Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Samsung Subscribe
Total 656 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-25341 1 Samsung 1 S Assistant 2021-03-05 2.1 LOW 3.3 LOW
Calling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actions including denial of service attack by hijacking the provider.
CVE-2021-25348 1 Samsung 1 Internet 2021-03-05 2.1 LOW 2.4 LOW
Improper permission grant check in Samsung Internet prior to version 13.0.1.60 allows access to files in internal storage without authorized STORAGE permission.
CVE-2021-22495 2 Google, Samsung 2 Android, Exynos 2021-01-08 7.1 HIGH 5.5 MEDIUM
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) (Exynos chipsets) software. The Mali GPU driver allows out-of-bounds access and a device reset. The Samsung ID is SVE-2020-19174 (January 2021).
CVE-2021-22494 2 Google, Samsung 2 Android, Galaxy Note 20 2021-01-08 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered in the fingerprint scanner on Samsung Note20 mobile devices with Q(10.0) software. When a screen protector is used, the required image compensation is not present. Consequently, inversion can occur during fingerprint enrollment, and a high False Recognition Rate (FRR) can occur. The Samsung ID is SVE-2020-19216 (January 2021).
CVE-2020-35693 2 Google, Samsung 8 Android, Galaxy A3, Galaxy Note 4 and 5 more 2020-12-31 5.4 MEDIUM 8.8 HIGH
On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device's Bluetooth is on, and it is running an app that offers a connectable BLE advertisement. An example of such an app could be a Bluetooth-based contact tracing app, such as Australia's COVIDSafe app, Singapore's TraceTogether app, or France's TousAntiCovid (formerly StopCovid). As part of the pairing process, two pieces (among others) of personally identifiable information are exchanged: the Identity Address of the Bluetooth adapter of the target device, and its associated Identity Resolving Key (IRK). Either one of these identifiers can be used to perform re-identification of the target device for long term tracking. The list of affected devices includes (but is not limited to): Galaxy Note 5, Galaxy S6 Edge, Galaxy A3, Tab A (2017), J2 Pro (2018), Galaxy Note 4, and Galaxy S5.
CVE-2020-28341 2 Google, Samsung 2 Android, Exynos 990 2020-11-10 4.6 MEDIUM 7.8 HIGH
An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos990 chipsets) software. The S3K250AF Secure Element CC EAL 5+ chip allows attackers to execute arbitrary code and obtain sensitive information via a buffer overflow. The Samsung ID is SVE-2020-18632 (November 2020).
CVE-2020-28343 2 Google, Samsung 4 Android, Exynos 980, Exynos 9820 and 1 more 2020-11-10 4.6 MEDIUM 7.8 HIGH
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 980, 9820, and 9830 chipsets) software. The NPU driver allows attackers to execute arbitrary code because of unintended write and read operations on memory. The Samsung ID is SVE-2020-18610 (November 2020).
CVE-2019-19273 2 Google, Samsung 5 Android, Exynos 8895, Galaxy Note8 and 2 more 2020-11-10 7.2 HIGH 7.8 HIGH
On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265.
CVE-2019-6744 1 Samsung 2 Galaxy S9, Knox 2020-10-19 2.1 LOW 4.3 MEDIUM
This vulnerability allows local attackers to disclose sensitive information on affected installations of Samsung Knox 1.2.02.39 on Samsung Galaxy S9 build G9600ZHS3ARL1 Secure Folder. An attacker must first obtain physical access to the device in order to exploit this vulnerability. The specific flaws exists within the the handling of the lock screen for Secure Folder. The issue results from the lack of proper validation that a user has correctly authenticated. An attacker can leverage this vulnerability to disclose the contents of the secure container. Was ZDI-CAN-7381.
CVE-2020-7811 2 Microsoft, Samsung 2 Windows, Update 2020-10-19 4.6 MEDIUM 7.8 HIGH
Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication
CVE-2019-6740 1 Samsung 2 Galaxy S9, Galaxy S9 Firmware 2020-10-06 6.8 MEDIUM 8.8 HIGH
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ASN.1 parser. When parsing ASN.1 strings, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7472.
CVE-2020-25053 2 Google, Samsung 2 Android, Exynos 9830 2020-09-02 7.5 HIGH 9.8 CRITICAL
An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. RKP allows arbitrary code execution. The Samsung ID is SVE-2020-17435 (August 2020).
CVE-2020-25056 2 Google, Samsung 2 Android, Galaxy S20 2020-09-02 5.0 MEDIUM 7.5 HIGH
An issue was discovered on Samsung mobile devices with Q(10.0) (Galaxy S20) software. Because HAL improperly checks versions, bootloading by the S.LSI NFC chipset is mishandled. The Samsung ID is SVE-2020-16169 (August 2020).
CVE-2019-15441 1 Samsung 2 On 7, On 7 Firmware 2020-08-24 4.6 MEDIUM 7.8 HIGH
The Samsung on7xeltelgt Android device with a build fingerprint of samsung/on7xeltelgt/on7xeltelgt:8.1.0/M1AJQ/G610LKLU2CSB1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVE-2019-20610 2 Google, Samsung 8 Android, Exynos 7570, Exynos 7870 and 5 more 2020-08-24 9.3 HIGH 8.1 HIGH
An issue was discovered on Samsung mobile devices with N(7.X) and O(8.X) (Exynos 7570, 7870, 7880, 7885, 8890, 8895, and 9810 chipsets) software. A double-fetch vulnerability in Trustlet allows arbitrary TEE code execution. The Samsung ID is SVE-2019-13910 (April 2019).
CVE-2019-20601 2 Google, Samsung 6 Android, Exynos 7570, Exynos 7580 and 3 more 2020-08-24 5.0 MEDIUM 7.5 HIGH
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos7570, 7580, 7870, 7880, and 8890 chipsets) software. RKP memory corruption causes an arbitrary write to protected memory. The Samsung ID is SVE-2019-13921-2 (May 2019).
CVE-2019-20596 2 Google, Samsung 2 Android, Exynos 2020-08-24 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is information disclosure in the GateKeeper Trustlet. The Samsung ID is SVE-2019-13958 (June 2019).
CVE-2019-20566 1 Samsung 1 Exynos Smp1300 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered on Samsung mobile devices with any (before September 2019 for SMP1300 Exynos modem chipsets) software. Attackers can trigger stack corruption in the Shannon modem via a crafted RP-Originator/Destination address. The Samsung ID is SVE-2019-14858 (September 2019).
CVE-2019-20556 3 Google, Qualcomm, Samsung 7 Android, Sm6150, Sm8150 and 4 more 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, and exynos9820 chipsets) software. RKP memory corruption allows attackers to control the effective address in EL2. The Samsung ID is SVE-2019-15221 (October 2019).
CVE-2019-20553 3 Google, Qualcomm, Samsung 7 Android, Sm6150, Sm8150 and 4 more 2020-08-24 7.5 HIGH 9.8 CRITICAL
An issue was discovered on Samsung mobile devices with P(9.0) (SM6150, SM8150, SM8150_FUSION, exynos7885, exynos9610, and exynos9820 chipsets) software. Arbitrary memory read and write operations can occur in RKP. The Samsung ID is SVE-2019-15143 (October 2019).