Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-25423

Summary
Assigner-Samsung Mobile
Assigner Org ID-3af57064-a867-422c-b2ad-40307b65c458
Published At-11 Jun, 2021 | 14:33
Updated At-03 Aug, 2024 | 20:03
Rejected At-
Credits

Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Samsung Mobile
Assigner Org ID:3af57064-a867-422c-b2ad-40307b65c458
Published At:11 Jun, 2021 | 14:33
Updated At:03 Aug, 2024 | 20:03
Rejected At:
▼CVE Numbering Authority (CNA)

Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log.

Affected Products
Vendor
Samsung ElectronicsSamsung Mobile
Product
Watch Active2 PlugIn
Versions
Affected
  • From unspecified before 2.2.08.21033151 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-779CWE-779: Logging of Excessive Data
Type: CWE
CWE ID: CWE-779
Description: CWE-779: Logging of Excessive Data
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
unknown
vectorString:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=6
x_refsource_MISC
Hyperlink: https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=6
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=6
x_refsource_MISC
x_transferred
Hyperlink: https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=6
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:mobile.security@samsung.com
Published At:11 Jun, 2021 | 15:15
Updated At:17 Jun, 2021 | 14:44

Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.15.5MEDIUM
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary2.02.1LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 3.1
Base score: 5.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Type: Primary
Version: 2.0
Base score: 2.1
Base severity: LOW
Vector:
AV:L/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
Samsung
samsung
>>watch_active2_plugin>>Versions before 2.2.08.21033151(exclusive)
cpe:2.3:a:samsung:watch_active2_plugin:*:*:*:*:*:android:*:*
Weaknesses
CWE IDTypeSource
CWE-532Primarynvd@nist.gov
CWE-779Secondarymobile.security@samsung.com
CWE ID: CWE-532
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-779
Type: Secondary
Source: mobile.security@samsung.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=6mobile.security@samsung.com
Vendor Advisory
Hyperlink: https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=6
Source: mobile.security@samsung.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

518Records found
CVE-2023-21435
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.06% / 17.20%
||
7 Day CHG~0.00%
Published-09 Feb, 2023 | 00:00
Updated-24 Mar, 2025 | 18:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log.

Action-Not Available
Vendor-Samsung ElectronicsSamsung
Product-androidSamsung Mobile Devices
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-25421
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.13%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 14:33
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_watch_3_pluginGalaxy Watch3 PlugIn
CWE ID-CWE-779
Logging of Excessive Data
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-25350
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-2||LOW
EPSS-0.05% / 14.65%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 16:10
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidaccountSamsung Account
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-39897
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 6.07%
||
7 Day CHG~0.00%
Published-08 Dec, 2022 | 00:00
Updated-23 Apr, 2025 | 15:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exposure of Sensitive Information vulnerability in kernel prior to SMR Dec-2022 Release 1 allows attackers to access the kernel address information via log.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-39874
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.10% / 27.60%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 12:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-accountSamsung Account
CWE ID-CWE-779
Logging of Excessive Data
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-33688
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.02% / 2.15%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:33
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-33693
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-2||LOW
EPSS-0.02% / 2.63%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:34
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-33687
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.02% / 2.15%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:33
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-30741
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.06% / 17.84%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 18:18
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-find_my_mobileFind My Mobile
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-30742
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.06% / 17.84%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 18:18
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permissio to get sim card information through device log.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-find_my_mobileFind My Mobile
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-22291
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.45%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-779
Logging of Excessive Data
CVE-2022-25828
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-1.9||LOW
EPSS-0.06% / 18.99%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 13:48
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information Exposure vulnerability in Watch Active Plugin prior to version 2.2.07.22012751 allows attacker to access password information of connected WiFiAp in the log

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-watch_active_pluginWatch Active PlugIn
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-25826
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-1.9||LOW
EPSS-0.13% / 33.62%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 13:48
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the log

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_watch_3_pluginGalaxy S3 PlugIn
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-25827
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-1.9||LOW
EPSS-0.06% / 18.99%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 13:48
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.22012751 allows attacker to access password information of connected WiFiAp in the log

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_watch_pluginGalaxy Watch PlugIn
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-25823
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-1.9||LOW
EPSS-0.06% / 18.99%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 13:47
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.220126741 allows attackers to access user information in log.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_watch_pluginGalaxy Watch Plugin
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-25830
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-1.9||LOW
EPSS-0.06% / 18.99%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 13:48
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the log

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_watch_3_pluginGalaxy Watch3 Plugin
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-25829
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-1.9||LOW
EPSS-0.06% / 18.99%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 13:48
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the log

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-watch_active2_pluginWatch Active2 PlugIn
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2022-33697
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.02% / 2.15%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:35
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-25420
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.13%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 14:33
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_watch_pluginGalaxy Watch PlugIn
CWE ID-CWE-779
Logging of Excessive Data
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2021-25422
Matching Score-10
Assigner-Samsung Mobile
ShareView Details
Matching Score-10
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 13.13%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 14:33
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-watch_active_pluginWatch Active PlugIn
CWE ID-CWE-779
Logging of Excessive Data
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2024-49412
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 6.63%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 05:47
Updated-03 Dec, 2024 | 11:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in Settings prior to SMR Dec-2024 Release 1 allows local attackers to broadcast signal for discovering Bluetooth on Galaxy Watch.

Action-Not Available
Vendor-Samsung Electronics
Product-Samsung Mobile Devices
CVE-2024-34655
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 10.08%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 05:32
Updated-05 Sep, 2024 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1 allows local attackers to access privileged API related to UniversalCredentialManager.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CVE-2024-34625
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.43%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:30
Updated-09 Aug, 2024 | 20:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in applying connection point in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-34654
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.04% / 10.08%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 05:32
Updated-05 Sep, 2024 | 18:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper Export of android application component in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access files with My Files' privilege.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CVE-2024-34628
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.43%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:30
Updated-09 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in applying binary with path in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-34629
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.43%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:30
Updated-09 Aug, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in applying binary with text common object in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-34624
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.43%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:30
Updated-09 Aug, 2024 | 20:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in applying paragraphs in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-34651
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.03% / 8.11%
||
7 Day CHG~0.00%
Published-04 Sep, 2024 | 05:32
Updated-05 Sep, 2024 | 17:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access restricted data in My Files.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devicesandroid
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-34613
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.04% / 8.84%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:30
Updated-12 Aug, 2024 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in Galaxy Watch prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive information of Galaxy watch.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-wear_osSamsung Mobile Devices
CVE-2024-34621
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.01% / 1.59%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:30
Updated-09 Aug, 2024 | 20:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in applying binary with data in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-34611
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 6.36%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:30
Updated-12 Aug, 2024 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get sensitive information.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CVE-2024-34630
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.43%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:30
Updated-09 Aug, 2024 | 20:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in applying own binary with textbox in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-34672
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 8.29%
||
7 Day CHG~0.00%
Published-08 Oct, 2024 | 06:30
Updated-10 Oct, 2024 | 12:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in SamsungVideoPlayer prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows local attackers to access video file of other users.

Action-Not Available
Vendor-Samsung Electronics
Product-SamsungVideoPlayer
CVE-2024-34616
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.1||MEDIUM
EPSS-0.03% / 8.12%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:30
Updated-12 Aug, 2024 | 18:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2024-34594
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.07% / 22.66%
||
7 Day CHG~0.00%
Published-02 Jul, 2024 | 09:23
Updated-02 Aug, 2024 | 02:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local attackers to read kernel memory address.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CVE-2024-34680
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.03% / 8.20%
||
7 Day CHG~0.00%
Published-06 Nov, 2024 | 02:17
Updated-12 Nov, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-androidSamsung Mobile Devices
CVE-2024-34631
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.43%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:30
Updated-09 Aug, 2024 | 20:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in applying new binary in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2024-34627
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 11.43%
||
7 Day CHG~0.00%
Published-07 Aug, 2024 | 01:30
Updated-09 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Out-of-bounds read in parsing implemention in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-25522
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.07% / 20.34%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 14:20
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 allows attacker to access victim's captured images without permission.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smart_captureSamsung Capture
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2021-25355
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.65%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 16:13
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 allows local attackers unauthorized action without permission via hijacking the PendingIntent.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-notesSamsung Notes
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-25464
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.06% / 17.66%
||
7 Day CHG~0.00%
Published-09 Sep, 2021 | 18:05
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper file management vulnerability in SamsungCapture prior to version 4.8.02 allows sensitive information leak.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-captureSamsung Capture
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-25349
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.03% / 7.65%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 16:09
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via hijacking the PendingIntent.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidslow_motion_editorSlow Motion Editor
CWE ID-CWE-284
Improper Access Control
CVE-2021-25524
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.07% / 20.34%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 14:20
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-contactsContacts
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2021-25352
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 9.62%
||
7 Day CHG~0.00%
Published-25 Mar, 2021 | 16:11
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-bixby_voiceBixby Voice
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-668
Exposure of Resource to Wrong Sphere
CVE-2021-25403
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.07% / 20.34%
||
7 Day CHG~0.00%
Published-11 Jun, 2021 | 14:45
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-accountandroidSamsung Account
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2024-27368
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 7.30%
||
7 Day CHG~0.00%
Published-09 Sep, 2024 | 00:00
Updated-18 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor Exynos Mobile Processor, Wearable Processor Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_received_frame_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_850exynos_1380exynos_1080_firmwareexynos_1480exynos_1280exynos_1280_firmwareexynos_w920exynos_1330_firmwareexynos_1480_firmwareexynos_1080exynos_w920_firmwareexynos_980_firmwareexynos_850_firmwareexynos_1380_firmwareexynos_w930exynos_980exynos_w930_firmwareexynos_1330n/a
CWE ID-CWE-125
Out-of-bounds Read
CVE-2021-25523
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.07% / 20.34%
||
7 Day CHG~0.00%
Published-08 Dec, 2021 | 14:20
Updated-03 Aug, 2024 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-dialerSamsungDialer
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2021-25359
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.01% / 1.23%
||
7 Day CHG~0.00%
Published-09 Apr, 2021 | 17:35
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-276
Incorrect Default Permissions
CVE-2021-25468
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.02% / 3.85%
||
7 Day CHG~0.00%
Published-06 Oct, 2021 | 17:07
Updated-03 Aug, 2024 | 20:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory address.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidexynosSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2024-27366
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-4.4||MEDIUM
EPSS-0.03% / 6.42%
||
7 Day CHG~0.00%
Published-09 Sep, 2024 | 00:00
Updated-25 Mar, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in Samsung Mobile Processor, Wearable Processor Exynos Exynos 980, Exynos 850, Exynos 1080, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 1480, Exynos W920, Exynos W930. In the function slsi_rx_scan_done_ind(), there is no input validation check on a length coming from userspace, which can lead to a potential heap over-read.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_1480_firmwareexynos_1080_firmwareexynos_980_firmwareexynos_1480exynos_1330exynos_850exynos_850_firmwareexynos_w920_firmwareexynos_w920exynos_1280_firmwareexynos_1380_firmwareexynos_1380exynos_w930_firmwareexynos_1330_firmwareexynos_980exynos_1280exynos_w930exynos_1080n/a
CWE ID-CWE-125
Out-of-bounds Read
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 10
  • 11
  • Next
Details not found