Samsung Mobile Devices vulnerabilities
374 known vulnerabilities affecting samsung_mobile/samsung_mobile_devices.
Total CVEs
374
CISA KEV
11
actively exploited
Public exploits
0
Exploited in wild
11
Severity breakdown
CRITICAL37HIGH100MEDIUM142LOW95
Vulnerabilities
Page 10 of 19
CVE-2023-21500P4MEDIUMCVSS 5.5≥ Select Android 13 devices, < SMR May-2023 Release 12023-05-04
CVE-2023-21500 [MEDIUM] CWE-415 CVE-2023-21500: Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 R
Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory.
nvd
CVE-2023-21426P4MEDIUMCVSS 5.5≥ Select Q(10) devices, < SMR Jan-2023 Release 12023-02-09
CVE-2023-21426 [MEDIUM] CWE-798 CVE-2023-21426: Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attack
Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN.
nvd
CVE-2021-25344P4MEDIUMCVSS 5.5≥ Q(10.0), R(11.0), < SMR Mar-2021 Release 12021-03-04
CVE-2021-25344 [MEDIUM] CWE-862 CVE-2021-25344: Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to
Missing permission check in knox_custom service prior to SMR Mar-2021 Release 1 allows attackers to gain access to device's serial number without permission.
nvd
CVE-2022-33721P4MEDIUMCVSS 5.5≥ S(12), < SMR Aug-2022 Release 12022-08-05
CVE-2022-33721 [MEDIUM] CWE-94 CVE-2022-33721: A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers t
A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege.
nvd
CVE-2022-33715P4MEDIUMCVSS 5.5≥ R(11), S(12), < SMR Aug-2022 Release 12022-08-05
CVE-2022-33715 [MEDIUM] CWE-20 CVE-2022-33715: Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 R
Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI.
nvd
CVE-2022-30716P4MEDIUMCVSS 5.3≥ Q(10), R(11), S(12), < SMR Jun-2022 Release 12022-06-07
CVE-2022-30716 [MEDIUM] CWE-280 CVE-2022-30716: Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 a
Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device.
nvd
CVE-2022-30709P4MEDIUMCVSS 5.3≥ Q(10), R(11), S(12), < SMR Jun-2022 Release 12022-06-07
CVE-2022-30709 [MEDIUM] CWE-20 CVE-2022-30709: Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows
Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
nvd
CVE-2022-30720P4MEDIUMCVSS 5.3≥ Q(10), R(11), S(12), < SMR Jun-2022 Release 12022-06-07
CVE-2022-30720 [MEDIUM] CWE-20 CVE-2022-30720: Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Releas
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
nvd
CVE-2022-30719P4MEDIUMCVSS 5.3≥ Q(10), R(11), S(12), < SMR Jun-2022 Release 12022-06-07
CVE-2022-30719 [MEDIUM] CWE-20 CVE-2022-30719: Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Releas
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
nvd
CVE-2022-30721P4MEDIUMCVSS 5.3≥ Q(10), R(11), S(12), < SMR Jun-2022 Release 12022-06-07
CVE-2022-30721 [MEDIUM] CWE-20 CVE-2022-30721: Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Releas
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
nvd
CVE-2022-30715P4MEDIUMCVSS 5.3≥ Q(10), R(11), S(12), < SMR Jun-2022 Release 12022-06-07
CVE-2022-30715 [MEDIUM] CWE-284 CVE-2022-30715: Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers
Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window.
nvd
CVE-2022-36861P4MEDIUMCVSS 5.3≥ Q(10), R(11), S(12), < SMR Sep-2022 Release 12022-09-09
CVE-2022-36861 [MEDIUM] CWE-269 CVE-2022-36861: Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker t
Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege.
nvd
CVE-2021-25363P4MEDIUMCVSS 6.1≥ O(8.x), P(9.0), Q(10.0), R(11.0), < SMR APR-2021 Release 12021-04-09
CVE-2021-25363 [MEDIUM] CWE-269 CVE-2021-25363: An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untruste
An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files.
nvd
CVE-2021-25362P4MEDIUMCVSS 6.1≥ O(8.x), P(9.x), Q(10.0), < SMR APR-2021 Release 12021-04-09
CVE-2021-25362 [MEDIUM] CWE-269 CVE-2021-25362: An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted
An improper permission management in CertInstaller prior to SMR APR-2021 Release 1 allows untrusted applications to delete certain local files.
nvd
CVE-2021-25444P4MEDIUMCVSS 5.5≥ O(8.1), P(9.0), Q(10.0), < SMR AUG-2021 Release 12021-08-05
CVE-2021-25444 [MEDIUM] CWE-20 CVE-2021-25444: An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom k
An IV reuse vulnerability in keymaster prior to SMR AUG-2021 Release 1 allows decryption of custom keyblob with privileged process.
nvd
CVE-2023-21496P4MEDIUMCVSS 5.5≥ Android 11, 12, 13, < SMR May-2023 Release 12023-05-04
CVE-2023-21496 [MEDIUM] CWE-489 CVE-2023-21496: Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows att
Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level.
nvd
CVE-2023-21453P4MEDIUMCVSS 5.5≥ Selected Android 13 devices, < SMR Mar-2023 Release 12023-03-16
CVE-2023-21453 [MEDIUM] CWE-20 CVE-2023-21453: Improper input validation vulnerability in SoftSim TA prior to SMR Mar-2023 Release 1 allows local a
Improper input validation vulnerability in SoftSim TA prior to SMR Mar-2023 Release 1 allows local attackers access to protected data.
nvd
CVE-2023-21493P4MEDIUMCVSS 5.5≥ Android 11, 12, 13, < SMR May-2023 Release 12023-05-04
CVE-2023-21493 [MEDIUM] CWE-284 CVE-2023-21493: Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows
Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data.
nvd
CVE-2023-21495P4MEDIUMCVSS 5.5≥ Android 11, 12, 13, < SMR May-2023 Release 12023-05-04
CVE-2023-21495 [MEDIUM] CWE-284 CVE-2023-21495: Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 all
Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set.
nvd
CVE-2023-21422P4MEDIUMCVSS 5.5≥ R(11), S(12), < SMR Jan-2023 Release 12023-02-09
CVE-2023-21422 [MEDIUM] CWE-285 CVE-2023-21422: Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Rele
Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService.
nvd