Vulnerabilities in Samsung Mobile

1,316 results
Vexday analysis

Samsung Mobile acumula 1.316 CVEs catalogadas, com 13 confirmadas em exploração ativa pelo CISA KEV — uma taxa 2,2 vezes acima da média geral do catálogo, o que indica exposição operacional relevante e exige atenção prioritária na gestão de patches. O tipo de falha mais recorrente é CWE-20 (validação inadequada de entrada), sugerindo fragilidades sistemáticas no tratamento de dados externos que tendem a gerar superfícies amplas de ataque. A CVE mais perigosa em exploração ativa no momento é CVE-2025-21042, com escore EPSS de 0,1161, enquanto 34 novas vulnerabilidades surgiram nos últimos 90 dias, sinalizando um ritmo de descoberta contínuo que demanda monitoramento frequente. Com apenas 3 CVEs acompanhadas de PoC pública e EPSS máximo observado de 0,1289, o risco de exploração massiva imediata é moderado, mas a combinação de falhas ativas confirmadas e volume crescente de novas entradas justifica ciclos curtos de atualização de firmware em ambientes corporativos.

CVE-2023-21496MEDIUMActive Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting EPSS 0.2%CVE-2023-21502MEDIUMImproper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege eEPSS 0.2%CVE-2024-20864MEDIUMImproper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system resourceEPSS 0.2%CVE-2023-30656HIGHImproper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1 allows attackers to launch certain activities.EPSS 0.2%CVE-2023-21440MEDIUMImproper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture.EPSS 0.2%CVE-2024-20843MEDIUMOut-of-bound write vulnerability in command parsing implementation of libIfaaCa prior to SMR Apr-2024 Release 1 allows local privileged attaEPSS 0.2%CVE-2024-20819MEDIUMOut-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger bEPSS 0.2%CVE-2022-39859MEDIUMImplicit intent hijacking vulnerability in UPHelper library prior to version 3.0.12 allows attackers to access sensitive information via impEPSS 0.2%CVE-2025-20966MEDIUMImproper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in EPSS 0.2%CVE-2025-21056MEDIUMImproper input validation in Retail Mode prior to version 5.59.4 allows self attackers to execute privileged commands on their own devices.EPSS 0.2%CVE-2024-20818MEDIUMOut-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffEPSS 0.2%CVE-2024-20817MEDIUMOut-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffEPSS 0.2%CVE-2024-34612HIGHOut-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code.EPSS 0.2%CVE-2022-36865MEDIUMImproper access control in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackersEPSS 0.2%CVE-2022-33733MEDIUMSensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connectioEPSS 0.2%CVE-2024-34614HIGHOut-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code.EPSS 0.2%CVE-2022-36869MEDIUMImproper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the fiEPSS 0.2%CVE-2022-36866MEDIUMImproper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(1EPSS 0.2%CVE-2024-20888HIGHImproper access control in OneUIHome prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. User interactioEPSS 0.2%CVE-2023-21446MEDIUMImproper input validation in MyFiles prior to version 12.2.09 in Android R(11), 13.1.03.501 in Android S( 12) and 14.1.00.422 in Android T(1EPSS 0.2%