Vulnerabilities in Samsung Mobile

1,316 results
Vexday analysis

Samsung Mobile acumula 1.316 CVEs catalogadas, com 13 confirmadas em exploração ativa pelo CISA KEV — uma taxa 2,2 vezes acima da média geral do catálogo, o que indica exposição operacional relevante e exige atenção prioritária na gestão de patches. O tipo de falha mais recorrente é CWE-20 (validação inadequada de entrada), sugerindo fragilidades sistemáticas no tratamento de dados externos que tendem a gerar superfícies amplas de ataque. A CVE mais perigosa em exploração ativa no momento é CVE-2025-21042, com escore EPSS de 0,1161, enquanto 34 novas vulnerabilidades surgiram nos últimos 90 dias, sinalizando um ritmo de descoberta contínuo que demanda monitoramento frequente. Com apenas 3 CVEs acompanhadas de PoC pública e EPSS máximo observado de 0,1289, o risco de exploração massiva imediata é moderado, mas a combinação de falhas ativas confirmadas e volume crescente de novas entradas justifica ciclos curtos de atualização de firmware em ambientes corporativos.

CVE-2022-33722MEDIUMImplicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC addressEPSS 0.1%CVE-2022-33714MEDIUMImproper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting valueEPSS 0.1%CVE-2022-33702MEDIUMImproper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass KnoxgEPSS 0.1%CVE-2022-33726LOWUnprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity.EPSS 0.1%CVE-2025-21080MEDIUMImproper export of android application components in Dynamic Lockscreen prior to SMR Dec-2025 Release 1 allows local attackers to access filEPSS 0.1%CVE-2022-39898MEDIUMImproper access control vulnerability in IIccPhoneBook prior to SMR Dec-2022 Release 1 allows attackers to access some information of usim.EPSS 0.1%CVE-2022-39907MEDIUMInteger overflow vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perEPSS 0.1%CVE-2022-39855MEDIUMImproper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP anEPSS 0.1%CVE-2022-36861MEDIUMCustom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystEPSS 0.1%CVE-2022-33731MEDIUMImproper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary coEPSS 0.1%CVE-2022-36856MEDIUMImproper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows attacker to start emergency calls via unEPSS 0.1%CVE-2022-39896MEDIUMImproper access control vulnerabilities in Contacts prior to SMR Dec-2022 Release 1 allows to access sensitive information via implicit inteEPSS 0.1%CVE-2022-39883MEDIUMImproper authorization vulnerability in StorageManagerService prior to SMR Nov-2022 Release 1 allows local attacker to call privileged API.EPSS 0.1%CVE-2022-30727MEDIUMImproper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 REPSS 0.1%CVE-2026-21014MEDIUMImproper access control in Samsung Camera prior to version 16.5.00.28 allows local attacker to access location data. User interaction is reqEPSS 0.1%CVE-2025-58483MEDIUMImproper export of android application components in Galaxy Store for Galaxy Watch prior to version 1.0.06.29 allows local attacker to instaEPSS 0.1%CVE-2022-28794LOWSensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card informatiEPSS 0.1%CVE-2022-33718MEDIUMAn improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the liEPSS 0.1%CVE-2022-33701LOWImproper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSlEPSS 0.1%CVE-2022-39884MEDIUMImproper access control vulnerability in IImsService prior to SMR Nov-2022 Release 1 allows local attacker to access to Call information.EPSS 0.1%