Samsung Security Vulnerabilities
Improper input validation in parsing RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.
5.3CVSS
7.1AI Score
0.0005EPSS
Improper input validation in parsing and distributing RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
8.8CVSS
8.2AI Score
0.001EPSS
Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local attackers to read kernel memory address.
5.5CVSS
6.2AI Score
0.0004EPSS
Improper access control in clickAdapterItem of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.
7.8CVSS
6.8AI Score
0.0004EPSS
Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner.
7.5CVSS
7.5AI Score
0.0005EPSS
Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to write arbitrary document files to the sandbox of Samsung Health. User interaction is required for triggering this vulnerability.
4.4CVSS
7.1AI Score
0.0004EPSS
Improper input validation in Tips prior to version 6.2.9.4 in Android 14 allows local attacker to send broadcast with Tips' privilege.
4CVSS
6.8AI Score
0.0004EPSS
Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to version 4.9.13.0 allows local attackers to copy image files to external storage.
4.4CVSS
6.9AI Score
0.0004EPSS
Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore.
5.9CVSS
6.9AI Score
0.0004EPSS
Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability.
5.5CVSS
3.9AI Score
0.001EPSS
Improper access control in Samsung Message prior to SMR Jul-2024 Release 1 allows local attackers to access location data.
5.5CVSS
4.3AI Score
0.0004EPSS
Improper access control in LedCoverService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
6.2CVSS
6.9AI Score
0.0004EPSS
Improper access control in SamsungHealthService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
6.2CVSS
6.9AI Score
0.0004EPSS
Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
6.2CVSS
6.9AI Score
0.0004EPSS
Improper access control in SamsungNotesService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
6.2CVSS
6.9AI Score
0.0004EPSS
Improper access control in PaymentManagerService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
6.2CVSS
6.9AI Score
0.0004EPSS
Improper access control in VoiceNoteService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
6.2CVSS
6.9AI Score
0.0004EPSS
Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1 allows local attackers to access protected data.
5.5CVSS
6.8AI Score
0.0004EPSS
Improper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get sensitive information.
5.5CVSS
6.7AI Score
0.0004EPSS
Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code.
7.8CVSS
7.6AI Score
0.0004EPSS
Improper access control in Galaxy Watch prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive information of Galaxy watch.
5.5CVSS
4.1AI Score
0.0004EPSS
Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code.
7.8CVSS
7.4AI Score
0.0004EPSS
Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to cause memory corruption.
7.8CVSS
5.2AI Score
0.0004EPSS
Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data.
5.5CVSS
5.1AI Score
0.0004EPSS
Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows local attackers to configure default Message application.
4CVSS
4.3AI Score
0.0004EPSS
Improper access control in System property prior to SMR Aug-2024 Release 1 allows local attackers to access cell related information.
4CVSS
4.2AI Score
0.0004EPSS
Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
8.8CVSS
7.9AI Score
0.001EPSS
Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1 allows local attackers to start privileged service.
8.4CVSS
8.1AI Score
0.0004EPSS
Out-of-bounds read in applying binary with data in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
5.5CVSS
5.4AI Score
0.0004EPSS
Out-of-bounds write in appending paragraph in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege.
7.8CVSS
7.8AI Score
0.0004EPSS
Out-of-bounds write in applying connected information in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege.
7.8CVSS
7.8AI Score
0.0004EPSS
Out-of-bounds read in applying paragraphs in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
5.5CVSS
5.4AI Score
0.0004EPSS
Out-of-bounds read in applying connection point in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
5.5CVSS
5.4AI Score
0.0004EPSS
Out-of-bounds read in applying own binary in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
5.5CVSS
5.4AI Score
0.0004EPSS
Out-of-bounds read in parsing implemention in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
5.5CVSS
5.4AI Score
0.0004EPSS
Out-of-bounds read in applying binary with path in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
5.5CVSS
5.4AI Score
0.0004EPSS
Out-of-bounds read in applying binary with text common object in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
5.5CVSS
5.4AI Score
0.0004EPSS
Out-of-bounds read in applying own binary with textbox in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
5.5CVSS
5.4AI Score
0.0004EPSS
Out-of-bounds read in applying new binary in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
5.5CVSS
5.4AI Score
0.0004EPSS
Out-of-bounds read in uuid parsing in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.
4CVSS
4.2AI Score
0.0004EPSS
Out-of-bounds read in parsing object header in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.
4CVSS
4.2AI Score
0.0004EPSS
Out-of-bounds read in parsing connected object list in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.
4CVSS
4.1AI Score
0.0004EPSS
Out-of-bounds read in parsing textbox object in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.
4CVSS
4.2AI Score
0.0004EPSS
Use of implicit intent for sensitive communication in Samsung Email prior to version 6.1.94.2 allows local attackers to get sensitive information.
5.5CVSS
4.3AI Score
0.0004EPSS
Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on starting services from the background.
6.2CVSS
6.8AI Score
0.0004EPSS
Improper handling of exceptional conditions in ThemeCenter prior to SMR Sep-2024 Release 1 allows local attackers to delete non-preloaded applications.
7.1CVSS
6.8AI Score
0.0004EPSS
Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows physical attackers to bypass proper validation.
4.6CVSS
6.8AI Score
0.0004EPSS
Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows local attackers to bypass restriction of process expiration.
3.3CVSS
6.9AI Score
0.0004EPSS
Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuration.
5.1CVSS
6.8AI Score
0.0004EPSS
Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access sensitive information.
4.6CVSS
6.7AI Score
0.001EPSS