Samsung Android vulnerabilities
448 known vulnerabilities affecting samsung/android.
Total CVEs
448
CISA KEV
12
actively exploited
Public exploits
0
Exploited in wild
10
Severity breakdown
CRITICAL9HIGH160MEDIUM218LOW61
Vulnerabilities
Page 11 of 23
CVE-2024-20892HIGHCVSS 7.8v12.0v13.0+1 more2024-07-02
CVE-2024-20892 [HIGH] CWE-347 CVE-2024-20892: Improper verification of signature in FilterProvider prior to SMR Jul-2024 Release 1 allows local at
Improper verification of signature in FilterProvider prior to SMR Jul-2024 Release 1 allows local attackers to execute privileged behaviors. User interaction is required for triggering this vulnerability.
nvd
CVE-2024-34593HIGHCVSS 8.8v12.0v13.0+1 more2024-07-02
CVE-2024-34593 [HIGH] CVE-2024-34593: Improper input validation in parsing and distributing RTCP packet in librtp.so prior to SMR Jul-2024
Improper input validation in parsing and distributing RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
nvd
CVE-2024-20893HIGHCVSS 7.8v12.0v13.0+1 more2024-07-02
CVE-2024-20893 [HIGH] CWE-787 CVE-2024-20893: Improper input validation in libmediaextractorservice.so prior to SMR Jul-2024 Release 1 allows loca
Improper input validation in libmediaextractorservice.so prior to SMR Jul-2024 Release 1 allows local attackers to trigger memory corruption.
nvd
CVE-2024-20890HIGHCVSS 8.8v12.0v13.0+1 more2024-07-02
CVE-2024-20890 [HIGH] CWE-287 CVE-2024-20890: Improper input validation in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to trigge
Improper input validation in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to trigger abnormal behavior.
nvd
CVE-2024-34595HIGHCVSS 7.8v12.0v13.0+1 more2024-07-02
CVE-2024-34595 [HIGH] CVE-2024-34595: Improper access control in clickAdapterItem of SystemUI prior to SMR Jul-2024 Release 1 allows local
Improper access control in clickAdapterItem of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.
nvd
CVE-2024-20901HIGHCVSS 7.8v12.0v13.0+1 more2024-07-02
CVE-2024-20901 [HIGH] CWE-787 CVE-2024-20901: Improper input validation in copying data to buffer cache in libsaped prior to SMR Jul-2024 Release
Improper input validation in copying data to buffer cache in libsaped prior to SMR Jul-2024 Release 1 allows local attackers to write out-of-bounds memory.
nvd
CVE-2024-20891HIGHCVSS 7.8v12.0v13.0+1 more2024-07-02
CVE-2024-20891 [HIGH] CVE-2024-20891: Improper access control in launchFullscreenIntent of SystemUI prior to SMR Jul-2024 Release 1 allows
Improper access control in launchFullscreenIntent of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.
nvd
CVE-2024-20888HIGHCVSS 7.8v12.0v13.0+1 more2024-07-02
CVE-2024-20888 [HIGH] CVE-2024-20888: Improper access control in OneUIHome prior to SMR Jul-2024 Release 1 allows local attackers to launc
Improper access control in OneUIHome prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.
nvd
CVE-2024-20894MEDIUMCVSS 4.3v12.0v13.0+1 more2024-07-02
CVE-2024-20894 [MEDIUM] CWE-755 CVE-2024-20894: Improper handling of exceptional conditions in Secure Folder prior to SMR Jul-2024 Release 1 allows
Improper handling of exceptional conditions in Secure Folder prior to SMR Jul-2024 Release 1 allows physical attackers to bypass authentication under certain condition. User interaction is required for triggering this vulnerability.
nvd
CVE-2024-20889MEDIUMCVSS 4.3v12.0v13.0+1 more2024-07-02
CVE-2024-20889 [MEDIUM] CWE-287 CVE-2024-20889: Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair wit
Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair with devices.
nvd
CVE-2024-20899MEDIUMCVSS 5.5v12.0v13.0+1 more2024-07-02
CVE-2024-20899 [MEDIUM] CVE-2024-20899: Use of implicit intent for sensitive communication in RCS function in IMS service prior to SMR Jul-2
Use of implicit intent for sensitive communication in RCS function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
nvd
CVE-2024-20896MEDIUMCVSS 5.5v12.0v13.0+1 more2024-07-02
CVE-2024-20896 [MEDIUM] CVE-2024-20896: Use of implicit intent for sensitive communication in Configuration message prior to SMR Jul-2024 Re
Use of implicit intent for sensitive communication in Configuration message prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
nvd
CVE-2024-34588MEDIUMCVSS 6.5v12.0v13.0+1 more2024-07-02
CVE-2024-34588 [MEDIUM] CVE-2024-34588: Improper input validation혻in parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 all
Improper input validation혻in parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
nvd
CVE-2024-20898MEDIUMCVSS 5.5v12.0v13.0+1 more2024-07-02
CVE-2024-20898 [MEDIUM] CVE-2024-20898: Use of implicit intent for sensitive communication in SoftphoneClient in IMS service prior to SMR Ju
Use of implicit intent for sensitive communication in SoftphoneClient in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
nvd
CVE-2024-34592MEDIUMCVSS 4.3v12.0v13.0+1 more2024-07-02
CVE-2024-34592 [MEDIUM] CVE-2024-34592: Improper input validation in parsing RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 a
Improper input validation in parsing RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
nvd
CVE-2024-34594MEDIUMCVSS 5.5v12.0v13.0+1 more2024-07-02
CVE-2024-34594 [MEDIUM] CVE-2024-34594: Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local a
Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local attackers to read kernel memory address.
nvd
CVE-2024-20895MEDIUMCVSS 5.5v12.0v13.0+1 more2024-07-02
CVE-2024-20895 [MEDIUM] CVE-2024-20895: Improper access control in Dar service prior to SMR Jul-2024 Release 1 allows local attackers to byp
Improper access control in Dar service prior to SMR Jul-2024 Release 1 allows local attackers to bypass restriction for calling SDP features.
nvd
CVE-2024-34591MEDIUMCVSS 4.3v12.0v13.0+1 more2024-07-02
CVE-2024-34591 [MEDIUM] CVE-2024-34591: Improper input validation in parsing an item data from RTCP SDES packet in librtp.so prior to SMR Ju
Improper input validation in parsing an item data from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
nvd
CVE-2024-34589MEDIUMCVSS 6.5v12.0v13.0+1 more2024-07-02
CVE-2024-34589 [MEDIUM] CVE-2024-34589: Improper input validation in parsing RTCP RR packet in librtp.so prior to SMR Jul-2024 Release 1 all
Improper input validation in parsing RTCP RR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
nvd
CVE-2024-34587MEDIUMCVSS 6.8v12.0v13.0+1 more2024-07-02
CVE-2024-34587 [MEDIUM] CVE-2024-34587: Improper input validation in parsing application information from RTCP packet in librtp.so prior to
Improper input validation in parsing application information from RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
nvd