Filtered by vendor Samsung
Subscribe
Search
Total
584 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-41112 | 1 Samsung | 32 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 29 more | 2023-11-14 | N/A | 7.5 HIGH |
| An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). A buffer copy, without checking the size of the input, can cause abnormal termination of a mobile phone. This occurs in the RLC task and RLC module. | |||||
| CVE-2023-41111 | 1 Samsung | 32 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 29 more | 2023-11-14 | N/A | 7.5 HIGH |
| An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). Improper handling of a length parameter inconsistency can cause abnormal termination of a mobile phone. This occurs in the RLC task and RLC module. | |||||
| CVE-2023-30739 | 1 Samsung | 1 Android | 2023-11-13 | N/A | 7.8 HIGH |
| Arbitrary File Descriptor Write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. | |||||
| CVE-2023-42550 | 1 Samsung | 1 Account | 2023-11-13 | N/A | 6.5 MEDIUM |
| Use of implicit intent for sensitive communication vulnerability in startSignIn in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | |||||
| CVE-2023-42549 | 1 Samsung | 1 Account | 2023-11-13 | N/A | 6.5 MEDIUM |
| Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | |||||
| CVE-2023-42547 | 1 Samsung | 1 Account | 2023-11-13 | N/A | 6.5 MEDIUM |
| Use of implicit intent for sensitive communication vulnerability in startEmailValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | |||||
| CVE-2023-42548 | 1 Samsung | 1 Account | 2023-11-13 | N/A | 6.5 MEDIUM |
| Use of implicit intent for sensitive communication vulnerability in startMandatoryCheckActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | |||||
| CVE-2023-42546 | 1 Samsung | 1 Account | 2023-11-13 | N/A | 6.5 MEDIUM |
| Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | |||||
| CVE-2023-42551 | 1 Samsung | 1 Account | 2023-11-13 | N/A | 6.5 MEDIUM |
| Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | |||||
| CVE-2023-42533 | 1 Samsung | 1 Android | 2023-11-13 | N/A | 6.8 MEDIUM |
| Improper Input Validation with USB Gadget Interface prior to SMR Nov-2023 Release 1 allows a physical attacker to execute arbitrary code in Kernel. | |||||
| CVE-2023-42538 | 1 Samsung | 1 Android | 2023-11-13 | N/A | 9.8 CRITICAL |
| An improper input validation in saped_rec_silence in libsaped prior to SMR Nov-2023 Release 1 allows attacker to cause out-of-bounds read and write. | |||||
| CVE-2023-42536 | 1 Samsung | 1 Android | 2023-11-13 | N/A | 9.8 CRITICAL |
| An improper input validation in saped_dec in libsaped prior to SMR Nov-2023 Release 1 allows attacker to cause out-of-bounds read and write. | |||||
| CVE-2023-42537 | 1 Samsung | 1 Android | 2023-11-13 | N/A | 9.8 CRITICAL |
| An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows attacker to cause out-of-bounds read and write. | |||||
| CVE-2023-42534 | 1 Samsung | 1 Android | 2023-11-13 | N/A | 5.5 MEDIUM |
| Improper input validation vulnerability in ChooserActivity prior to SMR Nov-2023 Release 1 allows local attackers to read arbitrary files with system privilege. | |||||
| CVE-2023-42535 | 1 Samsung | 1 Android | 2023-11-13 | N/A | 7.8 HIGH |
| Out-of-bounds Write in read_block of vold prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. | |||||
| CVE-2023-42532 | 1 Samsung | 1 Android | 2023-11-13 | N/A | 7.5 HIGH |
| Improper Certificate Validation in FotaAgent prior to SMR Nov-2023 Release1 allows remote attacker to intercept the network traffic including Firmware information. | |||||
| CVE-2023-42531 | 1 Samsung | 1 Android | 2023-11-13 | N/A | 9.8 CRITICAL |
| Improper access control vulnerability in SmsController prior to SMR Nov-2023 Release1 allows attacker to bypass restrictions on starting activities from the background. | |||||
| CVE-2023-42530 | 1 Samsung | 1 Android | 2023-11-13 | N/A | 7.5 HIGH |
| Improper access control vulnerability in SecSettings prior to SMR Nov-2023 Release 1 allows attackers to enable Wi-Fi and Wi-Fi Direct without User Interaction. | |||||
| CVE-2023-42529 | 1 Samsung | 1 Android | 2023-11-13 | N/A | 7.8 HIGH |
| Out-of-bound write vulnerability in libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to execute arbitrary code. | |||||
| CVE-2023-42528 | 1 Samsung | 1 Android | 2023-11-13 | N/A | 7.8 HIGH |
| Improper Input Validation vulnerability in ProcessNvBuffering of libsec-ril prior to SMR Nov-2023 Release 1 allows local attacker to execute arbitrary code. | |||||
| CVE-2023-42527 | 1 Samsung | 1 Android | 2023-11-13 | N/A | 5.5 MEDIUM |
| Improper input validation vulnerability in ProcessWriteFile of libsec-ril prior to SMR Nov-2023 Release 1 allows local attackers to expose sensitive information. | |||||
| CVE-2021-35309 | 1 Samsung | 1 Syncthru Web Service | 2023-08-28 | N/A | 7.5 HIGH |
| An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks. | |||||
| CVE-2020-22181 | 1 Samsung | 2 Sww-3400rw, Sww-3400rw Firmware | 2023-08-25 | N/A | 6.1 MEDIUM |
| A reflected cross site scripting (XSS) vulnerability was discovered on Samsung sww-3400rw Router devices via the m2 parameter of the sess-bin/command.cgi | |||||
| CVE-2022-4894 | 2 Hp, Samsung | 2046 1vr14a, 1vr14a Firmware, 209u7a and 2043 more | 2023-08-23 | N/A | 7.3 HIGH |
| Certain HP and Samsung Printer software packages may potentially be vulnerable to elevation of privilege due to Uncontrolled Search Path Element. | |||||
| CVE-2023-40293 | 1 Samsung | 1 Harman Infotainment | 2023-08-21 | N/A | 6.8 MEDIUM |
| Harman Infotainment 20190525031613 and later allows command injection via unauthenticated RPC with a D-Bus connection object. | |||||
| CVE-2023-40292 | 1 Samsung | 1 Harman Infotainment | 2023-08-21 | N/A | 4.3 MEDIUM |
| Harman Infotainment 20190525031613 and later discloses the IP address via CarPlay CTRL packets. | |||||
| CVE-2023-40291 | 1 Samsung | 1 Harman Infotainment | 2023-08-21 | N/A | 6.8 MEDIUM |
| Harman Infotainment 20190525031613 allows root access via SSH over a USB-to-Ethernet dongle with a password that is an internal project name. | |||||
| CVE-2023-30695 | 1 Samsung | 8 Galaxy Book2 Go, Galaxy Book2 Go Firmware, Galaxy Book2 Pro 360 and 5 more | 2023-08-16 | N/A | 7.8 HIGH |
| Out-of-bounds Write vulnerability in SSHDCPAPP TA prior to "SAMSUNG ELECTONICS, CO, LTD. - System Hardware Update - 7/13/2023" in Windows Update for Galaxy book Go, Galaxy book Go 5G, Galaxy book2 Go and Galaxy book2 Pro 360 allows local attacker to execute arbitrary code. | |||||
| CVE-2023-30705 | 1 Samsung | 1 Galaxy Store | 2023-08-15 | N/A | 5.5 MEDIUM |
| Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.56.6?allows local attackers to access privileged content providers as Galaxy Store permission. | |||||
| CVE-2023-30704 | 1 Samsung | 1 Internet | 2023-08-15 | N/A | 4.6 MEDIUM |
| Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication. | |||||
| CVE-2023-30654 | 1 Samsung | 1 Android | 2023-08-15 | N/A | 5.5 MEDIUM |
| Improper access control vulnerability in SLocationService prior to SMR Aug-2023 Release 1 allows local attacker to update fake location. | |||||
| CVE-2023-30689 | 1 Samsung | 1 Android | 2023-08-15 | N/A | 7.8 HIGH |
| Out-of-bounds Write in BuildOemEmbmsGetSigStrengthResponse of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code. | |||||
| CVE-2023-30691 | 1 Samsung | 1 Android | 2023-08-15 | N/A | 7.8 HIGH |
| Parcel mismatch in AuthenticationConfig prior to SMR Aug-2023 Release 1 allows local attacker to privilege escalation. | |||||
| CVE-2023-30693 | 1 Samsung | 1 Android | 2023-08-15 | N/A | 7.8 HIGH |
| Out-of-bounds Write in DoOemFactorySendFactoryBypassCommand of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code. | |||||
| CVE-2023-30694 | 1 Samsung | 1 Android | 2023-08-15 | N/A | 7.8 HIGH |
| Out-of-bounds Write in IpcTxPcscTransmitApdu of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code. | |||||
| CVE-2023-30696 | 1 Samsung | 1 Android | 2023-08-15 | N/A | 7.8 HIGH |
| An improper input validation in IpcTxGetVerifyAkey in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write. | |||||
| CVE-2023-30697 | 1 Samsung | 1 Android | 2023-08-15 | N/A | 7.8 HIGH |
| An improper input validation in IpcTxCfgSetSimlockPayload in libsec-ril prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write. | |||||
| CVE-2023-30698 | 1 Samsung | 1 Android | 2023-08-15 | N/A | 5.5 MEDIUM |
| Improper access control vulnerability in TelephonyUI prior to SMR Aug-2023 Release 1 allows local attacker to connect BLE without privilege. | |||||
| CVE-2023-30699 | 1 Samsung | 1 Android | 2023-08-15 | N/A | 9.8 CRITICAL |
| Out-of-bounds write vulnerability in parser_hvcC function of libsimba library prior to SMR Aug-2023 Release 1 allows code execution by remote attackers. | |||||
| CVE-2023-30703 | 1 Samsung | 1 Members | 2023-08-15 | N/A | 4.3 MEDIUM |
| Improper URL validation vulnerability in Samsung Members prior to version 14.0.07.1 allows attackers to access sensitive information. | |||||
| CVE-2023-30700 | 1 Samsung | 1 Android | 2023-08-15 | N/A | 3.3 LOW |
| PendingIntent hijacking vulnerability in SemWifiApTimeOutImpl in framework prior to SMR Aug-2023 Release 1 allows local attackers to access ContentProvider without proper permission. | |||||
| CVE-2023-30702 | 1 Samsung | 8 Galaxy Book2 Go, Galaxy Book2 Go Firmware, Galaxy Book2 Pro 360 and 5 more | 2023-08-15 | N/A | 7.8 HIGH |
| Stack overflow vulnerability in SSHDCPAPP TA prior to "SAMSUNG ELECTONICS, CO, LTD. - System Hardware Update - 7/13/2023" in Windows Update for Galaxy book Go, Galaxy book Go 5G, Galaxy book2 Go and Galaxy book2 Pro 360 allows local attacker to execute arbitrary code. | |||||
| CVE-2023-30701 | 1 Samsung | 1 Android | 2023-08-15 | N/A | 5.5 MEDIUM |
| PendingIntent hijacking in WifiGeofenceManager prior to SMR Aug-2023 Release 1 allows local attacker to arbitrary file access. | |||||
| CVE-2023-36482 | 1 Samsung | 10 S3nrn4v, S3nrn4v Firmware, S3nrn82 and 7 more | 2023-08-15 | N/A | 4.3 MEDIUM |
| An issue was discovered in Samsung NFC S3NRN4V, S3NSN4V, S3NSEN4, SEN82AB, and S3NRN82. A buffer copy without checking its input size can cause an NFC service restart. | |||||
| CVE-2023-30681 | 1 Samsung | 1 Android | 2023-08-14 | N/A | 7.8 HIGH |
| An improper input validation vulnerability within initialize function in HAL VaultKeeper prior to SMR Aug-2023 Release 1 allows attacker to cause out-of-bounds write. | |||||
| CVE-2023-30682 | 1 Samsung | 1 Android | 2023-08-14 | N/A | 3.3 LOW |
| Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call silenceRinger API without permission. | |||||
| CVE-2023-30683 | 1 Samsung | 1 Android | 2023-08-14 | N/A | 3.3 LOW |
| Improper access control in Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call endCall API without permission. | |||||
| CVE-2023-30684 | 1 Samsung | 1 Android | 2023-08-14 | N/A | 3.3 LOW |
| Improper access control in Samsung Telecom prior to SMR Aug-2023 Release 1 allows local attackers to call acceptRingingCall API without permission. | |||||
| CVE-2023-30685 | 1 Samsung | 1 Android | 2023-08-14 | N/A | 3.3 LOW |
| Improper access control vulnerability in Telecom prior to SMR Aug-2023 Release 1 allows local attakcers to change TTY mode. | |||||
| CVE-2023-30686 | 1 Samsung | 1 Android | 2023-08-14 | N/A | 7.8 HIGH |
| Out-of-bounds Write in ReqDataRaw of libsec-ril prior to SMR Aug-2023 Release 1 allows local attacker to execute arbitrary code. | |||||