Vulnerabilities in Samsung Mobile

1,316 results
Vexday analysis

Samsung Mobile acumula 1.316 CVEs catalogadas, com 13 confirmadas em exploração ativa pelo CISA KEV — uma taxa 2,2 vezes acima da média geral do catálogo, o que indica exposição operacional relevante e exige atenção prioritária na gestão de patches. O tipo de falha mais recorrente é CWE-20 (validação inadequada de entrada), sugerindo fragilidades sistemáticas no tratamento de dados externos que tendem a gerar superfícies amplas de ataque. A CVE mais perigosa em exploração ativa no momento é CVE-2025-21042, com escore EPSS de 0,1161, enquanto 34 novas vulnerabilidades surgiram nos últimos 90 dias, sinalizando um ritmo de descoberta contínuo que demanda monitoramento frequente. Com apenas 3 CVEs acompanhadas de PoC pública e EPSS máximo observado de 0,1289, o risco de exploração massiva imediata é moderado, mas a combinação de falhas ativas confirmadas e volume crescente de novas entradas justifica ciclos curtos de atualização de firmware em ambientes corporativos.

CVE-2022-39861MEDIUMUnprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privileEPSS 0.1%CVE-2023-21422MEDIUMImproper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNSEPSS 0.1%CVE-2025-20999MEDIUMImproper authorization in accessing saved Wi-Fi password for Galaxy Tablet prior to SMR Jul-2025 Release 1 allows secondary users to access EPSS 0.1%CVE-2023-21447MEDIUMImproper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with SamsungEPSS 0.1%CVE-2021-25415Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memorEPSS 0.1%CVE-2023-30715MEDIUMImproper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in WeatEPSS 0.1%CVE-2024-20869MEDIUMImproper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for cEPSS 0.1%CVE-2022-39844MEDIUMImproper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083 allows local attackers to delete arbitrarEPSS 0.1%CVE-2023-30717MEDIUMSensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers.EPSS 0.1%CVE-2025-20937MEDIUMOut-of-bounds write in Keymaster trustlet prior to SMR May-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.EPSS 0.1%CVE-2026-21011MEDIUMIncorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend UEPSS 0.1%CVE-2024-34615MEDIUMOut-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to cause memory corruption.EPSS 0.1%CVE-2024-34644MEDIUMImproper access control in item selection related in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected daEPSS 0.1%CVE-2023-21463MEDIUMImproper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.0EPSS 0.1%CVE-2024-20872MEDIUMImproper handling of insufficient privileges vulnerability in TalkbackSE prior to version Android 14 allows local attackers to modify settinEPSS 0.1%CVE-2022-39909HIGHInsufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager prior to version 2.1.221019.51 allows local atEPSS 0.1%CVE-2025-20890HIGHOut-of-bounds write in decoding frame buffer in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to execute arbitrary codEPSS 0.1%CVE-2025-20888HIGHOut-of-bounds write in handling the block size for smp4vtd in libsthmbc.so prior to SMR Jan-2025 Release 1 allows local attackers to executeEPSS 0.1%CVE-2023-21484MEDIUMImproper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to executeEPSS 0.1%CVE-2025-20944MEDIUMOut-of-bounds read in parsing audio data in libsavsac.so prior to SMR Apr-2025 Release 1 allows local attackers to read out-of-bounds memoryEPSS 0.1%