Vulnerabilidades em Samsung Mobile

1.316 resultados
Análise Vexday

Samsung Mobile acumula 1.316 CVEs catalogadas, com 13 confirmadas em exploração ativa pelo CISA KEV — uma taxa 2,2 vezes acima da média geral do catálogo, o que indica exposição operacional relevante e exige atenção prioritária na gestão de patches. O tipo de falha mais recorrente é CWE-20 (validação inadequada de entrada), sugerindo fragilidades sistemáticas no tratamento de dados externos que tendem a gerar superfícies amplas de ataque. A CVE mais perigosa em exploração ativa no momento é CVE-2025-21042, com escore EPSS de 0,1161, enquanto 34 novas vulnerabilidades surgiram nos últimos 90 dias, sinalizando um ritmo de descoberta contínuo que demanda monitoramento frequente. Com apenas 3 CVEs acompanhadas de PoC pública e EPSS máximo observado de 0,1289, o risco de exploração massiva imediata é moderado, mas a combinação de falhas ativas confirmadas e volume crescente de novas entradas justifica ciclos curtos de atualização de firmware em ambientes corporativos.

CVE-2022-39913MEDIUMExposure of Sensitive Information to an Unauthorized Actor in Persona Manager prior to Android T(13) allows local attacker to access user prEPSS 0.1%CVE-2022-33703HIGHImproper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities.EPSS 0.1%CVE-2025-21004MEDIUMImproper verification of intent by broadcast receiver in System UI for Galaxy Watch prior to SMR Jul-2025 Release 1 allows local attackers tEPSS 0.1%CVE-2024-34663MEDIUMInteger overflow in libSEF.quram.so prior to SMR Oct-2024 Release 1 allows local attackers to write out-of-bounds memory.EPSS 0.1%CVE-2022-39847MEDIUMUse after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to peEPSS 0.1%CVE-2022-36848MEDIUMImproper Authorization vulnerability in setDualDARPolicyCmd prior to SMR Sep-2022 Release 1 allows local attackers to cause local permanent EPSS 0.1%CVE-2022-39854MEDIUMImproper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory.EPSS 0.1%CVE-2025-20980MEDIUMOut-of-bounds write in libsavscmn prior to Android 15 allows local attackers to cause memory corruption.EPSS 0.1%CVE-2022-39851MEDIUMImproper access control vulnerability in CocktailBarService prior to SMR Oct-2022 Release 1 allows local attacker to bind service that requiEPSS 0.1%CVE-2025-21024LOWUse of Implicit Intent for Sensitive Communication in Smart View prior to Android 16 allows local attackers to access sensitive information.EPSS 0.1%CVE-2023-21466MEDIUMPendingIntent hijacking vulnerability in CertificatePolicy in framework prior to SMR Apr-2023 Release 1 allows local attackers to access conEPSS 0.1%CVE-2022-39908MEDIUMTOCTOU vulnerability in Samsung decoding library for video thumbnails prior to SMR Dec-2022 Release 1 allows local attacker to perform Out-OEPSS 0.1%CVE-2022-33691MEDIUMA possible race condition vulnerability in score driver prior to SMR Jul-2022 Release 1 can allow local attackers to interleave malicious opEPSS 0.1%CVE-2026-21002MEDIUMImproper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary applicEPSS 0.1%CVE-2021-25502HIGHA vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESEPSS 0.1%CVE-2022-33724LOWExposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via lEPSS 0.1%