Vulnerabilidades em Samsung Mobile

1.316 resultados
Análise Vexday

Samsung Mobile acumula 1.316 CVEs catalogadas, com 13 confirmadas em exploração ativa pelo CISA KEV — uma taxa 2,2 vezes acima da média geral do catálogo, o que indica exposição operacional relevante e exige atenção prioritária na gestão de patches. O tipo de falha mais recorrente é CWE-20 (validação inadequada de entrada), sugerindo fragilidades sistemáticas no tratamento de dados externos que tendem a gerar superfícies amplas de ataque. A CVE mais perigosa em exploração ativa no momento é CVE-2025-21042, com escore EPSS de 0,1161, enquanto 34 novas vulnerabilidades surgiram nos últimos 90 dias, sinalizando um ritmo de descoberta contínuo que demanda monitoramento frequente. Com apenas 3 CVEs acompanhadas de PoC pública e EPSS máximo observado de 0,1289, o risco de exploração massiva imediata é moderado, mas a combinação de falhas ativas confirmadas e volume crescente de novas entradas justifica ciclos curtos de atualização de firmware em ambientes corporativos.

CVE-2024-34624MEDIUMOut-of-bounds read in applying paragraphs in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.EPSS 0.2%CVE-2024-20853MEDIUMImproper verification of intent by broadcast receiver vulnerability in ThemeStore prior to 5.3.05.2 allows local attackers to write arbitrarEPSS 0.2%CVE-2024-34631MEDIUMOut-of-bounds read in applying new binary in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.EPSS 0.2%CVE-2024-20858MEDIUMImproper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackeEPSS 0.2%CVE-2024-34658MEDIUMOut-of-bounds read in Samsung Notes allows local attackers to bypass ASLR.EPSS 0.2%CVE-2024-34629MEDIUMOut-of-bounds read in applying binary with text common object in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentiaEPSS 0.2%CVE-2024-34628MEDIUMOut-of-bounds read in applying binary with path in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memorEPSS 0.2%CVE-2024-34625MEDIUMOut-of-bounds read in applying connection point in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memorEPSS 0.2%CVE-2023-30643HIGHMissing authentication vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to delete arbitrary nonEPSS 0.2%CVE-2023-21437MEDIUMImproper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive informEPSS 0.2%CVE-2022-39875MEDIUMImproper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.EPSS 0.2%CVE-2023-21495MEDIUMImproper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device EPSS 0.2%CVE-2023-21493MEDIUMImproper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected datEPSS 0.2%CVE-2023-21424MEDIUMImproper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacEPSS 0.2%CVE-2024-34594MEDIUMExposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local attackers to read kernel memory address.EPSS 0.2%CVE-2023-21442MEDIUMImproper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) EPSS 0.2%CVE-2023-21425MEDIUMImproper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive informaEPSS 0.2%CVE-2023-21436LOWImproper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID.EPSS 0.1%CVE-2023-21452LOWImproper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device.EPSS 0.1%CVE-2023-21423MEDIUMImproper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without pEPSS 0.1%