Samsung
Products by Samsung Sorted by Most Security Vulnerabilities since 2018
Known Exploited Samsung Vulnerabilities
The following Samsung vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| Samsung Mobile Devices Use-After-Free Vulnerability | Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution. CVE-2022-22265 | September 18, 2023 |
| Samsung Mobile Devices Out-of-Bounds Read Vulnerability | Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to remote code execution by dereference of an invalid function pointer. CVE-2021-25487 | June 29, 2023 |
| Samsung Mobile Devices Improper Input Validation Vulnerability | Samsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kernel panic. CVE-2021-25489 | June 29, 2023 |
| Samsung Mobile Devices Race Condition Vulnerability | Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised. CVE-2021-25394 | June 29, 2023 |
| Samsung Mobile Devices Race Condition Vulnerability | Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised. CVE-2021-25395 | June 29, 2023 |
| Samsung Mobile Devices Unspecified Vulnerability | Samsung mobile devices contain an unspecified vulnerability within DSP driver that allows attackers to load ELF libraries inside DSP. CVE-2021-25371 | June 29, 2023 |
| Samsung Mobile Devices Improper Boundary Check Vulnerability | Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access. CVE-2021-25372 | June 29, 2023 |
| Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability | Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass. CVE-2023-21492 | May 19, 2023 |
| Samsung Mobile Devices Improper Access Control Vulnerability | Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370. CVE-2021-25337 | November 8, 2022 |
| Samsung Mobile Devices Improper Access Control Vulnerability | Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370. CVE-2021-25369 | November 8, 2022 |
| Samsung Mobile Devices Memory Corruption Vulnerability | Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369. CVE-2021-25370 | November 8, 2022 |
By the Year
In 2024 there have been 58 vulnerabilities in Samsung with an average score of 5.8 out of ten. Last year Samsung had 226 security vulnerabilities published. Right now, Samsung is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 0.46
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 58 | 5.82 |
| 2023 | 226 | 6.28 |
| 2022 | 145 | 5.66 |
| 2021 | 64 | 5.72 |
| 2020 | 7 | 9.26 |
| 2019 | 6 | 6.72 |
| 2018 | 19 | 7.39 |
It may take a day or so for new Samsung vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Samsung Security Vulnerabilities
Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1
CVE-2024-34602
5.5 - Medium
- July 08, 2024
Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability.
Improper access control in Samsung Message prior to SMR Jul-2024 Release 1
CVE-2024-34603
5.5 - Medium
- July 08, 2024
Improper access control in Samsung Message prior to SMR Jul-2024 Release 1 allows local attackers to access location data.
Use of implicit intent for sensitive communication in SoftphoneClient in IMS service prior to SMR Jul-2024 Release 1
CVE-2024-20898
5.5 - Medium
- July 02, 2024
Use of implicit intent for sensitive communication in SoftphoneClient in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
Use of implicit intent for sensitive communication in RCS function in IMS service prior to SMR Jul-2024 Release 1
CVE-2024-20899
5.5 - Medium
- July 02, 2024
Use of implicit intent for sensitive communication in RCS function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
Improper authentication in MTP application prior to SMR Jul-2024 Release 1
CVE-2024-20900
3.3 - Low
- July 02, 2024
Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to enter MTP mode without proper authentication.
authentification
Improper input validation in copying data to buffer cache in libsaped prior to SMR Jul-2024 Release 1
CVE-2024-20901
7.8 - High
- July 02, 2024
Improper input validation in copying data to buffer cache in libsaped prior to SMR Jul-2024 Release 1 allows local attackers to write out-of-bounds memory.
Memory Corruption
Improper access control in system property prior to SMR Jul-2024 Release 1
CVE-2024-34583
3.3 - Low
- July 02, 2024
Improper access control in system property prior to SMR Jul-2024 Release 1 allows local attackers to get device identifier.
Improper access control in launchApp of SystemUI prior to SMR Jul-2024 Release 1
CVE-2024-34585
7.8 - High
- July 02, 2024
Improper access control in launchApp of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.
Improper access control in KnoxCustomManagerService prior to SMR Jul-2024 Release 1
CVE-2024-34586
3.3 - Low
- July 02, 2024
Improper access control in KnoxCustomManagerService prior to SMR Jul-2024 Release 1 allows local attackers to configure Knox privacy policy.
Improper input validation in parsing application information from RTCP packet in librtp.so prior to SMR Jul-2024 Release 1
CVE-2024-34587
6.8 - Medium
- July 02, 2024
Improper input validation in parsing application information from RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
Improper input validation?in parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1
CVE-2024-34588
6.5 - Medium
- July 02, 2024
Improper input validation?in parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
Improper input validation in parsing RTCP RR packet in librtp.so prior to SMR Jul-2024 Release 1
CVE-2024-34589
6.5 - Medium
- July 02, 2024
Improper input validation in parsing RTCP RR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
Improper access control in OneUIHome prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities
CVE-2024-20888
7.8 - High
- July 02, 2024
Improper access control in OneUIHome prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.
Improper authentication in BLE prior to SMR Jul-2024 Release 1
CVE-2024-20889
4.3 - Medium
- July 02, 2024
Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair with devices.
authentification
Improper input validation in BLE prior to SMR Jul-2024 Release 1
CVE-2024-20890
8.8 - High
- July 02, 2024
Improper input validation in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to trigger abnormal behavior.
authentification
Improper access control in launchFullscreenIntent of SystemUI prior to SMR Jul-2024 Release 1
CVE-2024-20891
7.8 - High
- July 02, 2024
Improper access control in launchFullscreenIntent of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.
Improper verification of signature in FilterProvider prior to SMR Jul-2024 Release 1 allows local attackers to execute privileged behaviors
CVE-2024-20892
7.8 - High
- July 02, 2024
Improper verification of signature in FilterProvider prior to SMR Jul-2024 Release 1 allows local attackers to execute privileged behaviors. User interaction is required for triggering this vulnerability.
Improper Verification of Cryptographic Signature
Improper input validation in libmediaextractorservice.so prior to SMR Jul-2024 Release 1
CVE-2024-20893
7.8 - High
- July 02, 2024
Improper input validation in libmediaextractorservice.so prior to SMR Jul-2024 Release 1 allows local attackers to trigger memory corruption.
Memory Corruption
Improper handling of exceptional conditions in Secure Folder prior to SMR Jul-2024 Release 1
CVE-2024-20894
4.3 - Medium
- July 02, 2024
Improper handling of exceptional conditions in Secure Folder prior to SMR Jul-2024 Release 1 allows physical attackers to bypass authentication under certain condition. User interaction is required for triggering this vulnerability.
Improper Handling of Exceptional Conditions
Improper access control in Dar service prior to SMR Jul-2024 Release 1
CVE-2024-20895
5.5 - Medium
- July 02, 2024
Improper access control in Dar service prior to SMR Jul-2024 Release 1 allows local attackers to bypass restriction for calling SDP features.
Use of implicit intent for sensitive communication in Configuration message prior to SMR Jul-2024 Release 1
CVE-2024-20896
5.5 - Medium
- July 02, 2024
Use of implicit intent for sensitive communication in Configuration message prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
Use of implicit intent for sensitive communication in FCM function in IMS service prior to SMR Jul-2024 Release 1
CVE-2024-20897
5.5 - Medium
- July 02, 2024
Use of implicit intent for sensitive communication in FCM function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
Improper input validation in parsing RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1
CVE-2024-34592
4.3 - Medium
- July 02, 2024
Improper input validation in parsing RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
Improper input validation in parsing and distributing RTCP packet in librtp.so prior to SMR Jul-2024 Release 1
CVE-2024-34593
8.8 - High
- July 02, 2024
Improper input validation in parsing and distributing RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1
CVE-2024-34594
5.5 - Medium
- July 02, 2024
Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local attackers to read kernel memory address.
Improper access control in clickAdapterItem of SystemUI prior to SMR Jul-2024 Release 1
CVE-2024-34595
7.8 - High
- July 02, 2024
Improper access control in clickAdapterItem of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.
Improper authentication in SmartThings prior to version 1.8.17
CVE-2024-34596
7.5 - High
- July 02, 2024
Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner.
authentification
Improper input validation in Samsung Health prior to version 6.27.0.113
CVE-2024-34597
3.3 - Low
- July 02, 2024
Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to write arbitrary document files to the sandbox of Samsung Health. User interaction is required for triggering this vulnerability.
Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to version 4.9.13.0
CVE-2024-34600
3.3 - Low
- July 02, 2024
Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to version 4.9.13.0 allows local attackers to copy image files to external storage.
Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0
CVE-2024-34601
5.3 - Medium
- July 02, 2024
Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore.
Improper input validation?in parsing an item type from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1
CVE-2024-34590
4.3 - Medium
- July 02, 2024
Improper input validation?in parsing an item type from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
Improper input validation in parsing an item data from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1
CVE-2024-34591
4.3 - Medium
- July 02, 2024
Improper input validation in parsing an item data from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1
CVE-2024-20813
7.8 - High
- February 06, 2024
Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1
CVE-2024-20814
5.5 - Medium
- February 06, 2024
Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows local attackers access unauthorized information.
Out-of-bounds Read
Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1
CVE-2024-20815
6.5 - Medium
- February 06, 2024
Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.
authentification
Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1
CVE-2024-20816
6.5 - Medium
- February 06, 2024
Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.
authentification
Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1
CVE-2024-20817
7.8 - High
- February 06, 2024
Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.
Memory Corruption
Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1
CVE-2024-20818
7.8 - High
- February 06, 2024
Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.
Memory Corruption
Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1
CVE-2024-20819
7.8 - High
- February 06, 2024
Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer overflow.
Memory Corruption
Improper input validation in bootloader prior to SMR Feb-2024 Release 1
CVE-2024-20820
7.1 - High
- February 06, 2024
Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows local privileged attackers to cause an Out-Of-Bounds read.
Out-of-bounds Read
Implicit intent hijacking vulnerability in UPHelper library prior to version 4.0.0
CVE-2024-20826
5.5 - Medium
- February 06, 2024
Implicit intent hijacking vulnerability in UPHelper library prior to version 4.0.0 allows local attackers to access sensitive information via implicit intent.
Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4
CVE-2024-20827
4.6 - Medium
- February 06, 2024
Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen.
Improper authorization verification vulnerability in Samsung Internet prior to version 24.0
CVE-2024-20828
4.6 - Medium
- February 06, 2024
Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication.
AuthZ
Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1
CVE-2024-20810
3.3 - Low
- February 06, 2024
Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows local attackers to get sensitive information.
Clickjacking
Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1
CVE-2024-20811
3.3 - Low
- February 06, 2024
Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer.
Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1
CVE-2024-20812
7.8 - High
- February 06, 2024
Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6
CVE-2024-20822
5.5 - Medium
- February 06, 2024
Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6
CVE-2024-20823
5.5 - Medium
- February 06, 2024
Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6
CVE-2024-20824
5.5 - Medium
- February 06, 2024
Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6
CVE-2024-20825
5.5 - Medium
- February 06, 2024
Implicit intent hijacking vulnerability in IAP of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.
Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1
CVE-2024-20802
5.5 - Medium
- January 04, 2024
Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users' notification in a multi-user environment.
Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1
CVE-2024-20803
6.5 - Medium
- January 04, 2024
Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user interaction.
authentification
Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13
CVE-2024-20804
5.5 - Medium
- January 04, 2024
Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.
Directory traversal
Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13
CVE-2024-20805
5.5 - Medium
- January 04, 2024
Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary file.
Directory traversal
Improper access control in Notification service prior to SMR Jan-2024 Release 1
CVE-2024-20806
5.5 - Medium
- January 04, 2024
Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification data.
Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16
CVE-2024-20807
3.3 - Low
- January 04, 2024
Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows local attacker to get sensitive information.
Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7
CVE-2024-20808
5.5 - Medium
- January 04, 2024
Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.
Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7
CVE-2024-20809
5.5 - Medium
- January 04, 2024
Improper access control vulnerability in Nearby device scanning prior version 11.1.14.7 allows local attacker to access data.
Improper input validation vulnerability in Samsung Open Source Escargot allows stack overflow and segmentation fault
CVE-2023-41268
9.8 - Critical
- December 06, 2023
Improper input validation vulnerability in Samsung Open Source Escargot allows stack overflow and segmentation fault. This issue affects Escargot: from 3.0.0 through 4.0.0.
Memory Corruption
Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1
CVE-2023-42569
3.3 - Low
- December 05, 2023
Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji.
AuthZ
Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1
CVE-2023-42568
4.4 - Medium
- December 05, 2023
Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system privilege.
Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1
CVE-2023-42567
7.8 - High
- December 05, 2023
Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1 allows stack-based buffer overflow.
Memory Corruption
Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1
CVE-2023-42566
7.8 - High
- December 05, 2023
Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary code.
Memory Corruption
Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1
CVE-2023-42565
6.7 - Medium
- December 05, 2023
Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary code.
Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1
CVE-2023-42564
5.5 - Medium
- December 05, 2023
Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to send broadcast with system privilege.
Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1
CVE-2023-42563
7.8 - High
- December 05, 2023
Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.
Integer Overflow or Wraparound
Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1
CVE-2023-42562
7.8 - High
- December 05, 2023
Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap overflow.
Integer Overflow or Wraparound
Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1
CVE-2023-42561
6.8 - Medium
- December 05, 2023
Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary code.
Memory Corruption
Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1
CVE-2023-42560
7.8 - High
- December 05, 2023
Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary code.
Memory Corruption
Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1
CVE-2023-42559
5.2 - Medium
- December 05, 2023
Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system time.
Improper Handling of Exceptional Conditions
Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1
CVE-2023-42558
7.8 - High
- December 05, 2023
Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1 allows attacker to perform code execution.
Memory Corruption
Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1
CVE-2023-42557
6.7 - Medium
- December 05, 2023
Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system attackers to execute arbitrary code.
Memory Corruption
Implicit intent hijacking vulnerability in Samsung Account Web SDK prior to version 1.5.24
CVE-2023-42572
5.5 - Medium
- December 05, 2023
Implicit intent hijacking vulnerability in Samsung Account Web SDK prior to version 1.5.24 allows attacker to get sensitive information.
Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4
CVE-2023-42571
6.8 - Medium
- December 05, 2023
Abuse of remote unlock in Find My Mobile prior to version 7.3.13.4 allows physical attacker to unlock the device remotely by resetting the Samsung Account password with SMS verification when user lost the device.
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1
CVE-2023-42570
3.3 - Low
- December 05, 2023
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM PIN.
Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.7
CVE-2023-42578
7.5 - High
- December 05, 2023
Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.7 allows remote attackers to access location information without permission.
Improper Handling of Exceptional Conditions
Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17
CVE-2023-42576
6.8 - Medium
- December 05, 2023
Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid exception handler.
authentification
Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17
CVE-2023-42575
6.8 - Medium
- December 05, 2023
Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting.
AuthZ
Improper access control vulnerablility in GameHomeCN prior to version 4.2.60.2
CVE-2023-42574
7.8 - High
- December 05, 2023
Improper access control vulnerablility in GameHomeCN prior to version 4.2.60.2 allows local attackers to launch arbitrary activity in GameHomeCN.
PendingIntent hijacking vulnerability in Search Widget prior to version 3.4 in China models
CVE-2023-42573
5.5 - Medium
- December 05, 2023
PendingIntent hijacking vulnerability in Search Widget prior to version 3.4 in China models allows local attackers to access data.
Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4
CVE-2023-42581
7.5 - High
- December 05, 2023
Improper URL validation from InstantPlay deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to access data.
Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4
CVE-2023-42580
9.8 - Critical
- December 05, 2023
Improper URL validation from MCSLaunch deeplink in Galaxy Store prior to version 4.5.64.4 allows attackers to execute JavaScript API to install APK from Galaxy Store.
Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1
CVE-2023-42556
5.5 - Medium
- December 05, 2023
Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1 allows attacker to get sensitive information.
An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1
CVE-2023-42536
7.8 - High
- November 07, 2023
An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.
Out-of-bounds Read
Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7
CVE-2023-42551
6.5 - Medium
- November 07, 2023
Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
Exposure of Resource to Wrong Sphere
Use of implicit intent for sensitive communication vulnerability in startSignIn in Samsung Account prior to version 14.5.00.7
CVE-2023-42550
6.5 - Medium
- November 07, 2023
Use of implicit intent for sensitive communication vulnerability in startSignIn in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior to version 14.5.00.7
CVE-2023-42549
6.5 - Medium
- November 07, 2023
Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
Exposure of Resource to Wrong Sphere
Use of implicit intent for sensitive communication vulnerability in startMandatoryCheckActivity in Samsung Account prior to version 14.5.00.7
CVE-2023-42548
6.5 - Medium
- November 07, 2023
Use of implicit intent for sensitive communication vulnerability in startMandatoryCheckActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prior to version 14.5.00.7
CVE-2023-42547
6.5 - Medium
- November 07, 2023
Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
Exposure of Resource to Wrong Sphere
Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7
CVE-2023-42546
6.5 - Medium
- November 07, 2023
Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege.
Exposure of Resource to Wrong Sphere
An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1
CVE-2023-42538
7.8 - High
- November 07, 2023
An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.
Out-of-bounds Read
An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1
CVE-2023-42537
7.8 - High
- November 07, 2023
An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write.
Out-of-bounds Read
Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Release 1
CVE-2023-42535
7.8 - High
- November 07, 2023
Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1
CVE-2023-42534
5.5 - Medium
- November 07, 2023
Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege.
Files or Directories Accessible to External Parties
Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1
CVE-2023-42533
6.8 - Medium
- November 07, 2023
Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel.
Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1
CVE-2023-42532
7.5 - High
- November 07, 2023
Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information.
Improper Certificate Validation
Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1
CVE-2023-42531
7.1 - High
- November 07, 2023
Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows local attackers to bypass restrictions on starting activities from the background.
authentification
Improper verification of intent by broadcast receiver vulnerability in Bixby Voice prior to version 3.3.35.12
CVE-2023-42543
7.5 - High
- November 07, 2023
Improper verification of intent by broadcast receiver vulnerability in Bixby Voice prior to version 3.3.35.12 allows attackers to access arbitrary data with Bixby Voice privilege.
Use of implicit intent for sensitive communication vulnerability in EasySetup prior to version 11.1.13
CVE-2023-42555
5.5 - Medium
- November 07, 2023
Use of implicit intent for sensitive communication vulnerability in EasySetup prior to version 11.1.13 allows attackers to get the bluetooth address of user device.
Improper Authentication vulnerabiity in Samsung Pass prior to version 4.3.00.17
CVE-2023-42554
6.8 - Medium
- November 07, 2023
Improper Authentication vulnerabiity in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication.
authentification