U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

National Vulnerability Database

National Vulnerability Database

NVD

National Vulnerability Database
  1. VulnerabilitiesSearch And Statistics

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:o:samsung:android:10.0:smr-nov-2023-r1:*:*:*:*:*:*
  • CPE Name Search: true
There are 9 matching records.
Displaying matches 1 through 9.
Vuln ID Summary CVSS Severity
CVE-2023-21441

Insufficient Verification of Data Authenticity vulnerability in Routine prior to versions 2.6.30.6 in Android Q(10), 3.1.21.10 in Android R(11) and 3.5.2.23 in Android S(12) allows local attacker to access protected files via unused code.

Published: February 09, 2023; 2:15:16 PM -0500 		V4.0:(not available)
 V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21437

Improper access control vulnerability in Phone application prior to SMR Feb-2023 Release 1 allows local attackers to access sensitive information via implicit broadcast.

Published: February 09, 2023; 2:15:16 PM -0500 		V4.0:(not available)
 V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21436

Improper usage of implicit intent in Contacts prior to SMR Feb-2023 Release 1 allows attacker to get account ID.

Published: February 09, 2023; 2:15:16 PM -0500 		V4.0:(not available)
 V3.1: 3.3 LOW
V2.0:(not available)
CVE-2023-21430

An out-of-bound read vulnerability in mapToBuffer function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR JAN-2023 Release 1 allows attacker to cause memory access fault.

Published: February 09, 2023; 2:15:15 PM -0500 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-21429

Improper usage of implict intent in ePDG prior to SMR JAN-2023 Release 1 allows attacker to access SSID.

Published: February 09, 2023; 2:15:15 PM -0500 		V4.0:(not available)
 V3.1: 3.3 LOW
V2.0:(not available)
CVE-2023-21426

Hardcoded AES key to encrypt cardemulation PINs in NFC prior to SMR Jan-2023 Release 1 allows attackers to access cardemulation PIN.

Published: February 09, 2023; 2:15:15 PM -0500 		V4.0:(not available)
 V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21425

Improper access control vulnerability in telecom application prior to SMR JAN-2023 Release 1 allows local attackers to get sensitive information.

Published: February 09, 2023; 2:15:15 PM -0500 		V4.0:(not available)
 V3.1: 5.5 MEDIUM
V2.0:(not available)
CVE-2023-21421

Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.

Published: February 09, 2023; 2:15:14 PM -0500 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0:(not available)
CVE-2023-21420

Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution.

Published: February 09, 2023; 2:15:14 PM -0500 		V4.0:(not available)
 V3.1: 7.8 HIGH
V2.0:(not available)