Filtered by vendor Samsung
Subscriptions
Total
1344 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-3885 | 1 Samsung | 2 Harman Mgu21, Harman Mgu21 Firmware | 2025-08-15 | 6.5 Medium |
| Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Harman Becker MGU21 devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Bluetooth stack of the BCM89359 chipset. The issue results from the lack of proper validation of Bluetooth frames. An attacker can leverage this vulnerability to create a denial-of-service condition on the system. Was ZDI-CAN-23942. | ||||
| CVE-2025-21017 | 1 Samsung | 1 Blockchain Keystore | 2025-08-15 | 6.3 Medium |
| Out-of-bounds write in detaching crypto box in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. | ||||
| CVE-2025-21018 | 1 Samsung | 1 Blockchain Keystore | 2025-08-15 | 4.4 Medium |
| Out-of-bounds read in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to read out-of-bounds memory. | ||||
| CVE-2025-21019 | 1 Samsung | 1 Health | 2025-08-15 | 5.5 Medium |
| Improper authorization in Samsung Health prior to version 6.30.1.003 allows local attackers to access data in Samsung Health. User interaction is required for triggering this vulnerability. | ||||
| CVE-2025-21020 | 1 Samsung | 1 Blockchain Keystore | 2025-08-15 | 5.7 Medium |
| Out-of-bounds write in creating bitmap images in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. | ||||
| CVE-2025-21021 | 1 Samsung | 1 Blockchain Keystore | 2025-08-15 | 5.7 Medium |
| Out-of-bounds write in drawing pinpad in Blockchain Keystore prior to version 1.3.17.2 allows local privileged attackers to write out-of-bounds memory. | ||||
| CVE-2025-54445 | 2 Samsung, Samsung Electronics | 2 Magicinfo 9 Server, Magicinfo 9 Server | 2025-08-15 | 8.2 High |
| Improper Restriction of XML External Entity Reference vulnerability in Samsung Electronics MagicINFO 9 Server allows Server Side Request Forgery.This issue affects MagicINFO 9 Server: less than 21.1080.0. | ||||
| CVE-2025-21010 | 1 Samsung | 2 Android, Samsung Account App | 2025-08-12 | 6 Medium |
| Improper privilege management in SamsungAccount prior to SMR Aug-2025 Release 1 allows local privileged attackers to deactivate Samsung account. | ||||
| CVE-2025-20990 | 1 Samsung | 4 Android, Mobile, Samsung Mobile and 1 more | 2025-08-12 | 4 Medium |
| Improper access control in accessing system device node prior to SMR Aug-2025 Release 1 allows local attackers to access device identifier. | ||||
| CVE-2025-53082 | 1 Samsung | 2 Data Management Server, Data Management Server Firmware | 2025-08-11 | 6.1 Medium |
| An 'Arbitrary File Deletion' in Samsung DMS(Data Management Server) allows attackers to delete arbitrary files from unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses. | ||||
| CVE-2025-53081 | 1 Samsung | 2 Data Management Server, Data Management Server Firmware | 2025-08-11 | 6.4 Medium |
| An 'Arbitrary File Creation' in Samsung DMS(Data Management Server) allows attackers to create arbitrary files in unintended locations on the filesystem. Exploitation is restricted to specific, authorized private IP addresses. | ||||
| CVE-2025-53080 | 1 Samsung | 2 Data Management Server, Data Management Server Firmware | 2025-08-11 | 7.1 High |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Samsung DMS(Data Management Server) allows authenticated attackers to create arbitrary files in unintended locations on the filesystem | ||||
| CVE-2025-53079 | 1 Samsung | 2 Data Management Server, Data Management Server Firmware | 2025-08-11 | 4.9 Medium |
| Absolute Path Traversal in Samsung DMS(Data Management Server) allows authenticated attacker (Administrator) to read sensitive files | ||||
| CVE-2025-53078 | 1 Samsung | 2 Data Management Server, Data Management Server Firmware | 2025-08-11 | 8 High |
| Deserialization of Untrusted Data in Samsung DMS(Data Management Server) allows attackers to execute arbitrary code via write file to system | ||||
| CVE-2025-53077 | 1 Samsung | 2 Data Management Server, Data Management Server Firmware | 2025-08-11 | 6.5 Medium |
| An execution after redirect in Samsung DMS(Data Management Server) allows attackers to execute limited functions without permissions. An attacker could compromise the integrity of the platform by executing this vulnerability. | ||||
| CVE-2025-2233 | 1 Samsung | 1 Smartthings | 2025-08-08 | N/A |
| Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Samsung SmartThings. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Hub Local API service, which listens on TCP port 8766 by default. The issue results from the lack of proper verification of a cryptographic signature. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-25615. | ||||
| CVE-2025-21015 | 2 Samsung, Samsung Mobile | 2 Samsung Mobile Devices, Samsung Mobile Devices | 2025-08-07 | 4 Medium |
| Path Traversal in Document scanner prior to SMR Aug-2025 Release 1 allows local attackers to delete file with Document scanner's privilege. | ||||
| CVE-2025-21023 | 1 Samsung | 1 Galaxy Watch | 2025-08-06 | 3.3 Low |
| Improper access control in WcsExtension for Galaxy Watch prior to Android Watch 16 allows local attackers to access sensitive information. | ||||
| CVE-2025-21022 | 1 Samsung | 1 Galaxy Wearable | 2025-08-06 | 3.3 Low |
| Improper access control in Galaxy Wearable prior to version 2.2.63.25042861 allows local attackers to access sensitive information. | ||||
| CVE-2025-21016 | 2 Samsung, Samsung Mobile | 2 Samsung Mobile Devices, Samsung Mobile Devices | 2025-08-06 | 4.3 Medium |
| Improper access control in PkgPredictorService prior to SMR Aug-2025 Release 1 in Chinese Android 13, 14, 15 and 16 allows local attackers to use the privileged APIs. | ||||