Samsung Android vulnerabilities
448 known vulnerabilities affecting samsung/android.
Total CVEs
448
CISA KEV
12
actively exploited
Public exploits
0
Exploited in wild
10
Severity breakdown
CRITICAL9HIGH160MEDIUM218LOW61
Vulnerabilities
Page 16 of 23
CVE-2023-42536HIGHCVSS 7.8v11.0v12.0+1 more2023-11-07
CVE-2023-42536 [HIGH] CWE-125 CVE-2023-42536: An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1 allows local a
An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.
nvd
CVE-2023-42530HIGHCVSS 7.5v11.0v12.0+1 more2023-11-07
CVE-2023-42530 [HIGH] CVE-2023-42530: Improper access control vulnerability in SecSettings prior to SMR Nov-2023 Release 1 allows attacker
Improper access control vulnerability in SecSettings prior to SMR Nov-2023 Release 1 allows attackers to enable Wi-Fi and Wi-Fi Direct without User Interaction.
nvd
CVE-2023-42538HIGHCVSS 7.8v11.0v12.0+1 more2023-11-07
CVE-2023-42538 [HIGH] CWE-125 CVE-2023-42538: An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows
An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.
nvd
CVE-2023-42537HIGHCVSS 7.8v11.0v12.0+1 more2023-11-07
CVE-2023-42537 [HIGH] CWE-125 CVE-2023-42537: An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows loca
An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.
nvd
CVE-2023-42528HIGHCVSS 7.8v11.0v12.0+1 more2023-11-07
CVE-2023-42528 [HIGH] CWE-787 CVE-2023-42528: Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Re
Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.
nvd
CVE-2023-30739HIGHCVSS 7.8v11.0v12.0+1 more2023-11-07
CVE-2023-30739 [HIGH] CVE-2023-30739: Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows l
Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.
nvd
CVE-2023-42535HIGHCVSS 7.8v12.0v13.02023-11-07
CVE-2023-42535 [HIGH] CWE-787 CVE-2023-42535: Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Release 1 allows local attacker to e
Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.
nvd
CVE-2023-42527MEDIUMCVSS 5.5v11.0v12.0+1 more2023-11-07
CVE-2023-42527 [MEDIUM] CWE-20 CVE-2023-42527: Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Rele
Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information.
nvd
CVE-2023-42534MEDIUMCVSS 5.5v12.0v13.02023-11-07
CVE-2023-42534 [MEDIUM] CWE-552 CVE-2023-42534: Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows lo
Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege.
nvd
CVE-2023-42533MEDIUMCVSS 6.8v12.0v13.02023-11-07
CVE-2023-42533 [MEDIUM] CVE-2023-42533: Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physica
Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel.
nvd
CVE-2023-30690HIGHCVSS 7.8v11.0v12.0+1 more2023-10-04
CVE-2023-30690 [HIGH] CWE-20 CVE-2023-30690: Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attacker
Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.
nvd
CVE-2023-30692HIGHCVSS 7.8v11.0v12.0+1 more2023-10-04
CVE-2023-30692 [HIGH] CVE-2023-30692: Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local at
Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.
nvd
CVE-2023-30733HIGHCVSS 7.8v12.0v13.02023-10-04
CVE-2023-30733 [HIGH] CWE-787 CVE-2023-30733: Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows lo
Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows local privileged attackers to perform code execution.
nvd
CVE-2023-30727HIGHCVSS 7.5v11.0v12.0+1 more2023-10-04
CVE-2023-30727 [HIGH] CVE-2023-30727: Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attacker
Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction.
nvd
CVE-2023-30731MEDIUMCVSS 4.6v12.0v13.02023-10-04
CVE-2023-30731 [MEDIUM] CVE-2023-30731: Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows phys
Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type.
nvd
CVE-2023-30732LOWCVSS 3.3v13.02023-10-04
CVE-2023-30732 [LOW] CVE-2023-30732: Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to
Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number.
nvd
CVE-2023-30710HIGHCVSS 7.8v11.0v12.0+1 more2023-09-06
CVE-2023-30710 [HIGH] CVE-2023-30710: Improper input validation vulnerability in Knox AI prior to SMR Sep-2023 Release 1 allows local atta
Improper input validation vulnerability in Knox AI prior to SMR Sep-2023 Release 1 allows local attackers to launch privileged activities.
nvd
CVE-2023-30707HIGHCVSS 7.1v11.0v12.0+1 more2023-09-06
CVE-2023-30707 [HIGH] CVE-2023-30707: Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to S
Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows local attackers to delete arbitrary files with Samsung Keyboard privilege.
nvd
CVE-2023-30708HIGHCVSS 7.5v11.0v12.0+1 more2023-09-06
CVE-2023-30708 [HIGH] CWE-287 CVE-2023-30708: Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 allows attacker to access Cap
Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 allows attacker to access Captive Portal Wi-Fi in Reactivation Lock status.
nvd
CVE-2023-30712HIGHCVSS 7.8v11.0v12.0+1 more2023-09-06
CVE-2023-30712 [HIGH] CWE-20 CVE-2023-30712: Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers t
Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity.
nvd