Samsung Android vulnerabilities
448 known vulnerabilities affecting samsung/android.
Total CVEs
448
CISA KEV
12
actively exploited
Public exploits
0
Exploited in wild
10
Severity breakdown
CRITICAL9HIGH160MEDIUM218LOW61
Vulnerabilities
Page 20 of 23
CVE-2023-30660MEDIUMCVSS 5.5v12.0v13.02023-07-06
CVE-2023-30660 [MEDIUM] CVE-2023-30660: Exposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior t
Exposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.
nvd
CVE-2023-30641MEDIUMCVSS 4.3v13.02023-07-06
CVE-2023-30641 [MEDIUM] CVE-2023-30641: Improper access control vulnerability in Settings prior to SMR Jul-2023 Release 1 allows physical at
Improper access control vulnerability in Settings prior to SMR Jul-2023 Release 1 allows physical attacker to use restricted user profile to access device owner's google account data.
nvd
CVE-2023-30667LOWCVSS 3.3v13.02023-07-06
CVE-2023-30667 [LOW] CVE-2023-30667: Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to s
Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege.
nvd
CVE-2023-30640LOWCVSS 3.3v11.0v12.0+1 more2023-07-06
CVE-2023-30640 [LOW] CVE-2023-30640: Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allow
Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugration.
nvd
CVE-2023-21513MEDIUMCVSS 6.8v11.0v12.0+1 more2023-06-28
CVE-2023-21513 [MEDIUM] CWE-269 CVE-2023-21513: Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physic
Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition.
nvd
CVE-2023-21512LOWCVSS 3.3v11.0v12.0+1 more2023-06-28
CVE-2023-21512 [LOW] CWE-269 CVE-2023-21512: Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows l
Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission.
nvd
CVE-2023-21494CRITICALCVSS 9.8v13.02023-05-04
CVE-2023-21494 [CRITICAL] CWE-20 CVE-2023-21494: Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior
Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.
nvd
CVE-2023-21504CRITICALCVSS 9.8v11.0v12.0+1 more2023-05-04
CVE-2023-21504 [CRITICAL] CWE-20 CVE-2023-21504: Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR Ma
Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.
nvd
CVE-2023-21503CRITICALCVSS 9.8v13.02023-05-04
CVE-2023-21503 [CRITICAL] CWE-20 CVE-2023-21503: Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to S
Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.
nvd
CVE-2023-21502HIGHCVSS 7.8v12.0v13.02023-05-04
CVE-2023-21502 [HIGH] CWE-20 CVE-2023-21502: Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 a
Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands.
nvd
CVE-2023-21499HIGHCVSS 7.8v13.02023-05-04
CVE-2023-21499 [HIGH] CWE-787 CVE-2023-21499: Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to
Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.
nvd
CVE-2023-21490HIGHCVSS 7.1v11.0v12.0+1 more2023-05-04
CVE-2023-21490 [HIGH] CWE-284 CVE-2023-21490: Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker t
Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager.
nvd
CVE-2023-21488HIGHCVSS 7.8v11.0v12.0+1 more2023-05-04
CVE-2023-21488 [HIGH] CWE-284 CVE-2023-21488: Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attacker
Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips.
nvd
CVE-2023-21498HIGHCVSS 7.8v13.02023-05-04
CVE-2023-21498 [HIGH] CWE-20 CVE-2023-21498: Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-20
Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory.
nvd
CVE-2023-21497HIGHCVSS 7.8v13.02023-05-04
CVE-2023-21497 [HIGH] CWE-134 CVE-2023-21497: Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023
Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address.
nvd
CVE-2023-21491HIGHCVSS 7.8v12.0v13.02023-05-04
CVE-2023-21491 [HIGH] CWE-284 CVE-2023-21491: Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local a
Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege.
nvd
CVE-2023-21484HIGHCVSS 7.8v11.0v12.0+1 more2023-05-04
CVE-2023-21484 [HIGH] CWE-287 CVE-2023-21484: Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attack
Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation.
nvd
CVE-2023-21501HIGHCVSS 7.8v13.02023-05-04
CVE-2023-21501 [HIGH] CWE-20 CVE-2023-21501: Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 all
Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.
nvd
CVE-2023-21489MEDIUMCVSS 6.8v11.0v12.0+1 more2023-05-04
CVE-2023-21489 [MEDIUM] CWE-787 CVE-2023-21489: Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physic
Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code.
nvd
CVE-2023-21485MEDIUMCVSS 4.6v11.0v12.0+1 more2023-05-04
CVE-2023-21485 [MEDIUM] CWE-926 CVE-2023-21485: Improper export of android application components vulnerability in VideoPreviewActivity in Call Sett
Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.
nvd