Vulnerabilidades em Samsung Mobile

1.316 resultados
Análise Vexday

Samsung Mobile acumula 1.316 CVEs catalogadas, com 13 confirmadas em exploração ativa pelo CISA KEV — uma taxa 2,2 vezes acima da média geral do catálogo, o que indica exposição operacional relevante e exige atenção prioritária na gestão de patches. O tipo de falha mais recorrente é CWE-20 (validação inadequada de entrada), sugerindo fragilidades sistemáticas no tratamento de dados externos que tendem a gerar superfícies amplas de ataque. A CVE mais perigosa em exploração ativa no momento é CVE-2025-21042, com escore EPSS de 0,1161, enquanto 34 novas vulnerabilidades surgiram nos últimos 90 dias, sinalizando um ritmo de descoberta contínuo que demanda monitoramento frequente. Com apenas 3 CVEs acompanhadas de PoC pública e EPSS máximo observado de 0,1289, o risco de exploração massiva imediata é moderado, mas a combinação de falhas ativas confirmadas e volume crescente de novas entradas justifica ciclos curtos de atualização de firmware em ambientes corporativos.

CVE-2022-23426MEDIUMA vulnerability using PendingIntent in DeX Home and DeX for PC prior to SMR Feb-2022 Release 1 allows attackers to access files with system EPSS 0.1%CVE-2022-26090MEDIUMImproper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact informatioEPSS 0.1%CVE-2022-33704HIGHImproper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activitiEPSS 0.1%CVE-2022-30714LOWInformation exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.EPSS 0.1%CVE-2022-22266MEDIUM(Applicable to China models only) Unprotected WifiEvaluationService in TencentWifiSecurity application prior to SMR Jan-2022 Release 1 allowEPSS 0.1%CVE-2025-20995MEDIUMImproper handling of insufficient permission in ClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0.0.5EPSS 0.1%CVE-2021-25428Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous leEPSS 0.1%CVE-2022-22272MEDIUMImproper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE EPSS 0.1%CVE-2022-22267MEDIUMImplicit Intent hijacking vulnerability in ActivityMetricsLogger prior to SMR Jan-2022 Release 1 allows attackers to get running applicationEPSS 0.1%CVE-2022-25817MEDIUMImproper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent.EPSS 0.1%CVE-2022-26091MEDIUMImproper access control vulnerability in Knox Manage prior to SMR Apr-2022 Release 1 allows that physical attackers can bypass Knox Manage uEPSS 0.1%CVE-2025-20994MEDIUMImproper handling of insufficient permission in SyncClientProvider in Samsung Internet installed on non-Samsung Device prior to version 28.0EPSS 0.1%CVE-2024-34664MEDIUMImproper check for exception conditions in Knox Guard prior to SMR Oct-2024 Release 1 allows physical attackers to bypass Knox Guard in a muEPSS 0.1%CVE-2024-49406MEDIUMImproper validation of integrity check value in Blockchain Keystore prior to version 1.3.16 allows local attackers to modify transaction. RoEPSS 0.1%CVE-2021-25392MEDIUMImproper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive infoEPSS 0.1%CVE-2025-21057MEDIUMUse of implicit intent for sensitive communication in Samsung Notes prior to version 4.4.30.63 allows local attackers to access shared notesEPSS 0.1%CVE-2022-33721MEDIUMA vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege.EPSS 0.1%CVE-2025-21071MEDIUMOut-of-bounds write in handling opcode in fingerprint trustlet prior to SMR Nov-2025 Release 1 allows local privileged attackers to write ouEPSS 0.1%CVE-2022-30728LOWInformation exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.EPSS 0.1%CVE-2022-22269MEDIUMKeeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a localEPSS 0.1%