Vulnerabilities in Samsung Mobile

1,316 results
Vexday analysis

Samsung Mobile acumula 1.316 CVEs catalogadas, com 13 confirmadas em exploração ativa pelo CISA KEV — uma taxa 2,2 vezes acima da média geral do catálogo, o que indica exposição operacional relevante e exige atenção prioritária na gestão de patches. O tipo de falha mais recorrente é CWE-20 (validação inadequada de entrada), sugerindo fragilidades sistemáticas no tratamento de dados externos que tendem a gerar superfícies amplas de ataque. A CVE mais perigosa em exploração ativa no momento é CVE-2025-21042, com escore EPSS de 0,1161, enquanto 34 novas vulnerabilidades surgiram nos últimos 90 dias, sinalizando um ritmo de descoberta contínuo que demanda monitoramento frequente. Com apenas 3 CVEs acompanhadas de PoC pública e EPSS máximo observado de 0,1289, o risco de exploração massiva imediata é moderado, mas a combinação de falhas ativas confirmadas e volume crescente de novas entradas justifica ciclos curtos de atualização de firmware em ambientes corporativos.

CVE-2024-20854MEDIUMImproper handling of insufficient privileges vulnerability in Samsung Camera prior to versions 12.1.0.31 in Android 12, 13.1.02.07 in AndroiEPSS 0.1%CVE-2021-25393MEDIUMImproper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access EPSS 0.1%CVE-2025-20936HIGHImproper access control in HDCP trustlet prior to SMR Apr-2025 Release 1 allows local attackers with shell privilege to escalate their priviEPSS 0.1%CVE-2022-39888MEDIUMImproper access control vulnerability in retrieveExternalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to accessEPSS 0.1%CVE-2024-34585HIGHImproper access control in launchApp of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.EPSS 0.1%CVE-2023-30698MEDIUMImproper access control vulnerability in TelephonyUI prior to SMR Aug-2023 Release 1 allows local attacker to connect BLE without privilege.EPSS 0.1%CVE-2023-30713MEDIUMImproper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to cEPSS 0.1%CVE-2024-34655MEDIUMIncorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APEPSS 0.1%CVE-2023-30682MEDIUMImproper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call silenceRinger API without permission.EPSS 0.1%CVE-2023-30642MEDIUMImproper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to call privilegEPSS 0.1%CVE-2025-58486MEDIUMImproper input validation in Samsung Account prior to version 15.5.01.1 allows local attacker to execute arbitrary script.EPSS 0.1%CVE-2023-30700MEDIUMPendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1 allows local attackers to access EPSS 0.1%CVE-2024-34654MEDIUMImproper Export of android application component in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access files with My EPSS 0.1%CVE-2023-30640MEDIUMImproper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugratioEPSS 0.1%CVE-2025-20899MEDIUMImproper access control in PushNotification prior to version 13.0.00.15 in Android 12, 14.0.00.7 in Android 13, and 15.1.00.5 in Android 14 EPSS 0.1%CVE-2023-30684MEDIUMImproper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call acceptRingingCall API without permEPSS 0.1%CVE-2025-20900MEDIUMOut-of-bounds write in Blockchain Keystore prior to version 1.3.16.5 allows local privileged attackers to write out-of-bounds memory.EPSS 0.1%CVE-2024-34641MEDIUMImproper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuEPSS 0.1%CVE-2022-33711Improper validation of integrity check vulnerability in Samsung USB Driver Windows Installer for Mobile Phones prior to version 1.7.56.0 allEPSS 0.1%CVE-2022-28781HIGHImproper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. TEPSS 0.1%