Vulnerabilidades em Samsung Mobile

1.316 resultados

Análise Vexday

Samsung Mobile acumula 1.316 CVEs catalogadas, com 13 confirmadas em exploração ativa pelo CISA KEV — uma taxa 2,2 vezes acima da média geral do catálogo, o que indica exposição operacional relevante e exige atenção prioritária na gestão de patches. O tipo de falha mais recorrente é CWE-20 (validação inadequada de entrada), sugerindo fragilidades sistemáticas no tratamento de dados externos que tendem a gerar superfícies amplas de ataque. A CVE mais perigosa em exploração ativa no momento é CVE-2025-21042, com escore EPSS de 0,1161, enquanto 34 novas vulnerabilidades surgiram nos últimos 90 dias, sinalizando um ritmo de descoberta contínuo que demanda monitoramento frequente. Com apenas 3 CVEs acompanhadas de PoC pública e EPSS máximo observado de 0,1289, o risco de exploração massiva imediata é moderado, mas a combinação de falhas ativas confirmadas e volume crescente de novas entradas justifica ciclos curtos de atualização de firmware em ambientes corporativos.

CVE-2025-58477MEDIUMOut-of-bounds write in parsing IFD tag in libimagecodec.quram.so prior to SMR Dec-2025 Release 1 allows remote attackers to access out-of-boEPSS 0.2%CVE-2026-21021MEDIUMImproper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity.EPSS 0.2%CVE-2023-21472MEDIUMImproper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitraryEPSS 0.2%CVE-2024-34622HIGHOut-of-bounds write in appending paragraph in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitraEPSS 0.2%CVE-2023-42538MEDIUMAn improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds EPSS 0.2%CVE-2023-21473MEDIUMImproper input validation with Exynos Fastboot USB Interface prior to SMR Apr-2023 Release 1 allows a physical attacker to execute arbitraryEPSS 0.2%CVE-2021-25521MEDIUMInsecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in SEPSS 0.2%CVE-2022-28791MEDIUMImproper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored EPSS 0.2%CVE-2023-21518MEDIUMImproper access control vulnerability in SearchWidget prior to version 3.3 in China models allows untrusted applications to start arbitrary EPSS 0.2%CVE-2021-25377LOWIntent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attEPSS 0.2%CVE-2022-39893LOWSensitive information exposure vulnerability in FmmBaseModel in Galaxy Buds Pro Manage prior to version 4.1.22092751 allows local attackers EPSS 0.2%CVE-2021-25499HIGHIntent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access contEPSS 0.2%CVE-2022-28793MEDIUMGiven the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT EPSS 0.2%CVE-2022-30716MEDIUMUnprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access tEPSS 0.2%CVE-2021-25465LOWAn improper scheme check vulnerability in Samsung Themes prior to version 5.2.01 allows attackers to perform Man-in-the-middle attack.EPSS 0.2%CVE-2024-20877HIGHHeap out-of-bound write vulnerability in parsing grid image header in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers tEPSS 0.2%CVE-2023-42534MEDIUMImproper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files wiEPSS 0.2%CVE-2021-25463MEDIUMImproper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview.EPSS 0.2%CVE-2025-21035MEDIUMImproper access control in Samsung Calendar prior to version 12.5.06.5 in Android 14 and 12.6.01.12 in Android 15 allows physical attackers EPSS 0.2%CVE-2024-20878HIGHHeap out-of-bound write vulnerability in parsing grid image in libsavscmn.so prior to SMR June-2024 Release 1 allows local attackers to execEPSS 0.2%

← anteriorpágina 21 / 66próxima →