Filtered by vendor Samsung
Subscribe
Search
Total
49 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20807 | 1 Samsung | 1 Email | 2024-01-10 | N/A | 3.3 LOW |
| Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows attacker to get sensitive information. | |||||
| CVE-2023-42577 | 1 Samsung | 2 Android, Samsung Voice Recorder | 2023-12-11 | N/A | 2.4 LOW |
| Improper Access Control in Samsung Voice Recorder prior to versions 21.4.15.01 in Android 12 and Android 13, 21.4.50.17 in Android 14 allows physical attackers to access Voice Recorder information on the lock screen. | |||||
| CVE-2023-42569 | 1 Samsung | 1 Android | 2023-12-11 | N/A | 3.3 LOW |
| Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji. | |||||
| CVE-2023-42570 | 1 Samsung | 1 Android | 2023-12-11 | N/A | 3.3 LOW |
| Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN. | |||||
| CVE-2023-42552 | 1 Samsung | 2 Android, Firewall | 2023-11-15 | N/A | 3.3 LOW |
| Implicit intent hijacking vulnerability in Firewall application prior to versions 12.1.00.24 in Android 11, 13.1.00.16 in Android 12 and 14.1.00.7 in Android 13 allows 3rd party application to tamper the database of Firewall. | |||||
| CVE-2023-42542 | 1 Samsung | 1 Push Service | 2023-11-14 | N/A | 3.3 LOW |
| Improper access control vulnerability in Samsung Push Service prior to 3.4.10 allows local attackers to get register ID to identify the device. | |||||
| CVE-2023-30700 | 1 Samsung | 1 Android | 2023-08-15 | N/A | 3.3 LOW |
| PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1 allows local attackers to access ContentProvider without proper permission. | |||||
| CVE-2023-30682 | 1 Samsung | 1 Android | 2023-08-14 | N/A | 3.3 LOW |
| Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call silenceRinger API without permission. | |||||
| CVE-2023-30683 | 1 Samsung | 1 Android | 2023-08-14 | N/A | 3.3 LOW |
| Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call endCall API without permission. | |||||
| CVE-2023-30684 | 1 Samsung | 1 Android | 2023-08-14 | N/A | 3.3 LOW |
| Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call acceptRingingCall API without permission. | |||||
| CVE-2023-30685 | 1 Samsung | 1 Android | 2023-08-14 | N/A | 3.3 LOW |
| Improper access control vulnerability in Telecom prior to SMR Aug-2023 Release 1 allows local attakcers to change TTY mode. | |||||
| CVE-2021-25403 | 2 Google, Samsung | 2 Android, Account | 2022-07-30 | 2.1 LOW | 3.3 LOW |
| Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component. | |||||
| CVE-2021-25439 | 2 Google, Samsung | 2 Android, Members | 2022-07-25 | 2.1 LOW | 3.3 LOW |
| Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview. | |||||
| CVE-2022-33705 | 1 Samsung | 1 Calendar | 2022-07-19 | 2.1 LOW | 3.3 LOW |
| Information exposure in Calendar prior to version 12.3.05.10000 allows attacker to access calendar schedule without READ_CALENDAR permission. | |||||
| CVE-2022-30742 | 1 Samsung | 1 Find My Mobile | 2022-06-13 | 2.1 LOW | 3.3 LOW |
| Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permissio to get sim card information through device log. | |||||
| CVE-2022-30741 | 1 Samsung | 1 Find My Mobile | 2022-06-13 | 2.1 LOW | 3.3 LOW |
| Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log. | |||||
| CVE-2022-28790 | 1 Samsung | 1 Link To Windows Service | 2022-05-11 | 2.1 LOW | 3.3 LOW |
| Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic. | |||||
| CVE-2022-24923 | 1 Samsung | 1 Searchwidget | 2022-02-22 | 2.1 LOW | 3.3 LOW |
| Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview. | |||||
| CVE-2022-23996 | 1 Samsung | 1 Wear Os | 2022-02-22 | 4.3 MEDIUM | 3.3 LOW |
| Unprotected component vulnerability in StTheaterModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to enable bedtime mode without a proper permission. | |||||
| CVE-2022-23995 | 1 Samsung | 1 Wear Os | 2022-02-22 | 4.3 MEDIUM | 3.3 LOW |
| Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission. | |||||
| CVE-2022-23994 | 1 Samsung | 1 Wear Os | 2022-02-22 | 4.3 MEDIUM | 3.3 LOW |
| An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission. | |||||
| CVE-2022-23997 | 1 Samsung | 1 Wear Os | 2022-02-18 | 4.3 MEDIUM | 3.3 LOW |
| Unprotected component vulnerability in StTheaterModeDurationAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to disable theater mode without a proper permission. | |||||
| CVE-2022-23434 | 2 Google, Samsung | 2 Android, Bixby | 2022-02-18 | 2.1 LOW | 3.3 LOW |
| A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modifying the intent. | |||||
| CVE-2022-22283 | 1 Samsung | 1 Health | 2022-01-19 | 2.1 LOW | 3.3 LOW |
| Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging out from Samsung Health App. | |||||
| CVE-2021-25527 | 1 Samsung | 1 Pay | 2021-12-16 | 2.1 LOW | 3.3 LOW |
| Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication. | |||||
| CVE-2021-25524 | 1 Samsung | 1 Contacts | 2021-12-13 | 2.1 LOW | 3.3 LOW |
| Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID. | |||||
| CVE-2021-25523 | 1 Samsung | 1 Dialer | 2021-12-13 | 2.1 LOW | 3.3 LOW |
| Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID. | |||||
| CVE-2021-25522 | 1 Samsung | 1 Smart Capture | 2021-12-13 | 2.1 LOW | 3.3 LOW |
| Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 allows attacker to access victim's captured images without permission. | |||||
| CVE-2021-25521 | 1 Samsung | 1 Internet | 2021-12-13 | 2.1 LOW | 3.3 LOW |
| Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet. | |||||
| CVE-2021-25457 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2021-09-22 | 2.1 LOW | 3.3 LOW |
| An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information. | |||||
| CVE-2021-25404 | 1 Samsung | 2 Smartthings, Smartthings Firmware | 2021-06-21 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log. | |||||
| CVE-2021-25402 | 1 Samsung | 1 Notes | 2021-06-21 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information. | |||||
| CVE-2021-25398 | 1 Samsung | 1 Bixby Voice | 2021-06-16 | 2.1 LOW | 3.3 LOW |
| Intent redirection vulnerability in Bixby Voice prior to version 3.1.12 allows attacker to access contacts. | |||||
| CVE-2021-25379 | 1 Samsung | 1 Gallery | 2021-04-23 | 2.1 LOW | 3.3 LOW |
| Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action. | |||||
| CVE-2021-25350 | 2 Google, Samsung | 2 Android, Account | 2021-03-30 | 2.1 LOW | 3.9 LOW |
| Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log. | |||||
| CVE-2021-25351 | 2 Google, Samsung | 2 Android, Account | 2021-03-30 | 2.1 LOW | 2.4 LOW |
| Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password. | |||||
| CVE-2021-25366 | 1 Samsung | 1 Internet | 2021-03-30 | 3.6 LOW | 2.9 LOW |
| Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate attackers to bypass the secret mode's authentication. | |||||
| CVE-2021-25333 | 1 Samsung | 1 Pay Mini | 2021-03-11 | 1.9 LOW | 2.4 LOW |
| Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code. | |||||
| CVE-2021-25331 | 1 Samsung | 1 Pay Mini | 2021-03-11 | 1.9 LOW | 2.4 LOW |
| Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen in specific condition. | |||||
| CVE-2021-25335 | 2 Google, Samsung | 2 Android, One Ui | 2021-03-11 | 1.9 LOW | 2.5 LOW |
| Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscreen in specific condition. | |||||
| CVE-2021-25332 | 1 Samsung | 1 Pay Mini | 2021-03-11 | 1.9 LOW | 2.4 LOW |
| Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to contacts information over the lockscreen in specific condition. | |||||
| CVE-2021-25342 | 2 Google, Samsung | 2 Android, Members | 2021-03-11 | 2.1 LOW | 3.3 LOW |
| Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider. | |||||
| CVE-2021-25343 | 2 Google, Samsung | 2 Android, Members | 2021-03-11 | 2.1 LOW | 3.3 LOW |
| Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider. | |||||
| CVE-2021-25341 | 1 Samsung | 1 S Assistant | 2021-03-05 | 2.1 LOW | 3.3 LOW |
| Calling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actions including denial of service attack by hijacking the provider. | |||||
| CVE-2021-25348 | 1 Samsung | 1 Internet | 2021-03-05 | 2.1 LOW | 2.4 LOW |
| Improper permission grant check in Samsung Internet prior to version 13.0.1.60 allows access to files in internal storage without authorized STORAGE permission. | |||||
| CVE-2018-21043 | 2 Google, Samsung | 2 Android, Exynos 9810 | 2020-04-09 | 2.1 LOW | 3.3 LOW |
| An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is information disclosure about a kernel pointer in the g2d_drv driver because of logging. The Samsung ID is SVE-2018-13035 (December 2018). | |||||
| CVE-2018-21073 | 2 Google, Samsung | 6 Android, Galaxy S8, Galaxy S8\+ and 3 more | 2020-04-09 | 2.1 LOW | 2.4 LOW |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.0) (Galaxy S9+, Galaxy S9, Galaxy S8+, Galaxy S8, Note 8). There is access to Clipboard content in the locked state via the Edge panel. The Samsung ID is SVE-2017-10748 (May 2018). | |||||
| CVE-2016-2567 | 1 Samsung | 4 Galaxy Note 3, Galaxy Note 3 Firmware, Galaxy S6 and 1 more | 2017-04-25 | 2.1 LOW | 3.3 LOW |
| secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by the http://should-have-been-filtered.example.com/?http://google.com URL. | |||||
| CVE-2016-2565 | 1 Samsung | 2 Galaxy S6, Galaxy S6 Firmware | 2017-04-22 | 2.1 LOW | 3.3 LOW |
| Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to read sent e-mail messages, aka SVE-2015-5081. | |||||