Filtered by vendor Samsung
Subscribe
Total
1089 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25376 | 1 Samsung | 1 Email | 2024-11-21 | 5.0 MEDIUM | 3.1 LOW |
| An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed. | |||||
| CVE-2021-25375 | 1 Samsung | 1 Email | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment. | |||||
| CVE-2021-25374 | 2 Google, Samsung | 2 Android, Members | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account. | |||||
| CVE-2021-25373 | 2 Google, Samsung | 2 Android, Customization Service | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
| Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | |||||
| CVE-2021-25372 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2024-11-21 | 7.2 HIGH | 6.1 MEDIUM |
| An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access. | |||||
| CVE-2021-25371 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2024-11-21 | 7.2 HIGH | 6.1 MEDIUM |
| A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP. | |||||
| CVE-2021-25368 | 1 Samsung | 1 Cloud | 2024-11-21 | 5.0 MEDIUM | 3.3 LOW |
| Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed. | |||||
| CVE-2021-25367 | 1 Samsung | 1 Notes | 2024-11-21 | 5.5 MEDIUM | 3.7 LOW |
| Path Traversal vulnerability in Samsung Notes prior to version 4.2.00.22 allows attackers to access local files without permission. | |||||
| CVE-2021-25366 | 1 Samsung | 1 Internet | 2024-11-21 | 3.6 LOW | 3.2 LOW |
| Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate attackers to bypass the secret mode's authentication. | |||||
| CVE-2021-25355 | 1 Samsung | 1 Notes | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
| Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 allows local attackers unauthorized action without permission via hijacking the PendingIntent. | |||||
| CVE-2021-25354 | 1 Samsung | 1 Internet | 2024-11-21 | 6.8 MEDIUM | 3.3 LOW |
| Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink. | |||||
| CVE-2021-25353 | 1 Samsung | 1 Galaxy Themes | 2024-11-21 | 3.6 LOW | 5.5 MEDIUM |
| Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.1215 allows local attackers to read/write private file directories of Galaxy Themes application without permission via hijacking the PendingIntent. | |||||
| CVE-2021-25352 | 1 Samsung | 1 Bixby Voice | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
| Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent. | |||||
| CVE-2021-25351 | 2 Google, Samsung | 2 Android, Account | 2024-11-21 | 2.1 LOW | 3.2 LOW |
| Improper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackers to log out user account on device without user password. | |||||
| CVE-2021-25350 | 2 Google, Samsung | 2 Android, Account | 2024-11-21 | 2.1 LOW | 2.0 LOW |
| Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log. | |||||
| CVE-2021-25349 | 2 Google, Samsung | 2 Android, Slow Motion Editor | 2024-11-21 | 4.6 MEDIUM | 5.5 MEDIUM |
| Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via hijacking the PendingIntent. | |||||
| CVE-2021-25348 | 1 Samsung | 1 Internet | 2024-11-21 | 2.1 LOW | 2.1 LOW |
| Improper permission grant check in Samsung Internet prior to version 13.0.1.60 allows access to files in internal storage without authorized STORAGE permission. | |||||
| CVE-2021-25345 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 4.9 MEDIUM | 4.0 MEDIUM |
| Graphic format mismatch while converting video format in hwcomposer prior to SMR Mar-2021 Release 1 results in kernel panic due to unsupported format. | |||||
| CVE-2021-25343 | 2 Google, Samsung | 2 Android, Members | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider. | |||||
| CVE-2021-25342 | 2 Google, Samsung | 2 Android, Members | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider. | |||||