Vulnerabilities > Samsung

DATE CVE VULNERABILITY TITLE RISK
2023-02-09 CVE-2023-21420 Use of Externally-Controlled Format String vulnerability in Samsung Android 10.0/11.0
Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution.
local
low complexity
samsung CWE-134
7.8
2023-02-09 CVE-2023-21421 Improper Privilege Management vulnerability in Samsung Android 10.0/11.0
Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.
local
low complexity
samsung CWE-269
7.8
2023-02-09 CVE-2023-21422 Incorrect Authorization vulnerability in Samsung Android 11.0/12.0
Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService.
local
low complexity
samsung CWE-863
5.5
2023-02-09 CVE-2023-21423 Incorrect Authorization vulnerability in Samsung Android 12.0/13.0
Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action.
local
low complexity
samsung CWE-863
5.5
2023-02-09 CVE-2023-21424 Incorrect Authorization vulnerability in Samsung Android 11.0/12.0
Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand.
local
low complexity
samsung CWE-863
3.3
2023-02-09 CVE-2023-21425 Improper Authentication vulnerability in Samsung Android 10.0/11.0
Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information.
local
low complexity
samsung CWE-287
5.5
2023-02-09 CVE-2023-21426 Use of Hard-coded Credentials vulnerability in Samsung Android 10.0
Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN.
local
low complexity
samsung CWE-798
5.5
2023-02-09 CVE-2023-21427 Unspecified vulnerability in Samsung Android 11.0/12.0
Improper access control vulnerability in NfcTile prior to SMR Jan-2023 Release 1 allows to attacker to use NFC without user recognition.
low complexity
samsung
6.5
2023-02-09 CVE-2023-21428 Improper Input Validation vulnerability in Samsung Android 11.0/12.0
Improper input validation vulnerability in TelephonyUI prior to SMR Jan-2023 Release 1 allows attackers to configure Preferred Call.
local
low complexity
samsung CWE-20
3.3
2023-02-09 CVE-2023-21429 Unspecified vulnerability in Samsung Android 10.0/11.0
Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID.
local
low complexity
samsung
3.3