Samsung Samsung

Do you want an email whenever new security vulnerabilities are reported in any Samsung product?

Products by Samsung Sorted by Most Security Vulnerabilities since 2018

Samsung Android169 vulnerabilities

Samsung Galaxy Store21 vulnerabilities

Samsung Internet19 vulnerabilities

Samsung Account18 vulnerabilities

Samsung Notes13 vulnerabilities

Samsung Smartthings13 vulnerabilities

Samsung Mtower13 vulnerabilities

Samsung Pass9 vulnerabilities

Samsung Health8 vulnerabilities

Samsung Mobile7 vulnerabilities

Samsung Syncthru Web Service7 vulnerabilities

Samsung Cloud6 vulnerabilities

Samsung Blockchain Keystore6 vulnerabilities

Samsung Galaxy Watch Plugin6 vulnerabilities

Samsung Pass5 vulnerabilities

Samsung Smart Switch Pc5 vulnerabilities

Samsung Tizenrt5 vulnerabilities

Samsung Email5 vulnerabilities

Samsung Find My Mobile5 vulnerabilities

Samsung Email5 vulnerabilities

Samsung Wear Os5 vulnerabilities

Samsung Flow4 vulnerabilities

Samsung Galaxy Apps4 vulnerabilities

Samsung Gallery4 vulnerabilities

Samsung Quick Share3 vulnerabilities

Samsung Pay Mini3 vulnerabilities

Samsung Bixby Voice3 vulnerabilities

Samsung Pay Kr3 vulnerabilities

Samsung Exynos3 vulnerabilities

Samsung Factorycamera3 vulnerabilities

Samsung Pay3 vulnerabilities

Samsung Harman Infotainment3 vulnerabilities

Samsung Kies3 vulnerabilities

Samsung Members3 vulnerabilities

Samsung Bixby Vision2 vulnerabilities

Samsung Watch Active Plugin2 vulnerabilities

Samsung Charm2 vulnerabilities

Samsung Checkout2 vulnerabilities

Samsung Update2 vulnerabilities

Samsung Push Service2 vulnerabilities

Samsung Searchwidget2 vulnerabilities

Samsung Pay2 vulnerabilities

Samsung Watch Active2 Plugin2 vulnerabilities

Samsung Internet Browser2 vulnerabilities

Samsung Editor Lite2 vulnerabilities

Samsung Factorycamerafb2 vulnerabilities

Samsung Flow2 vulnerabilities

Samsung S Assistant2 vulnerabilities

Samsung Members2 vulnerabilities

Samsung Uphelper Library2 vulnerabilities

Samsung Smarttagplugin2 vulnerabilities

Samsung Billing1 vulnerability

Samsung Bixby1 vulnerability

Samsung Bixbytouch1 vulnerability

Samsung Blockchain Wallet1 vulnerability

Samsung Calendar1 vulnerability

Samsung Capture1 vulnerability

Samsung Clp 360 Ss062a1 vulnerability

Samsung Clp 365 Sw139a1 vulnerability

Samsung Clp 366 Ss068a1 vulnerability

Samsung Clp 366 Sv600a1 vulnerability

Samsung Clp 368 Sv601a1 vulnerability

Samsung Clp 560 Sv611a1 vulnerability

Samsung Clp 560 Sv612a1 vulnerability

Samsung Clp 680 Ss075a1 vulnerability

Samsung Clp 680 Ss076a1 vulnerability

Samsung Clx 3305 Ss096a1 vulnerability

Samsung Clx 6260 Ss107a1 vulnerability

Samsung Clx 6260 Ss108a1 vulnerability

Samsung Clx 6260 Sw177a1 vulnerability

Samsung Contacts1 vulnerability

Samsung Dex1 vulnerability

Samsung Dialer1 vulnerability

Samsung Display Solutions1 vulnerability

Samsung Easysetup1 vulnerability

Samsung Escargot1 vulnerability

Samsung Exynos 88951 vulnerability

Samsung Exynos Smp13001 vulnerability

Samsung Link Sharing1 vulnerability

Samsung Lpddr41 vulnerability

Samsung Ml 3750 Ss138a1 vulnerability

Samsung Ml 4510 Ss141a1 vulnerability

Samsung Ml 4512 Ss142a1 vulnerability

Samsung Ml 5010 Ss145a1 vulnerability

Samsung Ml 5012 Ss146a1 vulnerability

Samsung Ml 5015 Ss147a1 vulnerability

Samsung Ml 5510 Ss150a1 vulnerability

Samsung Ml 5510 Ss151a1 vulnerability

Samsung Ml 5510 Ss152a1 vulnerability

Samsung Ml 5510 Sv897a1 vulnerability

Samsung Ml 5510 Sv898a1 vulnerability

Known Exploited Samsung Vulnerabilities

The following Samsung vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Samsung Mobile Devices Use-After-Free Vulnerability Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution. CVE-2022-22265 September 18, 2023
Samsung Mobile Devices Out-of-Bounds Read Vulnerability Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to remote code execution by dereference of an invalid function pointer. CVE-2021-25487 June 29, 2023
Samsung Mobile Devices Improper Input Validation Vulnerability Samsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kernel panic. CVE-2021-25489 June 29, 2023
Samsung Mobile Devices Race Condition Vulnerability Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised. CVE-2021-25394 June 29, 2023
Samsung Mobile Devices Race Condition Vulnerability Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised. CVE-2021-25395 June 29, 2023
Samsung Mobile Devices Unspecified Vulnerability Samsung mobile devices contain an unspecified vulnerability within DSP driver that allows attackers to load ELF libraries inside DSP. CVE-2021-25371 June 29, 2023
Samsung Mobile Devices Improper Boundary Check Vulnerability Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access. CVE-2021-25372 June 29, 2023
Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass. CVE-2023-21492 May 19, 2023
Samsung Mobile Devices Improper Access Control Vulnerability Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370. CVE-2021-25337 November 8, 2022
Samsung Mobile Devices Improper Access Control Vulnerability Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370. CVE-2021-25369 November 8, 2022
Samsung Mobile Devices Memory Corruption Vulnerability Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369. CVE-2021-25370 November 8, 2022

By the Year

In 2024 there have been 26 vulnerabilities in Samsung with an average score of 5.8 out of ten. Last year Samsung had 226 security vulnerabilities published. Right now, Samsung is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 0.53

Year Vulnerabilities Average Score
2024 26 5.80
2023 226 6.32
2022 145 5.66
2021 64 5.72
2020 7 9.26
2019 6 6.72
2018 19 7.39

It may take a day or so for new Samsung vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Samsung Security Vulnerabilities

Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1

CVE-2024-20813 7.8 - High - February 06, 2024

Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.

Memory Corruption

Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1

CVE-2024-20814 5.5 - Medium - February 06, 2024

Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows attacker access unauthorized information.

Out-of-bounds Read

Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1

CVE-2024-20815 6.5 - Medium - February 06, 2024

Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.

authentification

Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1

CVE-2024-20816 6.5 - Medium - February 06, 2024

Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.

authentification

Out out bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1

CVE-2024-20817 7.8 - High - February 06, 2024

Out out bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.

Memory Corruption

Out out bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1

CVE-2024-20818 7.8 - High - February 06, 2024

Out out bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.

Memory Corruption

Out out bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1

CVE-2024-20819 7.8 - High - February 06, 2024

Out out bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.

Memory Corruption

Improper input validation in bootloader prior to SMR Feb-2024 Release 1

CVE-2024-20820 7.1 - High - February 06, 2024

Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows attacker to cause an Out-Of-Bounds read.

Out-of-bounds Read

Implicit intent hijacking vulnerability in UPHelper library prior to version 4.0.0

CVE-2024-20826 5.5 - Medium - February 06, 2024

Implicit intent hijacking vulnerability in UPHelper library prior to version 4.0.0 allows local attackers to access sensitive information via implicit intent.

Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4

CVE-2024-20827 4.6 - Medium - February 06, 2024

Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen.

Improper authorization verification vulnerability in Samsung Internet prior to version 24.0

CVE-2024-20828 4.6 - Medium - February 06, 2024

Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication.

AuthZ

Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1

CVE-2024-20810 3.3 - Low - February 06, 2024

Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows attackers to get sensitive information.

Clickjacking

Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1

CVE-2024-20811 3.3 - Low - February 06, 2024

Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer.

Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1

CVE-2024-20812 7.8 - High - February 06, 2024

Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.

Memory Corruption

Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6

CVE-2024-20822 5.5 - Medium - February 06, 2024

Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6

CVE-2024-20823 5.5 - Medium - February 06, 2024

Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6

CVE-2024-20824 5.5 - Medium - February 06, 2024

Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6

CVE-2024-20825 5.5 - Medium - February 06, 2024

Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1

CVE-2024-20802 5.5 - Medium - January 04, 2024

Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users' notification in a multi-user environment.

Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1

CVE-2024-20803 6.5 - Medium - January 04, 2024

Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction.

authentification

Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13

CVE-2024-20804 5.5 - Medium - January 04, 2024

Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows attackers to write arbitrary file.

Directory traversal

Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13

CVE-2024-20805 5.5 - Medium - January 04, 2024

Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows attackers to write arbitrary file.

Directory traversal

Improper access control in Notification service prior to SMR Jan-2024 Release 1

CVE-2024-20806 5.5 - Medium - January 04, 2024

Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data.

Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16

CVE-2024-20807 3.3 - Low - January 04, 2024

Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows attacker to get sensitive information.

Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7

CVE-2024-20808 5.5 - Medium - January 04, 2024

Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.

Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7

CVE-2024-20809 5.5 - Medium - January 04, 2024

Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.

Improper input validation vulnerability in Samsung Open Source Escargot allows stack overflow and segmentation fault

CVE-2023-41268 9.8 - Critical - December 06, 2023

Improper input validation vulnerability in Samsung Open Source Escargot allows stack overflow and segmentation fault. This issue affects Escargot: from 3.0.0 through 4.0.0.

Memory Corruption

Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4

CVE-2023-42580 9.8 - Critical - December 05, 2023

Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store.

Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4

CVE-2023-42581 7.5 - High - December 05, 2023

Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data.

PendingIntent hijacking vulnerability in Search Widget prior to version 3.4 in China models

CVE-2023-42573 5.5 - Medium - December 05, 2023

PendingIntent hijacking vulnerability in Search Widget prior to version 3.4 in China models allows local attackers to access data.

Improper access control vulnerablility in GameHomeCN prior to version 4.2.60.2

CVE-2023-42574 7.8 - High - December 05, 2023

Improper access control vulnerablility in GameHomeCN prior to version 4.2.60.2 allows local attackers to launch arbitrary activity in GameHomeCN.

Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17

CVE-2023-42575 6.8 - Medium - December 05, 2023

Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting.

AuthZ

Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17

CVE-2023-42576 6.8 - Medium - December 05, 2023

Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid exception handler.

authentification

Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.7

CVE-2023-42578 7.5 - High - December 05, 2023

Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.7 allows remote attackers to access location information without permission.

Improper Handling of Exceptional Conditions

Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1

CVE-2023-42569 3.3 - Low - December 05, 2023

Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji.

AuthZ

Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1

CVE-2023-42570 3.3 - Low - December 05, 2023

Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN.

Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4

CVE-2023-42571 6.8 - Medium - December 05, 2023

Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 allows physical attacker to unlock the device remotely by resetting the Samsung Account password with SMS verification when user lost the device.

Implicit intent hijacking vulnerability in Samsung Account Web SDK prior to version 1.5.24

CVE-2023-42572 5.5 - Medium - December 05, 2023

Implicit intent hijacking vulnerability in Samsung Account Web SDK prior to version 1.5.24 allows attacker to get sensitive information.

Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1

CVE-2023-42556 5.5 - Medium - December 05, 2023

Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1 allows attacker to get sensitive information.

Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1

CVE-2023-42557 6.7 - Medium - December 05, 2023

Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system attackers to execute arbitrary code.

Memory Corruption

Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1

CVE-2023-42558 7.8 - High - December 05, 2023

Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1 allows attacker to perform code execution.

Memory Corruption

Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1

CVE-2023-42559 5.2 - Medium - December 05, 2023

Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time.

Improper Handling of Exceptional Conditions

Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1

CVE-2023-42560 7.8 - High - December 05, 2023

Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary code.

Memory Corruption

Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1

CVE-2023-42561 6.8 - Medium - December 05, 2023

Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code.

Memory Corruption

Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1

CVE-2023-42562 7.8 - High - December 05, 2023

Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.

Integer Overflow or Wraparound

Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1

CVE-2023-42563 7.8 - High - December 05, 2023

Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.

Integer Overflow or Wraparound

Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1

CVE-2023-42564 5.5 - Medium - December 05, 2023

Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to send broadcast with system privilege.

Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1

CVE-2023-42565 6.7 - Medium - December 05, 2023

Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary code.

Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1

CVE-2023-42566 7.8 - High - December 05, 2023

Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code.

Memory Corruption

Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1

CVE-2023-42567 7.8 - High - December 05, 2023

Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1 allows stack-based buffer overflow.

Memory Corruption

Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1

CVE-2023-42568 4.4 - Medium - December 05, 2023

Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system privilege.

Improper access control vulnerability in SecSettings prior to SMR Nov-2023 Release 1

CVE-2023-42530 7.5 - High - November 07, 2023

Improper access control vulnerability in SecSettings prior to SMR Nov-2023 Release 1 allows attackers to enable Wi-Fi and Wi-Fi Direct without User Interaction.

Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7

CVE-2023-42551 6.5 - Medium - November 07, 2023

Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.

Exposure of Resource to Wrong Sphere

Use of implicit intent for sensitive communication vulnerability in startSignIn in Samsung Account prior to version 14.5.00.7

CVE-2023-42550 6.5 - Medium - November 07, 2023

Use of implicit intent for sensitive communication vulnerability in startSignIn in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.

Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior to version 14.5.00.7

CVE-2023-42549 6.5 - Medium - November 07, 2023

Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.

Exposure of Resource to Wrong Sphere

Use of implicit intent for sensitive communication vulnerability in startMandatoryCheckActivity in Samsung Account prior to version 14.5.00.7

CVE-2023-42548 6.5 - Medium - November 07, 2023

Use of implicit intent for sensitive communication vulnerability in startMandatoryCheckActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.

Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prior to version 14.5.00.7

CVE-2023-42547 6.5 - Medium - November 07, 2023

Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.

Exposure of Resource to Wrong Sphere

Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7

CVE-2023-42546 6.5 - Medium - November 07, 2023

Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.

Exposure of Resource to Wrong Sphere

An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1

CVE-2023-42538 9.8 - Critical - November 07, 2023

An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows attacker to cause out-of-bounds read and write.

Out-of-bounds Read

An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1

CVE-2023-42537 9.8 - Critical - November 07, 2023

An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows attacker to cause out-of-bounds read and write.

Out-of-bounds Read

An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1

CVE-2023-42536 9.8 - Critical - November 07, 2023

An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1 allows attacker to cause out-of-bounds read and write.

Out-of-bounds Read

Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Release 1

CVE-2023-42535 7.8 - High - November 07, 2023

Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.

Memory Corruption

Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1

CVE-2023-42534 5.5 - Medium - November 07, 2023

Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege.

Files or Directories Accessible to External Parties

Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1

CVE-2023-42533 6.8 - Medium - November 07, 2023

Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel.

Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1

CVE-2023-42532 7.5 - High - November 07, 2023

Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information.

Improper Certificate Validation

Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1

CVE-2023-42531 9.8 - Critical - November 07, 2023

Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows attacker to bypass restrictions on starting activities from the background.

authentification

Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1

CVE-2023-42529 7.8 - High - November 07, 2023

Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to execute arbitrary code.

Memory Corruption

Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1

CVE-2023-42528 7.8 - High - November 07, 2023

Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.

Memory Corruption

Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1

CVE-2023-42527 5.5 - Medium - November 07, 2023

Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information.

Improper Input Validation

Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1

CVE-2023-30739 7.8 - High - November 07, 2023

Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.

Improper access control vulnerability in Samsung Push Service prior to 3.4.10

CVE-2023-42542 3.3 - Low - November 07, 2023

Improper access control vulnerability in Samsung Push Service prior to 3.4.10 allows local attackers to get register ID to identify the device.

Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10

CVE-2023-42541 5.3 - Medium - November 07, 2023

Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10 allows attacker to access unique id.

AuthZ

Improper access control vulnerability in Samsung Account prior to version 14.5.01.1

CVE-2023-42540 5.5 - Medium - November 07, 2023

Improper access control vulnerability in Samsung Account prior to version 14.5.01.1 allows attackers to access sensitive information via implicit intent.

PendingIntent hijacking vulnerability in ChallengeNotificationManager in Samsung Health prior to version 6.25

CVE-2023-42539 5.5 - Medium - November 07, 2023

PendingIntent hijacking vulnerability in ChallengeNotificationManager in Samsung Health prior to version 6.25 allows local attackers to access data.

Improper verification of intent by broadcast receiver vulnerability in Bixby Voice prior to version 3.3.35.12

CVE-2023-42543 7.5 - High - November 07, 2023

Improper verification of intent by broadcast receiver vulnerability in Bixby Voice prior to version 3.3.35.12 allows attackers to access arbitrary data with Bixby Voice privilege.

Use of implicit intent for sensitive communication vulnerability in EasySetup prior to version 11.1.13

CVE-2023-42555 5.5 - Medium - November 07, 2023

Use of implicit intent for sensitive communication vulnerability in EasySetup prior to version 11.1.13 allows attackers to get the bluetooth address of user device.

Improper Authentication vulnerabiity in Samsung Pass prior to version 4.3.00.17

CVE-2023-42554 6.8 - Medium - November 07, 2023

Improper Authentication vulnerabiity in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication.

authentification

Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4

CVE-2023-42553 5.3 - Medium - November 07, 2023

Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email.

Improper access control vulnerability in Quick Share prior to 13.5.52.0

CVE-2023-42544 5.5 - Medium - November 07, 2023

Improper access control vulnerability in Quick Share prior to 13.5.52.0 allows local attacker to access local files.

Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application

CVE-2023-30731 4.6 - Medium - October 04, 2023

Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type.

Improper access control vulnerability in Samsung Health prior to version 6.24.3.007

CVE-2023-30737 5.5 - Medium - October 04, 2023

Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent.

Improper Preservation of Permissions vulnerability in SAssistant prior to version 8.7

CVE-2023-30735 3.3 - Low - October 04, 2023

Improper Preservation of Permissions vulnerability in SAssistant prior to version 8.7 allows local attackers to access backup data in SAssistant.

Improper Preservation of Permissions

Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface

CVE-2023-30736 5.4 - Medium - October 04, 2023

Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface. To trigger this vulnerability, user interaction is required.

Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1

CVE-2023-30733 9.8 - Critical - October 04, 2023

Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows attacker to perform code execution.

Memory Corruption

Improper access control in system property prior to SMR Oct-2023 Release 1

CVE-2023-30732 3.3 - Low - October 04, 2023

Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number.

Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1

CVE-2023-30727 7.5 - High - October 04, 2023

Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction.

Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1

CVE-2023-30692 7.8 - High - October 04, 2023

Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.

Improper access control vulnerability in Samsung Health prior to version 6.24.3.007

CVE-2023-30734 5.5 - Medium - October 04, 2023

Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent.

Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1

CVE-2023-30690 7.8 - High - October 04, 2023

Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.

Improper Input Validation

A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could

CVE-2023-41929 7.3 - High - September 18, 2023

A DLL hijacking vulnerability in Samsung Memory Card & UFD Authentication Utility PC Software before 1.0.1 could allow a local attacker to escalate privileges. (An attacker must already have user privileges on Windows to exploit this vulnerability.)

DLL preloading

Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1

CVE-2023-30717 3.3 - Low - September 06, 2023

Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers.

Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1

CVE-2023-30712 7.8 - High - September 06, 2023

Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity.

Improper Input Validation

Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1

CVE-2023-30719 3.3 - Low - September 06, 2023

Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data.

PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1

CVE-2023-30720 5.5 - Medium - September 06, 2023

PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access.

Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1

CVE-2023-30721 4.4 - Medium - September 06, 2023

Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log.

Insertion of Sensitive Information into Log File

Improper input validation vulnerability in Samsung Health prior to version 6.24.2.011

CVE-2023-30723 9.8 - Critical - September 06, 2023

Improper input validation vulnerability in Samsung Health prior to version 6.24.2.011 allows attackers to write arbitrary file with Samsung Health privilege.

Intent redirection vulnerability in PackageInstallerCHN prior to version 13.1.03.00 allows local attacker to access arbitrary file

CVE-2023-30728 5.5 - Medium - September 06, 2023

Intent redirection vulnerability in PackageInstallerCHN prior to version 13.1.03.00 allows local attacker to access arbitrary file. This vulnerability requires user interaction.

Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5

CVE-2023-30722 7.8 - High - September 06, 2023

Protection Mechanism Failure in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.13.5 allows local attacker to execute arbitrary code.

Improper Certificate Validation in Samsung Email prior to version 6.1.82.0

CVE-2023-30729 7.5 - High - September 06, 2023

Improper Certificate Validation in Samsung Email prior to version 6.1.82.0 allows remote attacker to intercept the network traffic including sensitive information.

Improper Certificate Validation

Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2

CVE-2023-30724 3.3 - Low - September 06, 2023

Improper authentication in GallerySearchProvider of Gallery prior to version 14.5.01.2 allows attacker to access search history.

authentification

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.