Samsung Android
By the Year
In 2023 there have been 139 vulnerabilities in Samsung Android with an average score of 6.3 out of ten. Android did not have any published security vulnerabilities last year. That is, 139 more vulnerabilities have already been reported in 2023 as compared to last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 139 | 6.32 |
2022 | 0 | 0.00 |
2021 | 0 | 0.00 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Android vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Samsung Android Security Vulnerabilities
An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1
CVE-2023-42538
9.8 - Critical
- November 07, 2023
An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows attacker to cause out-of-bounds read and write.
Out-of-bounds Read
An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1
CVE-2023-42537
9.8 - Critical
- November 07, 2023
An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows attacker to cause out-of-bounds read and write.
Out-of-bounds Read
An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1
CVE-2023-42536
9.8 - Critical
- November 07, 2023
An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1 allows attacker to cause out-of-bounds read and write.
Out-of-bounds Read
Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Release 1
CVE-2023-42535
7.8 - High
- November 07, 2023
Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1
CVE-2023-42534
5.5 - Medium
- November 07, 2023
Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege.
Files or Directories Accessible to External Parties
Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1
CVE-2023-42533
6.8 - Medium
- November 07, 2023
Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel.
Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1
CVE-2023-42532
7.5 - High
- November 07, 2023
Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information.
Improper Certificate Validation
Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1
CVE-2023-42531
9.8 - Critical
- November 07, 2023
Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows attacker to bypass restrictions on starting activities from the background.
authentification
Improper access control vulnerability in SecSettings prior to SMR Nov-2023 Release 1
CVE-2023-42530
7.5 - High
- November 07, 2023
Improper access control vulnerability in SecSettings prior to SMR Nov-2023 Release 1 allows attackers to enable Wi-Fi and Wi-Fi Direct without User Interaction.
Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1
CVE-2023-42529
7.8 - High
- November 07, 2023
Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to execute arbitrary code.
Memory Corruption
Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1
CVE-2023-42528
7.8 - High
- November 07, 2023
Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1
CVE-2023-42527
5.5 - Medium
- November 07, 2023
Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information.
Improper Input Validation
Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1
CVE-2023-30739
7.8 - High
- November 07, 2023
Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code.
Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1
CVE-2023-30733
9.8 - Critical
- October 04, 2023
Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows attacker to perform code execution.
Memory Corruption
Improper access control in system property prior to SMR Oct-2023 Release 1
CVE-2023-30732
3.3 - Low
- October 04, 2023
Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number.
Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application
CVE-2023-30731
4.6 - Medium
- October 04, 2023
Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type.
Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1
CVE-2023-30727
7.5 - High
- October 04, 2023
Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction.
Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1
CVE-2023-30692
7.8 - High
- October 04, 2023
Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.
Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1
CVE-2023-30690
7.8 - High
- October 04, 2023
Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.
Improper Input Validation
Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1
CVE-2023-30721
4.4 - Medium
- September 06, 2023
Insertion of sensitive information into log vulnerability in Locksettings prior to SMR Sep-2023 Release 1 allows a privileged local attacker to get lock screen match information from the log.
Insertion of Sensitive Information into Log File
PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1
CVE-2023-30720
5.5 - Medium
- September 06, 2023
PendingIntent hijacking in LmsAssemblyTrackerCTC prior to SMR Sep-2023 Release 1 allows local attacker to gain arbitrary file access.
Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1
CVE-2023-30719
3.3 - Low
- September 06, 2023
Exposure of Sensitive Information vulnerability in InboundSmsHandler prior to SMR Sep-2023 Release 1 allows local attackers to access certain message data.
Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1
CVE-2023-30717
3.3 - Low
- September 06, 2023
Sensitive information exposure vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to get unresettable identifiers.
Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1
CVE-2023-30716
5.5 - Medium
- September 06, 2023
Improper access control vulnerability in SVCAgent prior to SMR Sep-2023 Release 1 allows attackers to trigger certain commands.
Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1
CVE-2023-30715
3.3 - Low
- September 06, 2023
Improper access control vulnerability in Weather prior to SMR Sep-2023 Release 1 allows attackers to access location information set in Weather without permission.
Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1
CVE-2023-30714
4.6 - Medium
- September 06, 2023
Improper authorization vulnerability in FolderContainerDragDelegate in One UI Home prior to SMR Sep-2023 Release 1 allows physical attackers to change some settings of the folder lock.
Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1
CVE-2023-30713
5.5 - Medium
- September 06, 2023
Improper privilege management vulnerability in FolderLockNotifier in One UI Home prior to SMR Sep-2023 Release 1 allows local attackers to change some settings of the folder lock.
Improper Privilege Management
Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1
CVE-2023-30712
7.8 - High
- September 06, 2023
Improper input validation in Settings Suggestions prior to SMR Sep-2023 Release 1 allows attackers to launch arbitrary activity.
Improper Input Validation
Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1
CVE-2023-30711
3.3 - Low
- September 06, 2023
Improper authentication in Phone and Messaging Storage SMR SEP-2023 Release 1 allows attacker to insert arbitrary data to the provider.
Improper input validation vulnerability in Knox AI prior to SMR Sep-2023 Release 1
CVE-2023-30710
7.8 - High
- September 06, 2023
Improper input validation vulnerability in Knox AI prior to SMR Sep-2023 Release 1 allows local attackers to launch privileged activities.
Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1
CVE-2023-30709
6.7 - Medium
- September 06, 2023
Improper access control in Dual Messenger prior to SMR Sep-2023 Release 1 allows local attackers launch activity with system privilege.
Improper authentication in SecSettings prior to SMR Sep-2023 Release 1
CVE-2023-30708
7.5 - High
- September 06, 2023
Improper authentication in SecSettings prior to SMR Sep-2023 Release 1 allows attacker to access Captive Portal Wi-Fi in Reactivation Lock status.
authentification
Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1
CVE-2023-30707
7.1 - High
- September 06, 2023
Improper input validation vulnerability in FileProviderStatusReceiver in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows local attackers to delete arbitrary files with Samsung Keyboard privilege.
Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1
CVE-2023-30706
4.9 - Medium
- September 06, 2023
Improper authorization in Samsung Keyboard prior to SMR Sep-2023 Release 1 allows attacker to read arbitrary file with system privilege.
Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1
CVE-2023-30718
3.3 - Low
- September 06, 2023
Improper export of android application components vulnerability in WifiApAutoHotspotEnablingActivity prior to SMR Sep-2023 Release 1 allows local attacker to change a Auto Hotspot setting.
Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR Aug-2023 Release 1
CVE-2023-30688
7.8 - High
- August 10, 2023
Out-of-bounds Write in MakeUiccAuthForOem of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1
CVE-2023-30680
7.8 - High
- August 10, 2023
Improper privilege management vulnerability in MMIGroup prior to SMR Aug-2023 Release 1 allows code execution with privilege.
Improper Privilege Management
Improper access control in HDCP trustlet prior to SMR Aug-2023 Release 1
CVE-2023-30679
7.8 - High
- August 10, 2023
Improper access control in HDCP trustlet prior to SMR Aug-2023 Release 1 allows local attackers to execute arbitrary code.
Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 Release 1
CVE-2023-30687
7.8 - High
- August 10, 2023
Out-of-bounds Write in RmtUimApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Out-of-bounds Write in ReqDataRaw of libsec-ril prior to SMR Aug-2023 Release 1
CVE-2023-30686
7.8 - High
- August 10, 2023
Out-of-bounds Write in ReqDataRaw of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Improper access control vulnerability in Telecom prior to SMR Aug-2023 Release 1
CVE-2023-30685
3.3 - Low
- August 10, 2023
Improper access control vulnerability in Telecom prior to SMR Aug-2023 Release 1 allows local attakcers to change TTY mode.
Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1
CVE-2023-30684
3.3 - Low
- August 10, 2023
Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call acceptRingingCall API without permission.
Improper access control in Telecom prior to SMR Aug-2023 Release 1
CVE-2023-30683
3.3 - Low
- August 10, 2023
Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call endCall API without permission.
Improper access control in Telecom prior to SMR Aug-2023 Release 1
CVE-2023-30682
3.3 - Low
- August 10, 2023
Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call silenceRinger API without permission.
An improper input validation vulnerability within initialize function in HAL VaultKeeper prior to SMR Aug-2023 Release 1
CVE-2023-30681
7.8 - High
- August 10, 2023
An improper input validation vulnerability within initialize function in HAL VaultKeeper prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.
Memory Corruption
PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1
CVE-2023-30701
5.5 - Medium
- August 10, 2023
PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1 allows local attacker to arbitrary file access.
PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1
CVE-2023-30700
3.3 - Low
- August 10, 2023
PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1 allows local attackers to access ContentProvider without proper permission.
Out-of-bounds write vulnerability in parser_hvcC function of libsimba library prior to SMR Aug-2023 Release 1
CVE-2023-30699
9.8 - Critical
- August 10, 2023
Out-of-bounds write vulnerability in parser_hvcC function of libsimba library prior to SMR Aug-2023 Release 1 allows code execution by remote attackers.
Memory Corruption
Improper access control vulnerability in TelephonyUI prior to SMR Aug-2023 Release 1
CVE-2023-30698
5.5 - Medium
- August 10, 2023
Improper access control vulnerability in TelephonyUI prior to SMR Aug-2023 Release 1 allows local attacker to connect BLE without privilege.
An improper input validation in IpcTxCfgSetSimlockPayload in libsec-ril prior to SMR Aug-2023 Release 1
CVE-2023-30697
7.8 - High
- August 10, 2023
An improper input validation in IpcTxCfgSetSimlockPayload in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.
Memory Corruption
An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior to SMR Aug-2023 Release 1
CVE-2023-30696
7.8 - High
- August 10, 2023
An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write.
Memory Corruption
Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SMR Aug-2023 Release 1
CVE-2023-30694
7.8 - High
- August 10, 2023
Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec-ril prior to SMR Aug-2023 Release 1
CVE-2023-30693
7.8 - High
- August 10, 2023
Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1
CVE-2023-30691
7.8 - High
- August 10, 2023
Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1 allows local attacker to privilege escalation.
Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-ril prior to SMR Aug-2023 Release 1
CVE-2023-30689
7.8 - High
- August 10, 2023
Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1
CVE-2023-30654
5.5 - Medium
- August 10, 2023
Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1 allows local attacker to update fake location.
Improper input validation vulnerability in RegisteredMSISDN prior to SMR Jul-2023 Release 1
CVE-2023-30664
7.8 - High
- July 06, 2023
Improper input validation vulnerability in RegisteredMSISDN prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
Improper Input Validation
Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1
CVE-2023-30663
7.8 - High
- July 06, 2023
Improper input validation vulnerability in OemPersonalizationSetLock in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.
Improper Input Validation
Exposure of Sensitive Information vulnerability in getChipIds in UwbAospAdapterService prior to SMR Jul-2023 Release 1
CVE-2023-30662
5.5 - Medium
- July 06, 2023
Exposure of Sensitive Information vulnerability in getChipIds in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.
Exposure of Sensitive Information vulnerability in getChipInfos in UwbAospAdapterService prior to SMR Jul-2023 Release 1
CVE-2023-30661
5.5 - Medium
- July 06, 2023
Exposure of Sensitive Information vulnerability in getChipInfos in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.
Exposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior to SMR Jul-2023 Release 1
CVE-2023-30660
5.5 - Medium
- July 06, 2023
Exposure of Sensitive Information vulnerability in getDefaultChipId in UwbAospAdapterService prior to SMR Jul-2023 Release 1 allows local attackers to access the UWB chipset Identifier.
Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1
CVE-2023-30659
7.8 - High
- July 06, 2023
Improper input validation vulnerability in Transaction prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
Improper Input Validation
Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1
CVE-2023-30658
7.8 - High
- July 06, 2023
Improper input validation vulnerability in DataProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
Improper Input Validation
Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1
CVE-2023-30657
7.8 - High
- July 06, 2023
Improper input validation vulnerability in EnhancedAttestationResult prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
Improper Input Validation
Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1
CVE-2023-30656
7.8 - High
- July 06, 2023
Improper input validation vulnerability in LSOItemData prior to SMR Jul-2023 Release 1 allows attackers to launch certain activities.
Improper Input Validation
Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1
CVE-2023-30655
7.8 - High
- July 06, 2023
Improper input validation vulnerability in SCEPProfile prior to SMR Jul-2023 Release 1 allows local attackers to launch privileged activities.
Improper Input Validation
Out of bounds read and write in enableTspDevice of sysinput HAL service prior to SMR Jul-2023 Release 1
CVE-2023-30653
7.8 - High
- July 06, 2023
Out of bounds read and write in enableTspDevice of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.
Memory Corruption
Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Release 1
CVE-2023-30652
7.8 - High
- July 06, 2023
Out of bounds read and write in callrunTspCmdNoRead of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.
Memory Corruption
Out of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Release 1
CVE-2023-30651
7.8 - High
- July 06, 2023
Out of bounds read and write in callgetTspsysfs of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.
Memory Corruption
Out of bounds read and write in callrunTspCmd of sysinput HAL service prior to SMR Jul-2023 Release 1
CVE-2023-30650
7.8 - High
- July 06, 2023
Out of bounds read and write in callrunTspCmd of sysinput HAL service prior to SMR Jul-2023 Release 1 allows local attackers to execute arbitrary code.
Memory Corruption
Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior to SMR Jul-2023 Release 1
CVE-2023-30649
7.8 - High
- July 06, 2023
Heap out of bound write vulnerability in RmtUimNeedApdu of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.
Memory Corruption
Stack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of RILD priro to SMR Jul-2023 Release 1 cause a denial of service on the system.
CVE-2023-30648
5.5 - Medium
- July 06, 2023
Stack out-of-bounds write vulnerability in IpcRxImeiUpdateImeiNoti of RILD priro to SMR Jul-2023 Release 1 cause a denial of service on the system.
Memory Corruption
Heap out of bound write vulnerability in IpcRxUsimPhoneBookCapa of RILD prior to SMR Jul-2023 Release 1
CVE-2023-30647
7.8 - High
- July 06, 2023
Heap out of bound write vulnerability in IpcRxUsimPhoneBookCapa of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.
Memory Corruption
Heap out of bound write vulnerability in BroadcastSmsConfig of RILD prior to SMR Jul-2023 Release 1
CVE-2023-30646
7.8 - High
- July 06, 2023
Heap out of bound write vulnerability in BroadcastSmsConfig of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.
Memory Corruption
Heap out of bound write vulnerability in IpcRxIncomingCBMsg of RILD prior to SMR Jul-2023 Release 1
CVE-2023-30645
7.8 - High
- July 06, 2023
Heap out of bound write vulnerability in IpcRxIncomingCBMsg of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.
Memory Corruption
Stack out of bound write vulnerability in CdmaSmsParser of RILD prior to SMR Jul-2023 Release 1
CVE-2023-30644
7.8 - High
- July 06, 2023
Stack out of bound write vulnerability in CdmaSmsParser of RILD prior to SMR Jul-2023 Release 1 allows attackers to execute arbitrary code.
Memory Corruption
Missing authentication vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1
CVE-2023-30643
7.1 - High
- July 06, 2023
Missing authentication vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to delete arbitrary non-preloaded applications.
Missing Authentication for Critical Function
Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1
CVE-2023-30642
5.5 - Medium
- July 06, 2023
Improper privilege management vulnerability in Galaxy Themes Service prior to SMR Jul-2023 Release 1 allows local attackers to call privilege function.
Improper Privilege Management
Improper access control vulnerability in Settings prior to SMR Jul-2023 Release 1
CVE-2023-30641
4.3 - Medium
- July 06, 2023
Improper access control vulnerability in Settings prior to SMR Jul-2023 Release 1 allows physical attacker to use restricted user profile to access device owner's google account data.
Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1
CVE-2023-30640
3.3 - Low
- July 06, 2023
Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugration.
Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril prior to SMR Jul-2023 Release 1
CVE-2023-30670
7.8 - High
- July 06, 2023
Out-of-bounds Write in BuildIpcFactoryDeviceTestEvent of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Out-of-bounds Write in DoOemFactorySendFactoryTestResult of libsec-ril prior to SMR Jul-2023 Release 1
CVE-2023-30669
7.8 - High
- July 06, 2023
Out-of-bounds Write in DoOemFactorySendFactoryTestResult of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Out-of-bounds Write in BuildOemSecureSimLockResponse of libsec-ril prior to SMR Jul-2023 Release 1
CVE-2023-30668
7.8 - High
- July 06, 2023
Out-of-bounds Write in BuildOemSecureSimLockResponse of libsec-ril prior to SMR Jul-2023 Release 1 allows local attacker to execute arbitrary code.
Memory Corruption
Improper access control in Audio system service prior to SMR Jul-2023 Release 1
CVE-2023-30667
3.3 - Low
- July 06, 2023
Improper access control in Audio system service prior to SMR Jul-2023 Release 1 allows attacker to send broadcast with system privilege.
Improper input validation vulnerability in DoOemImeiSetPreconfig in libsec-ril prior to SMR Jul-2023 Release 1
CVE-2023-30666
7.8 - High
- July 06, 2023
Improper input validation vulnerability in DoOemImeiSetPreconfig in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds write.
Memory Corruption
Improper input validation vulnerability in OnOemServiceMode in libsec-ril prior to SMR Jul-2023 Release 1
CVE-2023-30665
4.4 - Medium
- July 06, 2023
Improper input validation vulnerability in OnOemServiceMode in libsec-ril prior to SMR Jul-2023 Release 1 allows local attackers to cause an Out-Of-Bounds read.
Out-of-bounds Read
Logic error in package installation via adb command prior to SMR Jul-2023 Release 1
CVE-2023-30671
5.5 - Medium
- July 06, 2023
Logic error in package installation via adb command prior to SMR Jul-2023 Release 1 allows local attackers to downgrade installed application.
Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way
CVE-2023-21513
6.8 - Medium
- June 28, 2023
Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition.
Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1
CVE-2023-21512
3.3 - Low
- June 28, 2023
Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission.
Incorrect Default Permissions
Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1
CVE-2023-21502
7.8 - High
- May 04, 2023
Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands.
Improper Input Validation
Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1
CVE-2023-21501
7.8 - High
- May 04, 2023
Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.
Improper Input Validation
Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1
CVE-2023-21493
5.5 - Medium
- May 04, 2023
Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data.
Kernel pointers are printed in the log file prior to SMR May-2023 Release 1
CVE-2023-21492
4.4 - Medium
- May 04, 2023
Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.
Insertion of Sensitive Information into Log File
Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1
CVE-2023-21491
7.8 - High
- May 04, 2023
Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege.
Improper access control in GearManagerStub prior to SMR May-2023 Release 1
CVE-2023-21490
7.1 - High
- May 04, 2023
Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager.
Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1
CVE-2023-21489
6.8 - Medium
- May 04, 2023
Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code.
Memory Corruption
Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1
CVE-2023-21488
7.8 - High
- May 04, 2023
Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips.
Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1
CVE-2023-21487
3.3 - Low
- May 04, 2023
Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting.
authentification
Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1
CVE-2023-21486
4.6 - Medium
- May 04, 2023
Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.
Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1
CVE-2023-21485
4.6 - Medium
- May 04, 2023
Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Samsung Android or by Samsung? Click the Watch button to subscribe.
