Vulnerabilidades em Samsung Mobile

1.316 resultados
Análise Vexday

Samsung Mobile acumula 1.316 CVEs catalogadas, com 13 confirmadas em exploração ativa pelo CISA KEV — uma taxa 2,2 vezes acima da média geral do catálogo, o que indica exposição operacional relevante e exige atenção prioritária na gestão de patches. O tipo de falha mais recorrente é CWE-20 (validação inadequada de entrada), sugerindo fragilidades sistemáticas no tratamento de dados externos que tendem a gerar superfícies amplas de ataque. A CVE mais perigosa em exploração ativa no momento é CVE-2025-21042, com escore EPSS de 0,1161, enquanto 34 novas vulnerabilidades surgiram nos últimos 90 dias, sinalizando um ritmo de descoberta contínuo que demanda monitoramento frequente. Com apenas 3 CVEs acompanhadas de PoC pública e EPSS máximo observado de 0,1289, o risco de exploração massiva imediata é moderado, mas a combinação de falhas ativas confirmadas e volume crescente de novas entradas justifica ciclos curtos de atualização de firmware em ambientes corporativos.

CVE-2025-21021MEDIUMOut-of-bounds write in drawing pinpad in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bouEPSS 0.1%CVE-2025-21020MEDIUMOut-of-bounds write in creating bitmap images in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write ouEPSS 0.1%CVE-2026-20994MEDIUMURL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token.EPSS 0.1%CVE-2025-21014MEDIUMImproper export of android application component in Emergency SoS prior to SMR Aug-2025 Release 1 allows local attackers to access sensitiveEPSS 0.1%CVE-2021-25345MEDIUMGraphic format mismatch while converting video format in hwcomposer prior to SMR Mar-2021 Release 1 results in kernel panic due to unsupportEPSS 0.1%CVE-2026-20991MEDIUMImproper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents.EPSS 0.1%CVE-2023-21471MEDIUMImproper access control vulnerability in SemClipboard prior to SMR Apr-2023 Release 1 allows attackers to read arbitrary files with system pEPSS 0.1%CVE-2025-21008MEDIUMOut-of-bounds read in decoding frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.EPSS 0.1%CVE-2021-25470HIGHAn improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE.EPSS 0.1%CVE-2021-25344MEDIUMMissing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number wiEPSS 0.1%CVE-2025-21007MEDIUMOut-of-bounds write in accessing uninitialized memory in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.EPSS 0.1%CVE-2025-21009MEDIUMOut-of-bounds read in decoding malformed frame header in libsavsvc.so prior to Android 15 allows local attackers to cause memory corruption.EPSS 0.1%CVE-2026-21001MEDIUMPath traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.EPSS 0.1%CVE-2025-21050HIGHImproper input validiation in Contacts prior to SMR Oct-2025 Release 1 allows local attackers to access data across multiple user profiles.EPSS 0.1%CVE-2025-21005MEDIUMImproper access control in isemtelephony prior to Android 15 allows local attackers to access sensitive information.EPSS 0.1%CVE-2025-21011MEDIUMImproper access control in SemSensorService for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive infoEPSS 0.1%CVE-2022-24931HIGHImproper access control vulnerability in dynamic receiver in ApkInstaller prior to SMR MAR-2022 Release allows unauthorized attackers to exeEPSS 0.1%CVE-2022-28784MEDIUMPath traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as EPSS 0.1%CVE-2026-20972MEDIUMImproper Export of Android Application Components in UwbTest prior to SMR Jan-2026 Release 1 allows local attackers to enable UWB.EPSS 0.1%CVE-2021-25517HIGHAn improper input validation vulnerability in LDFW prior to SMR Dec-2021 Release 1 allows attackers to perform arbitrary code execution.EPSS 0.1%