Samsung

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-25351 1Samsung 1Account Nov 21, 2024 Mar 25, 2021 N/A· v4 2.4 LOW· v3 2.1 LOW· v2 Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password.
CVE-2021-25350 1Samsung 1Account Nov 21, 2024 Mar 25, 2021 N/A· v4 3.9 LOW· v3 2.1 LOW· v2 Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log.
CVE-2021-25349 1Samsung 1Slow Motion Editor Nov 21, 2024 Mar 25, 2021 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via hijacking the PendingIntent.
CVE-2021-25348 1Samsung 1Internet Nov 21, 2024 Mar 4, 2021 N/A· v4 2.4 LOW· v3 2.1 LOW· v2 Improper permission grant check in Samsung Internet prior to version 13.0.1.60 allows access to files in internal storage without authorized STORAGE permission.
CVE-2021-25343 1Samsung 1Members Nov 21, 2024 Mar 4, 2021 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by h...Show more Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider.Show less
CVE-2021-25342 1Samsung 1Members Nov 21, 2024 Mar 4, 2021 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider.
CVE-2021-25341 1Samsung 1S Assistant Nov 21, 2024 Mar 4, 2021 N/A· v4 3.3 LOW· v3 2.1 LOW· v2 Calling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actions including denial of service attack by hijacking the provider.
CVE-2021-25337 1Samsung 1Android Oct 30, 2025 Mar 4, 2021 N/A· v4 7.1 HIGH· v3 5.8 MEDIUM· v2 Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.
CVE-2021-25335 2Google Samsung 2Android One Ui Nov 21, 2024 Mar 4, 2021 N/A· v4 2.5 LOW· v3 1.9 LOW· v2 Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscreen in specific condit...Show more Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscreen in specific condition.Show less
CVE-2021-25333 1Samsung 1Pay Mini Nov 21, 2024 Mar 4, 2021 N/A· v4 2.4 LOW· v3 1.9 LOW· v2 Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code.
CVE-2021-25332 1Samsung 1Pay Mini Nov 21, 2024 Mar 4, 2021 N/A· v4 2.4 LOW· v3 1.9 LOW· v2 Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to contacts information over the lockscreen in specific condition.
CVE-2021-25331 1Samsung 1Pay Mini Nov 21, 2024 Mar 4, 2021 N/A· v4 2.4 LOW· v3 1.9 LOW· v2 Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen in specific condition.
CVE-2020-7811 1Samsung 1Update Nov 21, 2024 Oct 12, 2020 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication
CVE-2020-25054 1Samsung 1Exynos Nov 21, 2024 Aug 31, 2020 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 An issue was discovered on Samsung mobile devices with software through 2020-04-02 (Exynos modem chipsets). There is a heap-based buffer over-read in the Shannon baseband. The Samsung ID is SVE-2020-17239 (August 2020).
CVE-2017-18681 1Samsung 1Galaxy S5 Firmware Nov 21, 2024 Apr 7, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered on Samsung Galaxy S5 mobile devices with software through 2016-12-20 (Qualcomm AP chipsets). There are multiple buffer overflows in the bootloader. The Samsung ID is SVE-2016-7930 (March 2017).
CVE-2016-11050 1Samsung 5Note2 Firmware Note3 FirmwareS3 Firmware+2 more Nov 21, 2024 Apr 7, 2020 N/A· v4 4.3 MEDIUM· v3 2.1 LOW· v2 An issue was discovered on Samsung mobile devices with S3(KK), Note2(KK), S4(L), Note3(L), and S5(L) software. An attacker can rewrite the IMEI by flashing crafted firmware. The Samsung ID is SVE-2016-5562 (March 2016).
CVE-2019-20566 1Samsung 1Exynos Smp1300 Nov 21, 2024 Mar 24, 2020 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered on Samsung mobile devices with any (before September 2019 for SMP1300 Exynos modem chipsets) software. Attackers can trigger stack corruption in the Shannon modem via a crafted RP-Originator/Desti...Show more An issue was discovered on Samsung mobile devices with any (before September 2019 for SMP1300 Exynos modem chipsets) software. Attackers can trigger stack corruption in the Shannon modem via a crafted RP-Originator/Destination address. The Samsung ID is SVE-2019-14858 (September 2019).Show less
CVE-2019-20564 1Samsung 2Note9 S9+ Nov 21, 2024 Mar 24, 2020 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An issue was discovered on Samsung mobile devices with any (before October 2019 for S9 or Note9) software. Attackers can manipulate the IMEI. The Samsung ID is SVE-2019-15435 (October 2019).
CVE-2020-10835 1Samsung 1Exynos Nov 21, 2024 Mar 24, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 An issue was discovered on Samsung mobile devices with any (before February 2020 for Exynos modem chipsets) software. There is a buffer overflow in baseband CP message decoding. The Samsung IDs are SVE-2019-15816 and SVE...Show more An issue was discovered on Samsung mobile devices with any (before February 2020 for Exynos modem chipsets) software. There is a buffer overflow in baseband CP message decoding. The Samsung IDs are SVE-2019-15816 and SVE-2019-15817 (February 2020).Show less
CVE-2020-10255 3Micron SamsungSkhynix 6Ddr4 Ddr4 SdramDdr4 Sdram+3 more Nov 21, 2024 Mar 10, 2020 N/A· v4 9.0 CRITICAL· v3 9.3 HIGH· v2 Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. To exploit this v...Show more Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger bit flips on affected memory modules, aka a Many-sided RowHammer attack. This means that, even when chips advertised as RowHammer-free are used, attackers may still be able to conduct privilege-escalation attacks against the kernel, conduct privilege-escalation attacks against the Sudo binary, and achieve cross-tenant virtual-machine access by corrupting RSA keys. The issue affects chips produced by SK Hynix, Micron, and Samsung. NOTE: tracking DRAM supply-chain issues is not straightforward because a single product model from a single vendor may use DRAM chips from different manufacturers.Show less

Previous 1...616263...76 Next