Vulnerabilidades em Samsung Mobile
1.316 resultadosCVE-2021-25375MEDIUMUsing predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emaEPSS 1.2%CVE-2023-42581HIGHImproper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to acEPSS 1.2%CVE-2021-25369MEDIUMAn improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.EPSS 1.1%KEVCVE-2023-42580HIGHImproper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to instEPSS 1.0%CVE-2021-25378MEDIUMImproper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service.EPSS 1.0%CVE-2024-49415HIGHOut-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.EPSS 1.0%CVE-2021-25442—Improper MDM policy management vulnerability in KME module prior to KCS version 1.39 allows MDM users to bypass Knox Manage authentication.EPSS 0.9%CVE-2022-22288HIGHImproper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist.EPSS 0.9%CVE-2021-25370MEDIUMAn incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kEPSS 0.9%KEVCVE-2022-28544MEDIUMPath traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to accessEPSS 0.9%CVE-2021-25372MEDIUMAn improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.EPSS 0.9%KEVCVE-2021-25371MEDIUMA vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP.EPSS 0.8%KEVCVE-2022-39881MEDIUMImproper input validation vulnerability for processing SIB12 PDU in Exynos modems prior to SMR Sep-2022 Release allows remote attacker to reEPSS 0.8%CVE-2021-25446—Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loaEPSS 0.8%CVE-2021-25448—Improper access control vulnerability in Smart Touch Call prior to version 1.0.0.5 allows arbitrary webpage loading in webview.EPSS 0.8%CVE-2022-30746HIGHMissing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript intEPSS 0.8%CVE-2021-25508MEDIUMImproper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key withouEPSS 0.8%CVE-2021-25447—Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion EPSS 0.8%CVE-2021-25425—Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component.EPSS 0.8%CVE-2022-22290MEDIUMIncorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HEPSS 0.8%