Vulnerabilities > Samsung

DATE CVE VULNERABILITY TITLE RISK
2021-04-09 CVE-2021-25375 Use of Insufficiently Random Values vulnerability in Samsung Email
Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment.
network
low complexity
samsung CWE-330
6.5
2021-04-09 CVE-2021-25374 Unspecified vulnerability in Samsung Members 2.4.81.13/3.9.10.11/4.2.005
An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account.
network
low complexity
samsung
7.5
2021-04-09 CVE-2021-25373 Unspecified vulnerability in Samsung Customization Service
Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
local
low complexity
samsung
7.8
2021-03-25 CVE-2021-25368 Improper Authentication vulnerability in Samsung Cloud
Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed.
network
low complexity
samsung CWE-287
7.5
2021-03-25 CVE-2021-25367 Path Traversal vulnerability in Samsung Notes 2.0.02.31
Path Traversal vulnerability in Samsung Notes prior to version 4.2.00.22 allows attackers to access local files without permission.
network
low complexity
samsung CWE-22
5.4
2021-03-25 CVE-2021-25366 Unspecified vulnerability in Samsung Internet 13.2.1.46
Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate attackers to bypass the secret mode's authentication.
low complexity
samsung
2.9
2021-03-25 CVE-2021-25355 Incorrect Default Permissions vulnerability in Samsung Notes 2.0.02.31
Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 allows local attackers unauthorized action without permission via hijacking the PendingIntent.
local
low complexity
samsung CWE-276
7.8
2021-03-25 CVE-2021-25354 Unspecified vulnerability in Samsung Internet
Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink.
local
low complexity
samsung
5.3
2021-03-25 CVE-2021-25353 Unspecified vulnerability in Samsung Galaxy Themes
Using empty PendingIntent in Galaxy Themes prior to version 5.2.00.1215 allows local attackers to read/write private file directories of Galaxy Themes application without permission via hijacking the PendingIntent.
local
low complexity
samsung
7.1
2021-03-25 CVE-2021-25352 Exposure of Resource to Wrong Sphere vulnerability in Samsung Bixby Voice
Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent.
local
low complexity
samsung CWE-668
7.8