Filtered by vendor Samsung
Subscribe
Total
1539 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-34601 | 1 Samsung | 1 Galaxy Store | 2025-01-03 | N/A | 5.9 MEDIUM |
|
Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore.
|
|||||
| CVE-2024-20839 | 2 Google, Samsung | 2 Android, Voice Recorder | 2024-12-23 | N/A | 4.6 MEDIUM |
|
Improper access control in Samsung Voice Recorder prior to versions 21.5.16.01 in Android 12 and Android 13, 21.4.51.02 in Android 14 allows physical attackers to access recording files on the lock screen.
|
|||||
| CVE-2024-20838 | 1 Samsung | 1 Internet | 2024-12-23 | N/A | 6.8 MEDIUM |
|
Improper validation vulnerability in Samsung Internet prior to version 24.0.3.2 allows local attackers to execute arbitrary code.
|
|||||
| CVE-2024-20837 | 1 Samsung | 1 Internet | 2024-12-23 | N/A | 5.3 MEDIUM |
|
Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction.
|
|||||
| CVE-2023-21513 | 1 Samsung | 1 Android | 2024-12-05 | N/A | 6.1 MEDIUM |
|
Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition.
|
|||||
| CVE-2024-34603 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Improper access control in Samsung Message prior to SMR Jul-2024 Release 1 allows local attackers to access location data.
|
|||||
| CVE-2024-34602 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 3.3 LOW |
|
Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2024-34600 | 1 Samsung | 1 Flow | 2024-11-21 | N/A | 4.4 MEDIUM |
|
Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to version 4.9.13.0 allows local attackers to copy image files to external storage.
|
|||||
| CVE-2024-34599 | 2 Google, Samsung | 2 Android, Tips | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Improper input validation in Tips prior to version 6.2.9.4 in Android 14 allows local attacker to send broadcast with Tips' privilege.
|
|||||
| CVE-2024-34597 | 1 Samsung | 1 Health | 2024-11-21 | N/A | 4.4 MEDIUM |
|
Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to write arbitrary document files to the sandbox of Samsung Health. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2024-34596 | 1 Samsung | 1 Smartthings | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner.
|
|||||
| CVE-2024-34595 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
|
Improper access control in clickAdapterItem of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.
|
|||||
| CVE-2024-34594 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local attackers to read kernel memory address.
|
|||||
| CVE-2024-34593 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 7.5 HIGH |
|
Improper input validation in parsing and distributing RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2024-34592 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Improper input validation in parsing RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2024-34591 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Improper input validation in parsing an item data from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2024-34590 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Improper input validation혻in parsing an item type from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2024-34589 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Improper input validation in parsing RTCP RR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2024-34588 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Improper input validation혻in parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2024-34587 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 7.5 HIGH |
|
Improper input validation in parsing application information from RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2024-34586 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper access control in KnoxCustomManagerService prior to SMR Jul-2024 Release 1 allows local attackers to configure Knox privacy policy.
|
|||||
| CVE-2024-34585 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 7.8 HIGH |
|
Improper access control in launchApp of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.
|
|||||
| CVE-2024-34583 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Improper access control in system property prior to SMR Jul-2024 Release 1 allows local attackers to get device identifier.
|
|||||
| CVE-2024-32671 | 1 Samsung | 1 Escargot | 2024-11-21 | N/A | 9.8 CRITICAL |
|
Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0.
|
|||||
| CVE-2024-32503 | 1 Samsung | 16 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 13 more | 2024-11-21 | N/A | 8.4 HIGH |
|
An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor lacks proper memory deallocation checking, which can result in a UAF (Use-After-Free) vulnerability.
|
|||||
| CVE-2024-28067 | 1 Samsung | 2 Exynos Modem 5300, Exynos Modem 5300 Firmware | 2024-11-21 | N/A | 5.3 MEDIUM |
|
A vulnerability in Samsung Exynos Modem 5300 allows a Man-in-the-Middle (MITM) attacker to downgrade the security mode of packets going to the victim, enabling the attacker to send messages to the victim in plaintext.
|
|||||
| CVE-2024-27375 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 7 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation check on hal_req->sdea_service_specific_info_len coming from userspace, which can lead to a heap overwrite.
|
|||||
| CVE-2024-27374 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 7 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_publish_get_nl_params(), there is no input validation check on hal_req->service_specific_info_len coming from userspace, which can lead to a heap overwrite.
|
|||||
| CVE-2024-27371 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 7 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation check on hal_req->service_specific_info_len coming from userspace, which can lead to a heap overwrite.
|
|||||
| CVE-2024-27370 | 1 Samsung | 10 Exynos 1280, Exynos 1280 Firmware, Exynos 1330 and 7 more | 2024-11-21 | N/A | 6.7 MEDIUM |
|
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on hal_req->num_config_discovery_attr coming from userspace, which can lead to a heap overwrite.
|
|||||
| CVE-2024-27360 | 1 Samsung | 16 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 13 more | 2024-11-21 | N/A | 6.0 MEDIUM |
|
A vulnerability was discovered in Samsung Mobile Processors Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, and Exynos W930 where they do not properly check length of the data, which can lead to a Denial of Service.
|
|||||
| CVE-2024-23769 | 2 Microsoft, Samsung | 2 Windows, Magician | 2024-11-21 | N/A | 7.3 HIGH |
|
Improper privilege control for the named pipe in Samsung Magician PC Software 8.0.0 (for Windows) allows a local attacker to read privileged data.
|
|||||
| CVE-2024-20901 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper input validation in copying data to buffer cache in libsaped prior to SMR Jul-2024 Release 1 allows local attackers to write out-of-bounds memory.
|
|||||
| CVE-2024-20900 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to enter MTP mode without proper authentication.
|
|||||
| CVE-2024-20899 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Use of implicit intent for sensitive communication in RCS function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
|
|||||
| CVE-2024-20898 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Use of implicit intent for sensitive communication in SoftphoneClient in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
|
|||||
| CVE-2024-20897 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Use of implicit intent for sensitive communication in FCM function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
|
|||||
| CVE-2024-20896 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Use of implicit intent for sensitive communication in Configuration message prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
|
|||||
| CVE-2024-20895 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 7.7 HIGH |
|
Improper access control in Dar service prior to SMR Jul-2024 Release 1 allows local attackers to bypass restriction for calling SDP features.
|
|||||
| CVE-2024-20894 | 1 Samsung | 1 Android | 2024-11-21 | N/A | 4.3 MEDIUM |
|
Improper handling of exceptional conditions in Secure Folder prior to SMR Jul-2024 Release 1 allows physical attackers to bypass authentication under certain condition. User interaction is required for triggering this vulnerability.
|
|||||