 850, Exynos 2100, and Exynos W920). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Samsung +4
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos Mobile Processor, Automotive Processor, and Modem - Exynos 9810, Exynos 9610, Exynos 9820, Exynos. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Null Pointer Dereference Samsung +16
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

An issue was discovered in Samsung Exynos Mobile Processor, Automotive Processor, and Modem (Exynos 9820, Exynos 980, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380,. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Exynos 9820 Firmware +11
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper Certificate Validation in Samsung Email prior to version 6.1.82.0 allows remote attacker to intercept the network traffic including sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Email
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Improper input validation vulnerability in Samsung Health prior to version 6.24.2.011 allows attackers to write arbitrary file with Samsung Health privilege. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Health
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5 allows local attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung RCE Blockchain Keystore
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows local attackers to delete arbitrary files with Samsung Keyboard. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in Samsung Exynos Mobile Processor and Wearable Processor 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, and W920. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Samsung +13
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Internet
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Improper URL validation vulnerability in Samsung Members prior to version 14.0.07.1 allows attackers to access sensitive information. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Members
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Stack overflow vulnerability in SSHDCPAPP TA prior to "SAMSUNG ELECTONICS, CO, LTD. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung RCE +6
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Out-of-bounds Write vulnerability in SSHDCPAPP TA prior to "SAMSUNG ELECTONICS, CO, LTD. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung RCE +6
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call acceptRingingCall API without permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN82AB, and S3NRN82. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Samsung S3Nrn4V Firmware +4
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

The web interface on multiple Samsung Harman AMX N-Series devices allows directory listing for the /tmp/ directory, without authentication, exposing sensitive information such as the command history. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Samsung Authentication Bypass Fgn1115 Wp Wh Firmware +32
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass on a certain state of an unlocked device. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Pass
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Improper access control vulnerability in Samsung Pass prior to version 4.2.03.1 allows physical attackers to access data of Samsung Pass. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Pass
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper authentication in Samsung Pass prior to version 4.2.03.1 allows local attacker to access stored account information when Samsung Wallet is not installed. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Pass
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Internet
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper privilege management vulnerability in Samsung Smart Switch for Windows Installer prior to version 4.3.23043_3 allows attackers to cause permanent DoS via directory junction. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Microsoft +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Samsung +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Samsung Exynos 5123 Firmware +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An issue was discovered in the Shannon RCS component in Samsung Exynos Modem 5123 and 5300. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Exynos 5123 Firmware +1
NVD
Prev Page 5 of 11 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy