CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2021-25506 863 DoS 2021-11-05 2021-11-09
2.1
None Local Low Not required None None Partial
Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service.
452 CVE-2021-25504 20 2021-11-05 2021-11-08
2.1
None Local Low Not required Partial None None
Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 allows attacker to access contact information.
453 CVE-2021-25502 312 2021-11-05 2021-11-08
2.1
None Local Low Not required Partial None None
A vulnerability of storing sensitive information insecurely in Property Settings prior to SMR Nov-2021 Release 1 allows attackers to read ESN value without priviledge.
454 CVE-2021-25501 863 2021-11-05 2021-11-08
2.1
None Local Low Not required None Partial None
An improper access control vulnerability in SCloudBnRReceiver in SecTelephonyProvider prior to SMR Nov-2021 Release 1 allows untrusted application to call some protected providers.
455 CVE-2021-25500 20 2021-11-05 2021-11-08
2.1
None Local Low Not required None Partial None
A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise.
456 CVE-2021-25499 2021-10-06 2021-10-14
2.1
None Local Low Not required Partial None None
Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store.
457 CVE-2021-25491 476 Mem. Corr. 2021-10-06 2021-10-13
2.1
None Local Low Not required None None Partial
A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer dereference.
458 CVE-2021-25488 125 2021-10-06 2021-10-13
2.1
None Local Low Not required Partial None None
Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read.
459 CVE-2021-25486 2021-10-06 2021-10-13
2.1
None Local Low Not required Partial None None
Exposure of information vulnerability in ipcdump prior to SMR Oct-2021 Release 1 allows an attacker detect device information via analyzing packet in log.
460 CVE-2021-25484 287 2021-10-06 2021-10-13
2.1
None Local Low Not required Partial None None
Improper authentication in InputManagerService prior to SMR Oct-2021 Release 1 allows monitoring the touch event.
461 CVE-2021-25476 863 Bypass 2021-10-06 2021-10-13
2.1
None Local Low Not required Partial None None
An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE.
462 CVE-2021-25472 863 2021-10-06 2021-10-13
2.1
None Local Low Not required None Partial None
An improper access control vulnerability in BluetoothSettingsProvider prior to SMR Oct-2021 Release 1 allows untrusted application to overwrite some Bluetooth information.
463 CVE-2021-25468 20 2021-10-06 2021-10-14
2.1
None Local Low Not required Partial None None
A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory address.
464 CVE-2021-25464 200 +Info 2021-09-09 2021-09-22
2.1
None Local Low Not required Partial None None
An improper file management vulnerability in SamsungCapture prior to version 4.8.02 allows sensitive information leak.
465 CVE-2021-25463 2021-09-09 2021-09-22
2.1
None Local Low Not required None Partial None
Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview.
466 CVE-2021-25462 476 Mem. Corr. 2021-09-09 2021-09-23
2.1
None Local Low Not required None None Partial
NULL pointer dereference vulnerability in NPU driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
467 CVE-2021-25460 2021-09-09 2021-09-23
2.1
None Local Low Not required None None Partial
An improper access control vulnerability in sspExit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to terminate BlockchainTZService.
468 CVE-2021-25459 552 2021-09-09 2021-09-22
2.1
None Local Low Not required None Partial None
An improper access control vulnerability in sspInit() in BlockchainTZService prior to SMR Sep-2021 Release 1 allows attackers to start BlockchainTZService.
469 CVE-2021-25458 476 Mem. Corr. 2021-09-09 2021-09-23
2.1
None Local Low Not required None None Partial
NULL pointer dereference vulnerability in ION driver prior to SMR Sep-2021 Release 1 allows attackers to cause memory corruption.
470 CVE-2021-25457 20 2021-09-09 2021-09-22
2.1
None Local Low Not required Partial None None
An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information.
471 CVE-2021-25453 20 2021-09-09 2021-09-23
2.1
None Local Low Not required Partial None None
Some improper access control in Bluetooth APIs prior to SMR Sep-2021 Release 1 allows untrusted application to get Bluetooth information.
472 CVE-2021-25444 2021-08-05 2021-08-12
2.1
None Local Low Not required Partial None None
An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process.
473 CVE-2021-25439 863 2021-07-08 2021-07-12
2.1
None Local Low Not required Partial None None
Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview.
474 CVE-2021-25433 863 2021-07-08 2021-07-14
2.1
None Local Low Not required None None Partial
Improper authorization vulnerability in Tizen factory reset policy prior to Firmware update JUL-2021 Release allows untrusted applications to perform factory reset using dbus signal.
475 CVE-2021-25432 668 2021-07-08 2021-07-12
2.1
None Local Low Not required Partial None None
Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data.
476 CVE-2021-25431 863 2021-07-08 2021-07-12
2.1
None Local Low Not required None Partial None
Improper access control vulnerability in Cameralyzer prior to versions 3.2.1041 in 3.2.x, 3.3.1040 in 3.3.x, and 3.4.4210 in 3.4.x allows untrusted applications to access some functions of Cameralyzer.
477 CVE-2021-25423 532 2021-06-11 2021-06-17
2.1
None Local Low Not required Partial None None
Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log.
478 CVE-2021-25422 532 2021-06-11 2021-06-17
2.1
None Local Low Not required Partial None None
Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.
479 CVE-2021-25421 532 2021-06-11 2021-06-17
2.1
None Local Low Not required Partial None None
Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.
480 CVE-2021-25420 532 2021-06-11 2021-06-17
2.1
None Local Low Not required Partial None None
Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.
481 CVE-2021-25416 20 2021-06-11 2021-06-16
2.1
None Local Low Not required None Partial None
Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area.
482 CVE-2021-25415 20 2021-06-11 2021-06-16
2.1
None Local Low Not required None Partial None
Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to remap EL2 memory as writable.
483 CVE-2021-25413 2021-06-11 2021-10-18
2.1
None Local Low Not required Partial None None
Improper sanitization of incoming intent in Samsung Contacts prior to SMR JUN-2021 Release 1 allows local attackers to get permissions to access arbitrary data with Samsung Contacts privilege.
484 CVE-2021-25411 20 2021-06-11 2021-06-16
2.1
None Local Low Not required None Partial None
Improper address validation vulnerability in RKP api prior to SMR JUN-2021 Release 1 allows root privileged local attackers to write read-only kernel memory.
485 CVE-2021-25409 863 2021-06-11 2021-06-16
2.1
None Local Low Not required None Partial None
Improper access in Notification setting prior to SMR JUN-2021 Release 1 allows physically proximate attackers to set arbitrary notification via physically configuring device.
486 CVE-2021-25405 863 2021-06-11 2021-06-21
2.1
None Local Low Not required Partial None None
An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files.
487 CVE-2021-25404 922 2021-06-11 2021-06-21
2.1
None Local Low Not required Partial None None
Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log.
488 CVE-2021-25403 863 2021-06-11 2021-06-21
2.1
None Local Low Not required Partial None None
Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component.
489 CVE-2021-25402 922 2021-06-11 2021-06-21
2.1
None Local Low Not required Partial None None
Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information.
490 CVE-2021-25398 2021-06-11 2021-06-16
2.1
None Local Low Not required Partial None None
Intent redirection vulnerability in Bixby Voice prior to version 3.1.12 allows attacker to access contacts.
491 CVE-2021-25397 863 2021-06-11 2021-06-16
2.1
None Local Low Not required None Partial None
An improper access control vulnerability in TelephonyUI prior to SMR MAY-2021 Release 1 allows local attackers to write arbitrary files of telephony process via untrusted applications.
492 CVE-2021-25393 732 2021-06-11 2021-06-16
2.1
None Local Low Not required Partial None None
Improper sanitization of incoming intent in SecSettings prior to SMR MAY-2021 Release 1 allows local attackers to get permissions to access system uid data.
493 CVE-2021-25392 326 2021-06-11 2021-06-16
2.1
None Local Low Not required Partial None None
Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path.
494 CVE-2021-25391 2021-06-11 2021-06-16
2.1
None Local Low Not required Partial None None
Intent redirection vulnerability in Secure Folder prior to SMR MAY-2021 Release 1 allows attackers to execute privileged action.
495 CVE-2021-25379 2021-04-09 2021-04-23
2.1
None Local Low Not required Partial None None
Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action.
496 CVE-2021-25369 863 2021-03-26 2021-03-31
2.1
None Local Low Not required Partial None None
An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.
497 CVE-2021-25364 200 +Info 2021-04-09 2021-04-26
2.1
None Local Low Not required Partial None None
A pendingIntent hijacking vulnerability in Secure Folder prior to SMR APR-2021 Release 1 allows unprivileged applications to access contact information.
498 CVE-2021-25359 276 2021-04-09 2021-04-19
2.1
None Local Low Not required Partial None None
An improper SELinux policy prior to SMR APR-2021 Release 1 allows local attackers to access AP information without proper permissions via untrusted applications.
499 CVE-2021-25358 276 2021-04-09 2021-04-19
2.1
None Local Low Not required Partial None None
A vulnerability that stores IMSI values in an improper path prior to SMR APR-2021 Release 1 allows local attackers to access IMSI values without any permission via untrusted applications.
500 CVE-2021-25357 269 2021-04-09 2021-04-20
2.1
None Local Low Not required Partial None None
A pendingIntent hijacking vulnerability in Create Movie prior to SMR APR-2021 Release 1 in Android O(8.x) and P(9.0), 3.4.81.1 in Android Q(10,0), and 3.6.80.7 in Android R(11.0) allows unprivileged applications to access contact information.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.