| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper verification of cryptographic signature in Smart Switch prior to version 3.7.69.15 allows remote attackers to potentially bypass authentication. |
| Improper authentication in Smart Switch prior to version 3.7.69.15 allows remote attackers to bypass authentication. |
| Authentication bypass by replay in Smart Switch prior to version 3.7.69.15 allows remote attackers to trigger privileged functions. |
| Improper authentication in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to trigger a denial of service. |
| Path traversal in Smart Switch prior to version 3.7.69.15 allows adjacent attackers to overwrite arbitrary files with Smart Switch privilege. |
| Use of a broken or risky cryptographic algorithm in Smart Switch prior to version 3.7.69.15 allows remote attackers to configure a downgraded scheme for authentication. |
| Improper verification of intent by broadcast receiver in Settings prior to SMR Mar-2026 Release 1 allows local attacker to launch arbitrary activity with Settings privilege. User interaction is required for triggering this vulnerability. |
| Improper verification of cryptographic signature in Font Settings prior to SMR Mar-2026 Release 1 allows physical attackers to use custom font. |
| Improper export of android application components in Secure Folder prior to SMR Mar-2026 Release 1 allows local attackers to launch arbitrary activity with Secure Folder privilege. |
| Improper privilege management in ThemeManager prior to SMR Mar-2026 Release 1 allows local privileged attackers to reuse trial contents. |
| Improper authorization in Settings prior to SMR Mar-2026 Release 1 allows local attacker to disable configuring the background data usage of application. |
| The database account and password are hardcoded, allowing login with the account to manipulate the database in MagicInfo9 Server.This issue affects MagicINFO 9 Server: less than 21.1090.1. |
| An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of session->ncp_hdr_buf in __pilot_parsing_ncp() causes a denial of service. |
| An issue was discovered in Samsung Mobile Processor Exynos 1380, 1480, 2400, 1580, and 2500. A NULL pointer dereference of npu_proto_drv.ast.thread_ref in set_cpu_affinity() causes a denial of service. |
| An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, and 2400. A NULL pointer dereference of ft_handle in load_fw_utc_vector() causes a denial of service. |
| An issue was discovered in LBS in Samsung Mobile Processor Exynos 2200. There was no check for memory initialization within DL NAS Transport messages. |
| An issue was discovered in Samsung Mobile Processor Exynos 1280, 2200, 1380, 1480, 2400, 1580, and 2500. Unvalidated VS4L_VERTEXIOC_BOOTUP input leads to a denial of service. |
| Improper access control in SecSettingsIntelligence prior to SMR Mar-2025 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability. |
| Out-of-bounds write in parsing jpeg image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code. |
| Out-of-bounds write in parsing bmp image in Samsung Notes prior to version 4.4.26.71 allows local attackers to execute arbitrary code. |
