Vulnerabilidades em Samsung Mobile

1.316 resultados
Análise Vexday

Samsung Mobile acumula 1.316 CVEs catalogadas, com 13 confirmadas em exploração ativa pelo CISA KEV — uma taxa 2,2 vezes acima da média geral do catálogo, o que indica exposição operacional relevante e exige atenção prioritária na gestão de patches. O tipo de falha mais recorrente é CWE-20 (validação inadequada de entrada), sugerindo fragilidades sistemáticas no tratamento de dados externos que tendem a gerar superfícies amplas de ataque. A CVE mais perigosa em exploração ativa no momento é CVE-2025-21042, com escore EPSS de 0,1161, enquanto 34 novas vulnerabilidades surgiram nos últimos 90 dias, sinalizando um ritmo de descoberta contínuo que demanda monitoramento frequente. Com apenas 3 CVEs acompanhadas de PoC pública e EPSS máximo observado de 0,1289, o risco de exploração massiva imediata é moderado, mas a combinação de falhas ativas confirmadas e volume crescente de novas entradas justifica ciclos curtos de atualização de firmware em ambientes corporativos.

CVE-2025-21045MEDIUMInsecure storage of sensitive information in Galaxy Watch prior to SMR Oct-2025 Release 1 allows local attackers to access sensitive informaEPSS 0.1%CVE-2025-21044MEDIUMOut-of-bounds write in fingerprint trustlet prior to SMR Oct-2025 Release 1 allows local privileged attackers to write out-of-bounds memory.EPSS 0.1%CVE-2022-23999LOWPendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without peEPSS 0.1%CVE-2022-23431MEDIUMAn improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.EPSS 0.1%CVE-2022-23432MEDIUMAn improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code exEPSS 0.1%CVE-2022-33690MEDIUMImproper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file.EPSS 0.1%CVE-2021-25389LOWImproper running task check in S Secure prior to SMR MAY-2021 Release 1 allows attackers to use locked app without authentication.EPSS 0.1%CVE-2025-20972MEDIUMImproper verification of intent by broadcast receiver in Samsung Flow prior to version 4.9.17.6 allows local attackers to modify Samsung FloEPSS 0.1%CVE-2025-20996MEDIUMImproper authorization in Smart Switch installed on non-Samsung Device prior to version 3.7.64.10 allows local attackers to read data with tEPSS 0.1%CVE-2025-20990MEDIUMImproper access control in accessing system device node prior to SMR Aug-2025 Release 1 allows local attackers to access device identifier.EPSS 0.1%CVE-2025-21067MEDIUMOut-of-bounds read in the allocation of image buffer in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bouEPSS 0.1%CVE-2023-21469MEDIUMImproper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location informationEPSS 0.1%CVE-2022-22268MEDIUMIncorrect implementation of Knox Guard prior to SMR Jan-2022 Release 1 allows physically proximate attackers to temporary unlock the Knox GuEPSS 0.1%CVE-2021-25459MEDIUMAn improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockEPSS 0.1%CVE-2025-21036MEDIUMImproper access control in Samsung Notes prior to version 4.4.30.63 allows local privileged attackers to access exported note files. User inEPSS 0.1%CVE-2025-21066MEDIUMOut-of-bounds read in the SPI decoder in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds memory.EPSS 0.1%CVE-2025-21069MEDIUMOut-of-bounds read in the parsing of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds mEPSS 0.1%CVE-2025-21068MEDIUMOut-of-bounds read in the reading of image data in Samsung Notes prior to version 4.4.30.63 allows local attackers to access out-of-bounds mEPSS 0.1%CVE-2023-21470MEDIUMImproper access control vulnerability in SLocation prior to SMR Apr-2022 Release 1 allows local attackers to get device location informationEPSS 0.1%CVE-2021-25511MEDIUMAn improper validation vulnerability in FilterProvider prior to SMR Dec-2021 Release 1 allows attackers to write arbitrary files via a path EPSS 0.1%