Vulnerabilities > Samsung
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-13 | CVE-2023-24033 | Unspecified vulnerability in Samsung products The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description Protocol (SDP) module, which can lead to a denial of service. | 9.8 |
| 2023-03-13 | CVE-2023-26072 | Out-of-bounds Write vulnerability in Samsung products An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. | 9.8 |
| 2023-03-10 | CVE-2023-26075 | Classic Buffer Overflow vulnerability in Samsung products An issue was discovered in Samsung Mobile Chipset and Baseband Modem Chipset for Exynos 850, Exynos 980, Exynos 1080, Exynos 1280, Exynos 2200, Exynos Modem 5123, Exynos Modem 5300, and Exynos Auto T5123. | 9.8 |
| 2023-02-09 | CVE-2023-21420 | Use of Externally-Controlled Format String vulnerability in Samsung Android 10.0/11.0 Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution. | 7.8 |
| 2023-02-09 | CVE-2023-21421 | Improper Privilege Management vulnerability in Samsung Android 10.0/11.0 Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN. | 7.8 |
| 2023-02-09 | CVE-2023-21422 | Incorrect Authorization vulnerability in Samsung Android 11.0/12.0 Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService. | 5.5 |
| 2023-02-09 | CVE-2023-21423 | Incorrect Authorization vulnerability in Samsung Android 12.0/13.0 Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action. | 5.5 |
| 2023-02-09 | CVE-2023-21424 | Incorrect Authorization vulnerability in Samsung Android 11.0/12.0 Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand. | 3.3 |
| 2023-02-09 | CVE-2023-21425 | Improper Authentication vulnerability in Samsung Android 10.0/11.0 Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information. | 5.5 |
| 2023-02-09 | CVE-2023-21426 | Use of Hard-coded Credentials vulnerability in Samsung Android 10.0 Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN. | 5.5 |