Samsung Samsung

Do you want an email whenever new security vulnerabilities are reported in any Samsung product?

Products by Samsung Sorted by Most Security Vulnerabilities since 2018

Samsung Android50 vulnerabilities

Samsung Internet16 vulnerabilities

Samsung Smartthings13 vulnerabilities

Samsung Mtower13 vulnerabilities

Samsung Notes13 vulnerabilities

Samsung Account11 vulnerabilities

Samsung Galaxy Store11 vulnerabilities

Samsung Mobile7 vulnerabilities

Samsung Blockchain Keystore6 vulnerabilities

Samsung Galaxy Watch Plugin6 vulnerabilities

Samsung Syncthru Web Service6 vulnerabilities

Samsung Cloud5 vulnerabilities

Samsung Tizenrt5 vulnerabilities

Samsung Email5 vulnerabilities

Samsung Pass5 vulnerabilities

Samsung Wear Os5 vulnerabilities

Samsung Find My Mobile4 vulnerabilities

Samsung Galaxy Apps4 vulnerabilities

Samsung Flow4 vulnerabilities

Samsung Health4 vulnerabilities

Samsung Pay Kr3 vulnerabilities

Samsung Pay3 vulnerabilities

Samsung Factorycamera3 vulnerabilities

Samsung Pay Mini3 vulnerabilities

Samsung Smart Switch Pc3 vulnerabilities

Samsung Kies3 vulnerabilities

Samsung Pass3 vulnerabilities

Samsung Bixby Vision2 vulnerabilities

Samsung Bixby Voice2 vulnerabilities

Samsung Smarttagplugin2 vulnerabilities

Samsung Charm2 vulnerabilities

Samsung Checkout2 vulnerabilities

Samsung Members2 vulnerabilities

Samsung Internet Browser2 vulnerabilities

Samsung S Assistant2 vulnerabilities

Samsung Watch Active Plugin2 vulnerabilities

Samsung Quick Share2 vulnerabilities

Samsung Editor Lite2 vulnerabilities

Samsung Email2 vulnerabilities

Samsung Exynos2 vulnerabilities

Samsung Factorycamerafb2 vulnerabilities

Samsung Flow2 vulnerabilities

Samsung Watch Active2 Plugin2 vulnerabilities

Samsung Update2 vulnerabilities

Samsung Pay2 vulnerabilities

Samsung Members2 vulnerabilities

Samsung Billing1 vulnerability

Samsung Bixby1 vulnerability

Samsung Bixby Touch1 vulnerability

Samsung Blockchain Wallet1 vulnerability

Samsung Calendar1 vulnerability

Samsung Cameralyzer1 vulnerability

Samsung Clp 360 Ss062a1 vulnerability

Samsung Clp 365 Ss066a1 vulnerability

Samsung Clp 365 Ss067a1 vulnerability

Samsung Clp 365 Sw139a1 vulnerability

Samsung Clp 366 Sv600a1 vulnerability

Samsung Clp 368 Sv601a1 vulnerability

Samsung Clp 560 Sv611a1 vulnerability

Samsung Clp 560 Sv612a1 vulnerability

Samsung Clp 680 Ss075a1 vulnerability

Samsung Clp 680 Ss076a1 vulnerability

Samsung Clp 775 Ss078a1 vulnerability

Samsung Clp 775 Ss079a1 vulnerability

Samsung Clx 6260 Ss106a1 vulnerability

Samsung Clx 6260 Ss107a1 vulnerability

Samsung Clx 6260 Ss108a1 vulnerability

Samsung Clx 6260 Sw177a1 vulnerability

Samsung Contacts1 vulnerability

Samsung Contacts Provider1 vulnerability

Samsung Ddr41 vulnerability

Samsung Display Solutions1 vulnerability

Samsung Exynos 88951 vulnerability

Samsung Exynos Smp13001 vulnerability

Samsung Galaxy Themes1 vulnerability

Samsung Galaxy Wearable1 vulnerability

Samsung Ml 3750 Ss138a1 vulnerability

Samsung Ml 4510 Ss141a1 vulnerability

Samsung Ml 4512 Ss142a1 vulnerability

Samsung Ml 5010 Ss145a1 vulnerability

Samsung Ml 5012 Ss146a1 vulnerability

Samsung Ml 5015 Ss147a1 vulnerability

Samsung Ml 5510 Ss149a1 vulnerability

Samsung Ml 5510 Ss150a1 vulnerability

Samsung Ml 5510 Ss151a1 vulnerability

Samsung Ml 5510 Ss152a1 vulnerability

Samsung Ml 5510 Sv897a1 vulnerability

Samsung Ml 5510 Sv898a1 vulnerability

Samsung Ml 6510 Ss153a1 vulnerability

Samsung Ml 6510 Ss154a1 vulnerability

Samsung Ml 6510 Sv901a1 vulnerability

Known Exploited Samsung Vulnerabilities

The following Samsung vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass. CVE-2023-21492 May 19, 2023
Samsung Mobile Devices Improper Access Control Vulnerability Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370. CVE-2021-25337 November 8, 2022
Samsung Mobile Devices Improper Access Control Vulnerability Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370. CVE-2021-25369 November 8, 2022
Samsung Mobile Devices Memory Corruption Vulnerability Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369. CVE-2021-25370 November 8, 2022

By the Year

In 2023 there have been 67 vulnerabilities in Samsung with an average score of 5.9 out of ten. Last year Samsung had 145 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Samsung in 2023 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2023 is greater by 0.27.

Year Vulnerabilities Average Score
2023 67 5.94
2022 145 5.66
2021 64 5.72
2020 7 9.26
2019 6 6.72
2018 19 7.39

It may take a day or so for new Samsung vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Samsung Security Vulnerabilities

Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1

CVE-2023-21496 5.5 - Medium - May 04, 2023

Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level.

Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1

CVE-2023-21497 7.8 - High - May 04, 2023

Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address.

Use of Externally-Controlled Format String

Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1

CVE-2023-21498 7.8 - High - May 04, 2023

Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory.

Improper Input Validation

Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1

CVE-2023-21500 5.5 - Medium - May 04, 2023

Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory.

Double-free

Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1

CVE-2023-21499 7.8 - High - May 04, 2023

Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.

Memory Corruption

Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1

CVE-2023-21504 9.8 - Critical - May 04, 2023

Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.

Classic Buffer Overflow

Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1

CVE-2023-21508 7.8 - High - May 04, 2023

Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code.

Memory Corruption

Out-of-bounds Write vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1

CVE-2023-21509 7.8 - High - May 04, 2023

Out-of-bounds Write vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code.

Memory Corruption

Out-of-bounds Read vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1

CVE-2023-21510 5.5 - Medium - May 04, 2023

Out-of-bounds Read vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory.

Out-of-bounds Read

Out-of-bounds Read vulnerability while processing CMD_COLDWALLET_BTC_SET_PRV_UTXO in bc_core trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1

CVE-2023-21511 5.5 - Medium - May 04, 2023

Out-of-bounds Read vulnerability while processing CMD_COLDWALLET_BTC_SET_PRV_UTXO in bc_core trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory.

Out-of-bounds Read

Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1

CVE-2023-21495 5.5 - Medium - May 04, 2023

Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set.

Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1

CVE-2023-21506 7.8 - High - May 04, 2023

Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code.

Memory Corruption

Out-of-bounds Read vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1

CVE-2023-21507 5.5 - Medium - May 04, 2023

Out-of-bounds Read vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory.

Out-of-bounds Read

Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1

CVE-2023-21484 7.8 - High - May 04, 2023

Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation.

authentification

Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1

CVE-2023-21485 4.6 - Medium - May 04, 2023

Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.

Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1

CVE-2023-21486 4.6 - Medium - May 04, 2023

Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.

Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1

CVE-2023-21487 3.3 - Low - May 04, 2023

Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting.

authentification

Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1

CVE-2023-21488 7.8 - High - May 04, 2023

Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips.

Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1

CVE-2023-21489 6.8 - Medium - May 04, 2023

Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code.

Memory Corruption

Improper access control in GearManagerStub prior to SMR May-2023 Release 1

CVE-2023-21490 7.1 - High - May 04, 2023

Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager.

Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1

CVE-2023-21491 7.8 - High - May 04, 2023

Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege.

Kernel pointers are printed in the log file prior to SMR May-2023 Release 1

CVE-2023-21492 4.4 - Medium - May 04, 2023

Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.

Insertion of Sensitive Information into Log File

Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1

CVE-2023-21493 5.5 - Medium - May 04, 2023

Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data.

Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1

CVE-2023-21501 7.8 - High - May 04, 2023

Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.

Improper Input Validation

Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1

CVE-2023-21502 7.8 - High - May 04, 2023

Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands.

Improper Input Validation

Improper access control in Samsung Core Service prior to version 2.1.00.36

CVE-2023-21505 8.6 - High - May 04, 2023

Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox.

Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1

CVE-2023-21449 5.5 - Medium - March 16, 2023

Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission.

Improper input validation vulnerability in SoftSim TA prior to SMR Mar-2023 Release 1

CVE-2023-21453 5.5 - Medium - March 16, 2023

Improper input validation vulnerability in SoftSim TA prior to SMR Mar-2023 Release 1 allows local attackers access to protected data.

Improper Input Validation

Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1

CVE-2023-21457 8.1 - High - March 16, 2023

Improper access control vulnerability in Bluetooth prior to SMR Mar-2023 Release 1 allows attackers to send file via Bluetooth without related permission.

Improper privilege management vulnerability in PhoneStatusBarPolicy in System UI prior to SMR Mar-2023 Release 1

CVE-2023-21458 3.3 - Low - March 16, 2023

Improper privilege management vulnerability in PhoneStatusBarPolicy in System UI prior to SMR Mar-2023 Release 1 allows attacker to turn off Do not disturb via unprotected intent.

Improper Privilege Management

Improper authentication in SecSettings prior to SMR Mar-2023 Release 1

CVE-2023-21460 4.4 - Medium - March 16, 2023

Improper authentication in SecSettings prior to SMR Mar-2023 Release 1 allows attacker to reset the setting.

authentification

Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1

CVE-2023-21461 5.5 - Medium - March 16, 2023

Improper authorization vulnerability in AutoPowerOnOffConfirmDialog in Settings prior to SMR Mar-2023 Release 1 allows local attacker to turn device off via unprotected activity.

Improper access control vulnerability in BixbyTouch prior to version 3.2.02.5 in China models

CVE-2023-21465 5.5 - Medium - March 16, 2023

Improper access control vulnerability in BixbyTouch prior to version 3.2.02.5 in China models allows untrusted applications access local files.

Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1

CVE-2023-21452 3.3 - Low - March 16, 2023

Improper usage of implicit intent in Bluetooth prior to SMR Mar-2023 Release 1 allows attacker to get MAC address of connected device.

Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1

CVE-2023-21454 2.4 - Low - March 16, 2023

Improper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows physical attacker to access users text history on the lockscreen.

Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar-2023 Release 1

CVE-2023-21456 5.5 - Medium - March 16, 2023

Path traversal vulnerability in Galaxy Themes Service prior to SMR Mar-2023 Release 1 allows attacker to access arbitrary file with system uid.

Directory traversal

Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1

CVE-2023-21429 3.3 - Low - February 09, 2023

Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID.

An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR JAN-2023 Release 1

CVE-2023-21430 7.8 - High - February 09, 2023

An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR JAN-2023 Release 1 allows attacker to cause memory access fault.

Out-of-bounds Read

Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1

CVE-2023-21435 5.5 - Medium - February 09, 2023

Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log.

Insertion of Sensitive Information into Log File

Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1

CVE-2023-21436 3.3 - Low - February 09, 2023

Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID.

Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1

CVE-2023-21437 5.5 - Medium - February 09, 2023

Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast.

authentification

Improper logic in HomeScreen prior to SMR Feb-2023 Release 1

CVE-2023-21438 2.4 - Low - February 09, 2023

Improper logic in HomeScreen prior to SMR Feb-2023 Release 1 allows physical attacker to access App preview protected by Secure Folder.

Exposure of Resource to Wrong Sphere

Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1

CVE-2023-21439 7.8 - High - February 09, 2023

Improper input validation vulnerability in UwbDataTxStatusEvent prior to SMR Feb-2023 Release 1 allows attackers to launch certain activities.

Improper Input Validation

Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1

CVE-2023-21440 5.5 - Medium - February 09, 2023

Improper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture.

Inclusion of Functionality from Untrusted Control Sphere

Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12)

CVE-2023-21441 5.5 - Medium - February 09, 2023

Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12) allows local attacker to access protected files via unused code.

Insufficient Verification of Data Authenticity

Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1

CVE-2023-21421 7.8 - High - February 09, 2023

Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.

Improper Privilege Management

Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1

CVE-2023-21422 5.5 - Medium - February 09, 2023

Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService.

AuthZ

Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1

CVE-2023-21423 5.5 - Medium - February 09, 2023

Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action.

AuthZ

Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1

CVE-2023-21424 3.3 - Low - February 09, 2023

Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand.

AuthZ

Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1

CVE-2023-21425 5.5 - Medium - February 09, 2023

Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information.

authentification

Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1

CVE-2023-21426 5.5 - Medium - February 09, 2023

Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN.

Use of Hard-coded Credentials

Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1

CVE-2023-21427 6.5 - Medium - February 09, 2023

Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition.

Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call

CVE-2023-21428 3.3 - Low - February 09, 2023

Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call. The patch removes unused code.

Improper Input Validation

Improper access control vulnerabilities in Smart Things prior to 1.7.93

CVE-2023-21432 7.8 - High - February 09, 2023

Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner.

Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12)

CVE-2023-21442 5.5 - Medium - February 09, 2023

Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) allows local attackers to get device location information.

Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1

CVE-2023-21420 7.8 - High - February 09, 2023

Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution.

Use of Externally-Controlled Format String

Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13)

CVE-2023-21445 7.8 - High - February 09, 2023

Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13) allows local attacker to write file with MyFiles privilege via implicit intent.

Exposure of Resource to Wrong Sphere

Improper input validation in MyFiles prior to version 12.2.09 in Android R(11), 13.1.03.501 in Android S( 12) and 14.1.00.422 in Android T(13)

CVE-2023-21446 5.5 - Medium - February 09, 2023

Improper input validation in MyFiles prior to version 12.2.09 in Android R(11), 13.1.03.501 in Android S( 12) and 14.1.00.422 in Android T(13) allows local attacker to access data of MyFiles.

Improper Input Validation

A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12)

CVE-2023-21451 7.8 - High - February 09, 2023

A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allows attacker to cause memory corruptions.

Memory Corruption

Improper input validation in Bixby Vision prior to version 3.7.70.17

CVE-2023-21431 3.3 - Low - February 09, 2023

Improper input validation in Bixby Vision prior to version 3.7.70.17 allows attacker to access data of Bixby Vision.

Improper Input Validation

Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8

CVE-2023-21433 7.8 - High - February 09, 2023

Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store.

Incorrect Default Permissions

Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04

CVE-2023-21443 8.8 - High - February 09, 2023

Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands.

Inadequate Encryption Strength

Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0

CVE-2023-21444 8.8 - High - February 09, 2023

Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands.

Inadequate Encryption Strength

Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32

CVE-2023-21447 3.3 - Low - February 09, 2023

Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud's privilege via implicit intent.

Exposure of Resource to Wrong Sphere

Path traversal vulnerability in Samsung Cloud prior to version 5.3.0.32

CVE-2023-21448 3.3 - Low - February 09, 2023

Path traversal vulnerability in Samsung Cloud prior to version 5.3.0.32 allows attacker to access specific png file.

Directory traversal

Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21

CVE-2023-21450 2.1 - Low - February 09, 2023

Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner's widget without authorization via gesture setting.

AuthZ

Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8

CVE-2023-21434 6.1 - Medium - February 09, 2023

Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page.

XSS

Insufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager prior to version 2.1.221019.51

CVE-2022-39909 5.5 - Medium - December 08, 2022

Insufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager prior to version 2.1.221019.51 allows local attackers to create arbitrary file using symbolic link.

Insufficient Verification of Data Authenticity

Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7

CVE-2022-39910 4.2 - Medium - December 08, 2022

Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view.

Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version 4.0.06.1

CVE-2022-39911 6.8 - Medium - December 08, 2022

Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version 4.0.06.1 allows attacker to access Samsung Pass.

Improper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.2.12.22101351

CVE-2022-39889 3.3 - Low - November 09, 2022

Improper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.2.12.22101351 allows attackers to access wearable device information.

Improper Authorization in Samsung Billing prior to version 5.0.56.0

CVE-2022-39890 7.5 - High - November 09, 2022

Improper Authorization in Samsung Billing prior to version 5.0.56.0 allows attacker to get sensitive information.

Heap overflow vulnerability in parse_pce function in libsavsaudio.so in Editor Lite prior to version 4.0.41.3

CVE-2022-39891 7.5 - High - November 09, 2022

Heap overflow vulnerability in parse_pce function in libsavsaudio.so in Editor Lite prior to version 4.0.41.3 allows attacker to get information.

Memory Corruption

Improper access control in Samsung Pass prior to version 4.0.05.1

CVE-2022-39892 9.8 - Critical - November 09, 2022

Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature.

Sensitive information exposure vulnerability in FmmBaseModel in Galaxy Buds Pro Manage prior to version 4.1.22092751

CVE-2022-39893 3.3 - Low - November 09, 2022

Sensitive information exposure vulnerability in FmmBaseModel in Galaxy Buds Pro Manage prior to version 4.1.22092751 allows local attackers with log access permission to get device identifier data through device log.

Insertion of Sensitive Information into Log File

Improper access control vulnerability in QuickShare prior to version 13.2.3.5

CVE-2022-39860 3.5 - Low - October 07, 2022

Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast.

Exposure of Resource to Wrong Sphere

Implicit intent hijacking vulnerability in UPHelper library prior to version 3.0.12

CVE-2022-39859 3.3 - Low - October 07, 2022

Implicit intent hijacking vulnerability in UPHelper library prior to version 3.0.12 allows attackers to access sensitive information via implicit intent.

Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51

CVE-2022-39858 7.8 - High - October 07, 2022

Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to write arbitrary file as FactoryCamera privilege.

Directory traversal

Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51

CVE-2022-39857 5.5 - Medium - October 07, 2022

Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege.

Exposure of Resource to Wrong Sphere

Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14

CVE-2022-39873 4.6 - Medium - October 07, 2022

Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication.

AuthZ

Improper access control vulnerability in Samsung Checkout prior to version 5.0.55.3

CVE-2022-39878 5.5 - Medium - October 07, 2022

Improper access control vulnerability in Samsung Checkout prior to version 5.0.55.3 allows attackers to access sensitive information via implicit intent broadcast.

Insertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13

CVE-2022-39876 3.3 - Low - October 07, 2022

Insertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13 allows attacker to access device IMEI.

Insertion of Sensitive Information into Log File

Improper component protection vulnerability in Samsung Account prior to version 13.5.0

CVE-2022-39875 4.4 - Medium - October 07, 2022

Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.

Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0

CVE-2022-39874 5.5 - Medium - October 07, 2022

Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.

Insertion of Sensitive Information into Log File

Improper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC address of the connected Bluetooth device.

CVE-2022-39872 3.3 - Low - October 07, 2022

Improper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC address of the connected Bluetooth device.

Improper Handling of Exceptional Conditions

Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0

CVE-2022-39871 7.5 - High - October 07, 2022

Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts.

Exposure of Resource to Wrong Sphere

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0

CVE-2022-39869 7.5 - High - October 07, 2022

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast.

Exposure of Resource to Wrong Sphere

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0

CVE-2022-39870 7.5 - High - October 07, 2022

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast.

Exposure of Resource to Wrong Sphere

Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51

CVE-2022-39861 3.3 - Low - October 07, 2022

Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege.

AuthZ

Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3

CVE-2022-39863 4.7 - Medium - October 07, 2022

Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission.

Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25

CVE-2022-39864 7.5 - High - October 07, 2022

Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent.

Exposure of Resource to Wrong Sphere

Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0

CVE-2022-39866 7.5 - High - October 07, 2022

Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.

Exposure of Resource to Wrong Sphere

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0

CVE-2022-39867 7.5 - High - October 07, 2022

Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast.

Exposure of Resource to Wrong Sphere

Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0

CVE-2022-39868 7.5 - High - October 07, 2022

Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.

Exposure of Resource to Wrong Sphere

Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0

CVE-2022-39865 7.5 - High - October 07, 2022

Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.

Exposure of Resource to Wrong Sphere

An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE)

CVE-2022-40279 7.5 - High - September 29, 2022

An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dispatch, leading to a denial of service (malfunction).

Unchecked Return Value

An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE)

CVE-2022-40278 7.5 - High - September 29, 2022

An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_free after sqlite3_exec, leading to a denial of service.

Dangling pointer

The function tee_obj_free in Samsung mTower through 0.3.0

CVE-2022-40761 7.5 - High - September 16, 2022

The function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_AllocateOperation with a disturbed heap layout, related to utee_cryp_obj_alloc.

Improper Input Validation

A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mTower through 0.3.0

CVE-2022-40760 7.5 - High - September 16, 2022

A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACUpdate with an excessive size value of chunkSize.

Buffer Overflow

A Buffer Access with Incorrect Length Value vulnerablity in the TEE_CipherUpdate function in Samsung mTower through 0.3.0

CVE-2022-40758 7.5 - High - September 16, 2022

A Buffer Access with Incorrect Length Value vulnerablity in the TEE_CipherUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_CipherUpdate with an excessive size value of srcLen.

Buffer Overflow

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.