Skip to main content

Samsung

980 CVEs vendor

Monthly

CVE-2022-36840 HIGH This Week

DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Samsung Update
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-36839 MEDIUM This Month

SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung SQLi Checkout
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-36837 MEDIUM This Month

Intent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows attacker to get sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Samsung Email
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-36836 MEDIUM This Month

Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to read connection state without permission. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Charm Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-36835 LOW Monitor

Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allows attackers to access arbitrary files. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Samsung Internet Browser
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-36831 MEDIUM This Month

Path traversal vulnerability in UriFileUtils of Samsung Notes prior to version 4.3.14.39 allows attacker to access some file as Samsung Notes permission. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Path Traversal Notes
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-36830 MEDIUM This Month

PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Charm Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-36829 MEDIUM This Month

PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Charm Firmware
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-33734 MEDIUM This Month

Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Charm
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-33733 LOW Monitor

Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Charm
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-33732 HIGH This Week

Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Android
NVD
CVSS 3.1
7.1
EPSS
0.1%
CVE-2022-33730 MEDIUM This Month

Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Samsung RCE Buffer Overflow Android
NVD
CVSS 3.1
6.8
EPSS
0.2%
CVE-2022-33726 LOW Monitor

Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-33724 LOW Monitor

Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2022-35858 HIGH POC This Week

The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Samsung Denial Of Service Mtower
NVD GitHub
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-33713 HIGH This Week

Implicit Intent hijacking vulnerability in Samsung Cloud prior to version 5.2.0 allows attacker to get sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Cloud
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2022-33711 MEDIUM This Month

Improper validation of integrity check vulnerability in Samsung USB Driver Windows Installer for Mobile Phones prior to version 1.7.56.0 allows local attackers to delete arbitrary directory using. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Microsoft Information Disclosure Android Usb Driver
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2022-33706 LOW Monitor

Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Samsung Gallery
NVD
CVSS 3.1
2.4
EPSS
0.2%
CVE-2022-30748 MEDIUM This Month

Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Members
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-30744 HIGH This Week

DLL hijacking vulnerability in KiesWrapper in Samsung Kies prior to version 2.6.4.22043_1 allows attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung RCE Kies
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2022-30743 MEDIUM This Month

Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-30740 MEDIUM This Month

Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Internet
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2022-30739 MEDIUM This Month

Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get an user email or phone number with a normal level permission. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Privilege Escalation Account
NVD
CVSS 3.1
4.3
EPSS
0.4%
CVE-2022-30738 MEDIUM This Month

Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Internet
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2022-30737 MEDIUM This Month

Implicit Intent hijacking vulnerability in Samsung Account prior to version 13.2.00.6 allows attackers to get email ID. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-30736 MEDIUM This Month

Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2022-30735 HIGH This Week

Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the access_token without permission. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2022-30734 MEDIUM This Month

Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-30733 MEDIUM This Month

Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2022-30732 HIGH This Week

Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via onActivityResult. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2022-30730 MEDIUM This Month

Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Samsung Pass
NVD
CVSS 3.1
4.6
EPSS
0.2%
CVE-2022-30722 CRITICAL Act Now

Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
9.8
EPSS
0.2%
CVE-2022-28779 HIGH This Week

Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google RCE Microsoft Samsung Android Usb Driver Windows Installer
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2022-28778 LOW Monitor

Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Samsung Security Supporter
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-28777 LOW Monitor

Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Members
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2022-28775 LOW Monitor

Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Samsung Flow
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2022-28543 MEDIUM This Month

Path traversal vulnerability in Samsung Flow prior to version 4.8.07.4 allows local attackers to read arbitrary files as Samsung Flow permission. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Path Traversal Samsung Flow
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2022-28541 HIGH This Week

Uncontrolled search path element vulnerability in Samsung Update prior to version 3.0.77.0 allows attackers to execute arbitrary code as Samsung Update permission. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung RCE Path Traversal Update
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2022-27841 MEDIUM This Month

Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Samsung Pass
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2022-27839 MEDIUM This Month

Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Internet
NVD
CVSS 3.1
4.0
EPSS
0.5%
CVE-2022-27576 LOW Monitor

Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.3%
CVE-2022-25154 HIGH This Week

A DLL hijacking vulnerability in Samsung portable SSD T5 PC software before 1.6.9 could allow a local attacker to escalate privileges. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Privilege Escalation Microsoft T5 Firmware
NVD
CVSS 3.1
7.3
EPSS
0.2%
CVE-2022-25825 MEDIUM This Month

Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Account
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2022-25816 MEDIUM This Month

Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
4.6
EPSS
0.1%
CVE-2021-42913 HIGH This Week

The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Syncthru Web Service
NVD
CVSS 3.1
7.5
EPSS
1.8%
CVE-2021-39647 MEDIUM PATCH This Month

In mon_smc_load_sp of gs101-sc/plat/samsung/exynos/soc/exynos9845/smc_booting.S, there is a possible reinitialization of TEE due to improper locking. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Google Samsung Information Disclosure Android
NVD
CVSS 3.1
4.4
EPSS
0.1%
CVE-2021-25527 LOW Monitor

Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Samsung Information Disclosure Pay
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-25526 MEDIUM This Month

Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Blockchain Wallet
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-25525 MEDIUM This Month

Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Pay
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-25524 LOW Monitor

Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Contacts
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-25523 LOW Monitor

Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Dialer
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-25521 LOW Monitor

Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Internet
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-25520 MEDIUM This Month

Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Internet
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-25516 HIGH This Week

An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2021-42114 HIGH POC This Week

Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability in their internal Target Row Refresh (TRR) mitigation against Rowhammer attacks. Rated high severity (CVSS 8.3), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Samsung Privilege Escalation Ddr4 Sdram Firmware Lddr4 Firmware
NVD GitHub
CVSS 3.1
8.3
EPSS
2.9%
CVE-2021-25509 HIGH This Week

A missing input validation in Samsung Flow Windows application prior to Version 4.8.5.0 allows attackers to overwrite abtraty file in the Windows known folders. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Samsung Microsoft Information Disclosure Samsung Flow
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-25507 MEDIUM This Month

Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Samsung Flow
NVD
CVSS 3.1
5.7
EPSS
0.3%
CVE-2021-25506 MEDIUM This Month

Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Denial Of Service Authentication Bypass Health
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-25505 HIGH This Week

Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Samsung Pass
NVD
CVSS 3.1
7.8
EPSS
0.6%
CVE-2021-25498 HIGH This Week

A possible buffer overflow vulnerability in maetd_eco_cb_mode of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung RCE Notes
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25497 HIGH This Week

A possible buffer overflow vulnerability in maetd_cpy_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung RCE Notes
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25496 HIGH This Week

A possible buffer overflow vulnerability in maetd_dec_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung RCE Notes
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25495 HIGH This Week

A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Heap Overflow RCE Notes
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25494 HIGH This Week

A possible buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung RCE Information Disclosure Notes
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25493 HIGH This Week

Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Information Disclosure Notes
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-25492 HIGH This Week

Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption Notes
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2021-25481 MEDIUM This Month

An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2021-25479 HIGH This Week

A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Heap Overflow RCE Android
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2021-25478 HIGH This Week

A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Samsung RCE Stack Overflow Android
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2021-25466 MEDIUM This Month

Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Samsung Authentication Bypass Internet
NVD
CVSS 3.1
5.9
EPSS
0.8%
CVE-2021-25465 HIGH This Week

An improper scheme check vulnerability in Samsung Themes prior to version 5.2.01 allows attackers to perform Man-in-the-middle attack. Rated high severity (CVSS 7.0). No vendor patch available.

Samsung Information Disclosure Themes
NVD
CVSS 3.1
7.0
EPSS
0.2%
CVE-2021-39373 HIGH POC This Week

Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers to bypass intended access controls on disk management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Samsung Authentication Bypass Drive Manager
NVD GitHub
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25445 MEDIUM This Month

Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted application to access internal files in Samsung Internet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Internet
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-25439 LOW Monitor

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Samsung Authentication Bypass Members
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-25438 HIGH This Week

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Samsung Authentication Bypass Members
NVD
CVSS 3.1
7.8
EPSS
1.7%
CVE-2021-25436 CRITICAL Act Now

Improper input validation vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows arbitrary code execution via Samsung Accessory Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung RCE Tizen
NVD
CVSS 3.1
9.8
EPSS
1.6%
CVE-2021-25432 LOW Monitor

Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Samsung Information Disclosure Samsung Members
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-25426 HIGH POC This Week

Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2021-25425 MEDIUM This Month

Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Health
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-25419 MEDIUM This Month

Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Internet
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-25418 HIGH This Week

Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Privilege Escalation Internet
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-25414 HIGH POC This Week

Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary files with Samsung Contacts privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-25413 MEDIUM POC This Month

Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-25405 MEDIUM This Month

An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Notes
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-25403 LOW Monitor

Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Samsung Information Disclosure Account
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-25402 LOW Monitor

Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Notes
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-25401 HIGH This Week

Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Health
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-25400 HIGH This Week

Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Internet
NVD
CVSS 3.1
7.8
EPSS
0.2%
CVE-2021-25392 MEDIUM POC This Month

Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Samsung Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-3438 HIGH This Week

A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Privilege Escalation HP Color Laser 150 4Zb94A +381
NVD
CVSS 3.1
7.8
EPSS
2.9%
EPSS 0% CVSS 7.8
HIGH This Week

DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Samsung Update
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung SQLi Checkout
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Intent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows attacker to get sensitive information. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Samsung Email
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to read connection state without permission. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Charm Firmware
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allows attackers to access arbitrary files. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Samsung Internet Browser
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Path traversal vulnerability in UriFileUtils of Samsung Notes prior to version 4.3.14.39 allows attacker to access some file as Samsung Notes permission. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Path Traversal Notes
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Charm Firmware
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Charm Firmware
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Charm
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Charm
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Authentication Bypass Samsung Android
NVD
EPSS 0% CVSS 6.8
MEDIUM This Month

Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Memory Corruption Samsung RCE +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Android
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Samsung Android
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Samsung Denial Of Service +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH This Week

Implicit Intent hijacking vulnerability in Samsung Cloud prior to version 5.2.0 allows attacker to get sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Cloud
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper validation of integrity check vulnerability in Samsung USB Driver Windows Installer for Mobile Phones prior to version 1.7.56.0 allows local attackers to delete arbitrary directory using. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Microsoft Information Disclosure +1
NVD
EPSS 0% CVSS 2.4
LOW Monitor

Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Samsung Gallery
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Members
NVD
EPSS 0% CVSS 7.8
HIGH This Week

DLL hijacking vulnerability in KiesWrapper in Samsung Kies prior to version 2.6.4.22043_1 allows attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung RCE Kies
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers. Rated medium severity (CVSS 4.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Internet
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get an user email or phone number with a normal level permission. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Privilege Escalation Account
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Internet
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Implicit Intent hijacking vulnerability in Samsung Account prior to version 13.2.00.6 allows attackers to get email ID. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the access_token without permission. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via onActivityResult. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Account
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Samsung Pass
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary code. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google RCE Microsoft +2
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Samsung Security Supporter
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Members
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Samsung Flow
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Path traversal vulnerability in Samsung Flow prior to version 4.8.07.4 allows local attackers to read arbitrary files as Samsung Flow permission. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Path Traversal Samsung Flow
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Uncontrolled search path element vulnerability in Samsung Update prior to version 3.0.77.0 allows attackers to execute arbitrary code as Samsung Update permission. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung RCE Path Traversal +1
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Samsung Pass
NVD
EPSS 1% CVSS 4.0
MEDIUM This Month

Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials. Rated medium severity (CVSS 4.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Internet
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
EPSS 0% CVSS 7.3
HIGH This Week

A DLL hijacking vulnerability in Samsung portable SSD T5 PC software before 1.6.9 could allow a local attacker to escalate privileges. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Privilege Escalation Microsoft +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Improper access control vulnerability in Samsung Account prior to version 13.1.0.1 allows attackers to access to the authcode for sign-in. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Account
NVD
EPSS 0% CVSS 4.6
MEDIUM This Month

Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Syncthru Web Service
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

In mon_smc_load_sp of gs101-sc/plat/samsung/exynos/soc/exynos9845/smc_booting.S, there is a possible reinitialization of TEE due to improper locking. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

Google Samsung Information Disclosure +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Samsung Information Disclosure +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Blockchain Wallet
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Pay
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Contacts
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Dialer
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Internet
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Internet
NVD
EPSS 0% CVSS 7.5
HIGH This Week

An improper check or handling of exceptional conditions in Exynos baseband prior to SMR Dec-2021 Release 1 allows attackers to track locations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Android
NVD
EPSS 3% CVSS 8.3
HIGH POC This Week

Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability in their internal Target Row Refresh (TRR) mitigation against Rowhammer attacks. Rated high severity (CVSS 8.3), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Samsung Privilege Escalation Ddr4 Sdram Firmware +1
NVD GitHub
EPSS 0% CVSS 7.1
HIGH This Week

A missing input validation in Samsung Flow Windows application prior to Version 4.8.5.0 allows attackers to overwrite abtraty file in the Windows known folders. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Samsung Microsoft Information Disclosure +1
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure. Rated medium severity (CVSS 5.7), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Samsung Flow
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Denial Of Service Authentication Bypass +1
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Samsung Pass
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A possible buffer overflow vulnerability in maetd_eco_cb_mode of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A possible buffer overflow vulnerability in maetd_cpy_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A possible buffer overflow vulnerability in maetd_dec_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung RCE +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Heap Overflow +2
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A possible buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung RCE +2
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Information Disclosure +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read. Rated high severity (CVSS 7.1), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Memory Corruption +1
NVD
EPSS 0% CVSS 6.7
MEDIUM This Month

An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Heap Overflow +2
NVD
EPSS 1% CVSS 7.2
HIGH This Week

A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Samsung RCE +2
NVD
EPSS 1% CVSS 5.9
MEDIUM This Month

Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Samsung Authentication Bypass Internet
NVD
EPSS 0% CVSS 7.0
HIGH This Week

An improper scheme check vulnerability in Samsung Themes prior to version 5.2.01 allows attackers to perform Man-in-the-middle attack. Rated high severity (CVSS 7.0). No vendor patch available.

Samsung Information Disclosure Themes
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers to bypass intended access controls on disk management. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Samsung Authentication Bypass Drive Manager
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM This Month

Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted application to access internal files in Samsung Internet. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Internet
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Samsung Authentication Bypass +1
NVD
EPSS 2% CVSS 7.8
HIGH This Week

Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Samsung Authentication Bypass +1
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

Improper input validation vulnerability in Tizen FOTA service prior to Firmware update JUL-2021 Release allows arbitrary code execution via Samsung Accessory Protocol. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung RCE Tizen
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Samsung Information Disclosure +1
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

Improper component protection vulnerability in SmsViewerActivity of Samsung Message prior to SMR July-2021 Release 1 allows untrusted applications to access Message files. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Samsung Information Disclosure Android
NVD
EPSS 1% CVSS 5.3
MEDIUM This Month

Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Health
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Internet
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Privilege Escalation Internet
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to copy or overwrite arbitrary files with Samsung Contacts privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Samsung Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Samsung Information Disclosure Android
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Notes
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Samsung Information Disclosure +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Notes
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Health
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Internet
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Samsung Information Disclosure Android
NVD
EPSS 3% CVSS 7.8
HIGH This Week

A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Samsung Privilege Escalation +383
NVD
Prev Page 7 of 11 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy