Vulnerabilities > Samsung > High

DATE CVE VULNERABILITY TITLE RISK
2021-06-11 CVE-2021-25400 Unspecified vulnerability in Samsung Internet 13.2.1.46/13.2.1.70
Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action.
local
low complexity
samsung
7.8
2021-06-11 CVE-2021-25401 Unspecified vulnerability in Samsung Health
Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action.
local
low complexity
samsung
7.8
2021-06-11 CVE-2021-25418 Incorrect Authorization vulnerability in Samsung Internet 13.2.1.46/13.2.1.70/14.0.1.20
Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition.
local
low complexity
samsung CWE-863
7.8
2021-06-11 CVE-2021-25424 Improper Authentication vulnerability in Samsung products
Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness.
low complexity
samsung CWE-287
8.8
2021-05-20 CVE-2021-3438 Classic Buffer Overflow vulnerability in multiple products
A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege.
local
low complexity
hp samsung CWE-120
7.8
2021-04-09 CVE-2021-25381 Incorrect Default Permissions vulnerability in Samsung Account 10.8.0.4/12.1.1.3
Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
local
low complexity
samsung CWE-276
7.8
2021-04-09 CVE-2021-25380 Improper Handling of Exceptional Conditions vulnerability in Samsung Bixby
Improper handling of exceptional conditions in Bixby prior to version 3.0.53.02 allows attacker to execute the actions registered by the user.
network
low complexity
samsung CWE-755
7.3
2021-04-09 CVE-2021-25377 Improper Privilege Management vulnerability in Samsung Experience Service
Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attacker to execute privileged action.
local
low complexity
samsung CWE-269
7.8
2021-04-09 CVE-2021-25374 Unspecified vulnerability in Samsung Members 2.4.81.13/3.9.10.11/4.2.005
An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account.
network
low complexity
samsung
7.5
2021-04-09 CVE-2021-25373 Unspecified vulnerability in Samsung Customization Service
Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
local
low complexity
samsung
7.8