Vulnerabilities (CVE)

  1. Yack CVE
  2. Vulnerabilities (CVE)
Filtered by vendor Samsung
Angry Yack Logo
Total 1539 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-30640 1 Samsung 1 Android 2024-11-21 N/A 4.3 MEDIUM
Improper access control vulnerability in PersonaManagerService prior to SMR Jul-2023 Release 1 allows local attackers to change confiugration.
CVE-2023-26498 1 Samsung 10 Exynos 1080, Exynos 1080 Firmware, Exynos 980 and 7 more 2024-11-21 N/A 8.6 HIGH
An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, Exynos Auto T5126. Memory corruption can occur due to improper checking of the number of properties while parsing the chatroom attribute in the SDP (Session Description Protocol) module.
CVE-2023-26496 1 Samsung 10 Exynos 1080, Exynos 1080 Firmware, Exynos 980 and 7 more 2024-11-21 N/A 8.6 HIGH
An issue was discovered in Samsung Baseband Modem Chipset for Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T5124. Memory corruption can occur due to improper checking of the parameter length while parsing the fmtp attribute in the SDP (Session Description Protocol) module.
CVE-2023-21518 1 Samsung 1 Searchwidget 2024-11-21 N/A 4.4 MEDIUM
Improper access control vulnerability in SearchWidget prior to version 3.3 in China models allows untrusted applications to start arbitrary activity.
CVE-2023-21517 1 Samsung 1 Exynos 2024-11-21 N/A 8.8 HIGH
Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code.
CVE-2023-21516 1 Samsung 1 Galaxy Store 2024-11-21 N/A 7.5 HIGH
XSS vulnerability from InstantPlay in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
CVE-2023-21515 1 Samsung 1 Galaxy Store 2024-11-21 N/A 7.5 HIGH
InstantPlay which included vulnerable script which could execute javascript in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
CVE-2023-21514 1 Samsung 1 Galaxy Store 2024-11-21 N/A 7.5 HIGH
Improper scheme validation from InstantPlay Deeplink in Galaxy Store prior to version 4.5.49.8 allows attackers to execute javascript API to install APK from Galaxy Store.
CVE-2023-21512 1 Samsung 1 Android 2024-11-21 N/A 2.4 LOW
Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission.
CVE-2023-21511 1 Samsung 1 Samsung Blockchain Keystore 2024-11-21 N/A 4.4 MEDIUM
Out-of-bounds Read vulnerability while processing CMD_COLDWALLET_BTC_SET_PRV_UTXO in bc_core trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory.
CVE-2023-21510 1 Samsung 1 Samsung Blockchain Keystore 2024-11-21 N/A 4.4 MEDIUM
Out-of-bounds Read vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory.
CVE-2023-21509 1 Samsung 1 Samsung Blockchain Keystore 2024-11-21 N/A 6.7 MEDIUM
Out-of-bounds Write vulnerability while processing BC_TUI_CMD_UPDATE_SCREEN in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code.
CVE-2023-21508 1 Samsung 1 Samsung Blockchain Keystore 2024-11-21 N/A 6.7 MEDIUM
Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code.
CVE-2023-21507 1 Samsung 1 Samsung Blockchain Keystore 2024-11-21 N/A 4.4 MEDIUM
Out-of-bounds Read vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to read arbitrary memory.
CVE-2023-21506 1 Samsung 1 Samsung Blockchain Keystore 2024-11-21 N/A 6.7 MEDIUM
Out-of-bounds Write vulnerability while processing BC_TUI_CMD_SEND_RESOURCE_DATA_ARRAY command in bc_tui trustlet from Samsung Blockchain Keystore prior to version 1.3.12.1 allows local attacker to execute arbitrary code.
CVE-2023-21505 1 Samsung 1 Samsung Core Services 2024-11-21 N/A 4.0 MEDIUM
Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox.
CVE-2023-21504 1 Samsung 1 Android 2024-11-21 N/A 5.6 MEDIUM
Potential buffer overflow vulnerability in mm_Plmncoordination.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.
CVE-2023-21503 1 Samsung 2 Android, Exynos 2024-11-21 N/A 5.6 MEDIUM
Potential buffer overflow vulnerability in mm_LteInterRatManagement.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.
CVE-2023-21502 1 Samsung 1 Android 2024-11-21 N/A 5.7 MEDIUM
Improper input validation vulnerability in FactoryTest application prior to SMR May-2023 Release 1 allows local attackers to get privilege escalation via debugging commands.
CVE-2023-21501 1 Samsung 1 Android 2024-11-21 N/A 8.2 HIGH
Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.
CVE-2023-21500 1 Samsung 1 Android 2024-11-21 N/A 6.0 MEDIUM
Double free validation vulnerability in setPinPadImages in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the trustlet memory.
CVE-2023-21499 1 Samsung 1 Android 2024-11-21 N/A 8.2 HIGH
Out-of-bounds write vulnerability in TA_Communication_mpos_encrypt_pin in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code.
CVE-2023-21498 1 Samsung 1 Android 2024-11-21 N/A 6.0 MEDIUM
Improper input validation vulnerability in setPartnerTAInfo in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to overwrite the trustlet memory.
CVE-2023-21497 1 Samsung 1 Android 2024-11-21 N/A 4.4 MEDIUM
Use of externally-controlled format string vulnerability in mPOS TUI trustlet prior to SMR May-2023 Release 1 allows local attackers to access the memory address.
CVE-2023-21496 1 Samsung 1 Android 2024-11-21 N/A 6.1 MEDIUM
Active Debug Code vulnerability in ActivityManagerService prior to SMR May-2023 Release 1 allows attacker to use debug function via setting debug level.
CVE-2023-21495 1 Samsung 1 Android 2024-11-21 N/A 4.0 MEDIUM
Improper access control vulnerability in Knox Enrollment Service prior to SMR May-2023 Release 1 allow attacker install KSP app when device admin is set.
CVE-2023-21494 1 Samsung 2 Android, Exynos 2024-11-21 N/A 5.6 MEDIUM
Potential buffer overflow vulnerability in auth api in mm_Authentication.c in Shannon baseband prior to SMR May-2023 Release 1 allows remote attackers to cause invalid memory access.
CVE-2023-21493 1 Samsung 1 Android 2024-11-21 N/A 6.8 MEDIUM
Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data.
CVE-2023-21491 1 Samsung 1 Android 2024-11-21 N/A 8.5 HIGH
Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege.
CVE-2023-21490 1 Samsung 1 Android 2024-11-21 N/A 4.7 MEDIUM
Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager.
CVE-2023-21489 1 Samsung 1 Android 2024-11-21 N/A 7.1 HIGH
Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code.
CVE-2023-21488 1 Samsung 1 Android 2024-11-21 N/A 4.4 MEDIUM
Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips.
CVE-2023-21487 1 Samsung 1 Android 2024-11-21 N/A 5.1 MEDIUM
Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting.
CVE-2023-21486 1 Samsung 1 Android 2024-11-21 N/A 5.3 MEDIUM
Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.
CVE-2023-21485 1 Samsung 1 Android 2024-11-21 N/A 5.3 MEDIUM
Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox.
CVE-2023-21484 1 Samsung 1 Android 2024-11-21 N/A 5.1 MEDIUM
Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation.
CVE-2023-21465 1 Samsung 1 Bixbytouch 2024-11-21 N/A 5.5 MEDIUM
Improper access control vulnerability in BixbyTouch prior to version 3.2.02.5 in China models allows untrusted applications access local files.
CVE-2023-21464 2 Google, Samsung 2 Android, Calendar 2024-11-21 N/A 4.0 MEDIUM
Improper access control in Samsung Calendar prior to versions 12.4.02.9000 in Android 13 and 12.3.08.2000 in Android 12 allows local attacker to configure improper status.
CVE-2023-21463 2 Google, Samsung 2 Android, Myfiles 2024-11-21 N/A 4.0 MEDIUM
Improper access control vulnerability in MyFiles application prior to versions 12.2.09.0 in Android 11, 13.1.03.501 in Android 12 and 14.1.03.0 in Android 13 allows local attacker to get sensitive information of secret mode in Samsung Internet application with specific conditions.
CVE-2023-21462 2 Google, Samsung 2 Android, Quick Share 2024-11-21 N/A 4.2 MEDIUM
The sensitive information exposure vulnerability in Quick Share Agent prior to versions 3.5.14.18 in Android 12 and 3.5.16.20 in Android 13 allows to local attacker to access MAC address without related permission.