Samsung Android vulnerabilities

448 known vulnerabilities affecting samsung/android.

Total CVEs

448

CISA KEV

actively exploited

Public exploits

Exploited in wild

Severity breakdown

CRITICAL9HIGH160MEDIUM218LOW61

Vulnerabilities

Page 8 of 23

CVE-2024-49415CRITICALCVSS 9.8v12.0v13.0+1 more2024-12-03

CVE-2024-49415 [CRITICAL] CWE-787 CVE-2024-49415: Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.

nvd

CVE-2024-49410HIGHCVSS 7.8v12.0v13.0+1 more2024-12-03

CVE-2024-49410 [HIGH] CWE-787 CVE-2024-49410: Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code.

nvd

CVE-2024-49413HIGHCVSS 7.8v13.0v14.02024-12-03

CVE-2024-49413 [HIGH] CWE-347 CVE-2024-49413: Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allo Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.

nvd

CVE-2024-49411MEDIUMCVSS 4.6v12.0v13.0+1 more2024-12-03

CVE-2024-49411 [MEDIUM] CWE-22 CVE-2024-49411: Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege.

nvd

CVE-2024-49414LOWCVSS 2.4v12.0v13.0+1 more2024-12-03

CVE-2024-49414 [LOW] CVE-2024-49414: Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows phy Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list.

nvd

CVE-2024-49401HIGHCVSS 7.1v13.0v14.02024-11-06

CVE-2024-49401 [HIGH] CVE-2024-49401: Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attac Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities.

nvd

CVE-2024-34678HIGHCVSS 7.8v12.0v13.0+1 more2024-11-06

CVE-2024-34678 [HIGH] CWE-787 CVE-2024-34678: Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption.

nvd

CVE-2024-34676HIGHCVSS 7.3v12.0v13.0+1 more2024-11-06

CVE-2024-34676 [HIGH] CWE-787 CVE-2024-34676: Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 a Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. User interaction is required for triggering this vulnerability.

nvd

CVE-2024-34679HIGHCVSS 7.1v14.02024-11-06

CVE-2024-34679 [HIGH] CWE-276 CVE-2024-34679: Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to acc Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege.

nvd

CVE-2024-49402MEDIUMCVSS 4.6v14.02024-11-06

CVE-2024-49402 [MEDIUM] CVE-2024-49402: Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to a Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles.

nvd

CVE-2024-34675MEDIUMCVSS 4.6v14.02024-11-06

CVE-2024-34675 [MEDIUM] CVE-2024-34675: Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to tem Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen.

nvd

CVE-2024-34673MEDIUMCVSS 5.5v12.0v13.0+1 more2024-11-06

CVE-2024-34673 [MEDIUM] CVE-2024-34673: Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attac Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service.

nvd

CVE-2024-34674MEDIUMCVSS 4.6v12.0v13.0+1 more2024-11-06

CVE-2024-34674 [MEDIUM] CVE-2024-34674: Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to acc Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles.

nvd

CVE-2024-34680MEDIUMCVSS 5.5v12.0v13.0+1 more2024-11-06

CVE-2024-34680 [MEDIUM] CVE-2024-34680: Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allow Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information.

nvd

CVE-2024-34677LOWCVSS 3.3v12.0v13.0+1 more2024-11-06

CVE-2024-34677 [LOW] CWE-922 CVE-2024-34677: Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate.

nvd

CVE-2024-34682LOWCVSS 2.4v14.02024-11-06

CVE-2024-34682 [LOW] CVE-2024-34682: Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to acce Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode.

nvd

CVE-2024-34669HIGHCVSS 8.8v12.0v13.0+1 more2024-10-08

CVE-2024-34669 [HIGH] CWE-787 CVE-2024-34669: Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 all Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

nvd

CVE-2024-34662HIGHCVSS 7.8v12.0v13.0+1 more2024-10-08

CVE-2024-34662 [HIGH] CVE-2024-34662: Improper access control in ActivityManager prior to SMR Oct-2024 Release 1 in select Android 12, 13 Improper access control in ActivityManager prior to SMR Oct-2024 Release 1 in select Android 12, 13 and SMR Sep-2024 Release 1 in select Android 14 allows local attackers to execute privileged behaviors.

nvd

CVE-2024-34668HIGHCVSS 8.8v12.0v13.0+1 more2024-10-08

CVE-2024-34668 [HIGH] CWE-787 CVE-2024-34668: Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allo Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

nvd

CVE-2024-34665HIGHCVSS 8.8v12.0v13.0+1 more2024-10-08

CVE-2024-34665 [HIGH] CWE-787 CVE-2024-34665: Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allo Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

nvd

← Previous8 / 23Next →