Samsung Samsung

Do you want an email whenever new security vulnerabilities are reported in any Samsung product?

Products by Samsung Sorted by Most Security Vulnerabilities since 2018

Samsung Android232 vulnerabilities

Samsung Notes32 vulnerabilities

Samsung Galaxy Store21 vulnerabilities

Samsung Internet19 vulnerabilities

Samsung Account18 vulnerabilities

Samsung Smartthings14 vulnerabilities

Samsung Mtower13 vulnerabilities

Samsung Pass9 vulnerabilities

Samsung Health9 vulnerabilities

Samsung Mobile7 vulnerabilities

Samsung Syncthru Web Service7 vulnerabilities

Samsung Blockchain Keystore6 vulnerabilities

Samsung Cloud6 vulnerabilities

Samsung Email6 vulnerabilities

Samsung Galaxy Watch Plugin6 vulnerabilities

Samsung Wear Os6 vulnerabilities

Samsung Email5 vulnerabilities

Samsung Pass5 vulnerabilities

Samsung Find My Mobile5 vulnerabilities

Samsung Smart Switch Pc5 vulnerabilities

Samsung Tizenrt5 vulnerabilities

Samsung Flow4 vulnerabilities

Samsung Galaxy Apps4 vulnerabilities

Samsung Gallery4 vulnerabilities

Samsung Bixby Voice3 vulnerabilities

Samsung Pay Mini3 vulnerabilities

Samsung Pay3 vulnerabilities

Samsung Exynos3 vulnerabilities

Samsung Factorycamera3 vulnerabilities

Samsung Flow3 vulnerabilities

Samsung Quick Share3 vulnerabilities

Samsung Pay Kr3 vulnerabilities

Samsung Harman Infotainment3 vulnerabilities

Samsung Kies3 vulnerabilities

Samsung Members3 vulnerabilities

Samsung Watch Active Plugin2 vulnerabilities

Samsung Searchwidget2 vulnerabilities

Samsung Push Service2 vulnerabilities

Samsung Bixby Vision2 vulnerabilities

Samsung Charm2 vulnerabilities

Samsung Checkout2 vulnerabilities

Samsung Watch Active2 Plugin2 vulnerabilities

Samsung Internet Browser2 vulnerabilities

Samsung Pay2 vulnerabilities

Samsung Smarttagplugin2 vulnerabilities

Samsung S Assistant2 vulnerabilities

Samsung Uphelper Library2 vulnerabilities

Samsung Update2 vulnerabilities

Samsung Editor Lite2 vulnerabilities

Samsung Escargot2 vulnerabilities

Samsung Factorycamerafb2 vulnerabilities

Samsung Members2 vulnerabilities

Samsung Group Sharing2 vulnerabilities

Samsung Assistant1 vulnerability

Samsung Bixby Touch1 vulnerability

Samsung Bixbytouch1 vulnerability

Samsung Blockchain Wallet1 vulnerability

Samsung Cameralyzer1 vulnerability

Samsung Capture1 vulnerability

Samsung Clp 365 Ss067a1 vulnerability

Samsung Clp 365 Sw139a1 vulnerability

Samsung Clp 366 Ss068a1 vulnerability

Samsung Clp 366 Sv600a1 vulnerability

Samsung Clp 368 Sv601a1 vulnerability

Samsung Clp 560 Sv611a1 vulnerability

Samsung Clp 560 Sv612a1 vulnerability

Samsung Clp 680 Ss075a1 vulnerability

Samsung Clx 3305 Ss095a1 vulnerability

Samsung Clx 3305 Ss096a1 vulnerability

Samsung Clx 6260 Ss106a1 vulnerability

Samsung Clx 6260 Ss107a1 vulnerability

Samsung Clx 6260 Ss108a1 vulnerability

Samsung Clx 6260 Sw177a1 vulnerability

Samsung Ddr41 vulnerability

Samsung Dex1 vulnerability

Samsung Dialer1 vulnerability

Samsung Display Solutions1 vulnerability

Samsung Easysetup1 vulnerability

Samsung Exynos 88951 vulnerability

Samsung Exynos Smp13001 vulnerability

Samsung Gear S1 vulnerability

Samsung Lpddr41 vulnerability

Samsung Ml 3750 Ss138a1 vulnerability

Samsung Ml 4510 Ss141a1 vulnerability

Samsung Ml 4512 Ss142a1 vulnerability

Samsung Ml 5015 Ss147a1 vulnerability

Samsung Ml 5017 Ss148a1 vulnerability

Samsung Ml 5510 Ss149a1 vulnerability

Samsung Ml 5510 Ss150a1 vulnerability

Samsung Ml 5510 Ss151a1 vulnerability

Known Exploited Samsung Vulnerabilities

The following Samsung vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Samsung Mobile Devices Use-After-Free Vulnerability Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution. CVE-2022-22265 September 18, 2023
Samsung Mobile Devices Out-of-Bounds Read Vulnerability Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to remote code execution by dereference of an invalid function pointer. CVE-2021-25487 June 29, 2023
Samsung Mobile Devices Improper Input Validation Vulnerability Samsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kernel panic. CVE-2021-25489 June 29, 2023
Samsung Mobile Devices Race Condition Vulnerability Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised. CVE-2021-25394 June 29, 2023
Samsung Mobile Devices Race Condition Vulnerability Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised. CVE-2021-25395 June 29, 2023
Samsung Mobile Devices Unspecified Vulnerability Samsung mobile devices contain an unspecified vulnerability within DSP driver that allows attackers to load ELF libraries inside DSP. CVE-2021-25371 June 29, 2023
Samsung Mobile Devices Improper Boundary Check Vulnerability Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access. CVE-2021-25372 June 29, 2023
Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass. CVE-2023-21492 May 19, 2023
Samsung Mobile Devices Improper Access Control Vulnerability Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370. CVE-2021-25337 November 8, 2022
Samsung Mobile Devices Improper Access Control Vulnerability Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370. CVE-2021-25369 November 8, 2022
Samsung Mobile Devices Memory Corruption Vulnerability Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369. CVE-2021-25370 November 8, 2022

By the Year

In 2024 there have been 119 vulnerabilities in Samsung with an average score of 5.7 out of ten. Last year Samsung had 227 security vulnerabilities published. Right now, Samsung is on track to have less security vulnerabilities in 2024 than it did last year. Last year, the average CVE base score was greater by 0.55

Year Vulnerabilities Average Score
2024 119 5.72
2023 227 6.27
2022 145 5.66
2021 64 5.72
2020 7 9.26
2019 6 6.72
2018 19 7.39

It may take a day or so for new Samsung vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Samsung Security Vulnerabilities

The Samsung Universal Print Driver for Windows is potentially vulnerable to escalation of privilege

CVE-2024-5760 7.8 - High - September 11, 2024

The Samsung Universal Print Driver for Windows is potentially vulnerable to escalation of privilege allowing the creation of a reverse shell in the tool. This is only applicable for products in the application released or manufactured before 2018.

Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1

CVE-2024-34641 3.3 - Low - September 04, 2024

Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuration.

Path traversal in Samsung Notes prior to version 4.4.21.62

CVE-2024-34656 7.8 - High - September 04, 2024

Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.

Directory traversal

Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14

CVE-2024-34637 5.5 - Medium - September 04, 2024

Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on starting services from the background.

Improper handling of exceptional conditions in ThemeCenter prior to SMR Sep-2024 Release 1

CVE-2024-34638 7.1 - High - September 04, 2024

Improper handling of exceptional conditions in ThemeCenter prior to SMR Sep-2024 Release 1 allows local attackers to delete non-preloaded applications.

Improper Handling of Exceptional Conditions

Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1

CVE-2024-34639 4.6 - Medium - September 04, 2024

Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows physical attackers to bypass proper validation.

Improper Handling of Exceptional Conditions

Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1

CVE-2024-34640 3.3 - Low - September 04, 2024

Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows local attackers to bypass restriction of process expiration.

Improper authorization in One UI Home prior to SMR Sep-2024 Release 1

CVE-2024-34642 4.6 - Medium - September 04, 2024

Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access sensitive information.

AuthZ

Improper access control in key input related function in Dressroom prior to SMR Sep-2024 Release 1

CVE-2024-34643 5.5 - Medium - September 04, 2024

Improper access control in key input related function in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability.

Improper access control in item selection related in Dressroom prior to SMR Sep-2024 Release 1

CVE-2024-34644 5.5 - Medium - September 04, 2024

Improper access control in item selection related in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability.

Improper input validation in ThemeCenter prior to SMR Sep-2024 Release 1

CVE-2024-34645 4.6 - Medium - September 04, 2024

Improper input validation in ThemeCenter prior to SMR Sep-2024 Release 1 allows physical attackers to install privileged applications.

Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1

CVE-2024-34646 5.5 - Medium - September 04, 2024

Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to cause local permanent denial of service.

Incorrect use of privileged API in DualDarManagerProxy prior to SMR Sep-2024 Release 1

CVE-2024-34647 5.5 - Medium - September 04, 2024

Incorrect use of privileged API in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to knox without proper license.

Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1

CVE-2024-34648 5.5 - Medium - September 04, 2024

Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allows local attackers to access sensitive data.

Incorrect Default Permissions

Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1

CVE-2024-34649 2.4 - Low - September 04, 2024

Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access an unlocked screen.

Path Traversal in My Files prior to SMR Sep-2024 Release 1

CVE-2024-34653 4.6 - Medium - September 04, 2024

Path Traversal in My Files prior to SMR Sep-2024 Release 1 allows physical attackers to access directories with My Files' privilege.

Directory traversal

Improper Export of android application component in My Files prior to SMR Sep-2024 Release 1

CVE-2024-34654 5.5 - Medium - September 04, 2024

Improper Export of android application component in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access files with My Files' privilege.

Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1

CVE-2024-34655 5.5 - Medium - September 04, 2024

Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1 allows local attackers to access privileged API related to UniversalCredentialManager.

Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1

CVE-2024-34650 3.3 - Low - September 04, 2024

Incorrect authorization in CocktailbarService prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to Edge panel.

AuthZ

Improper authorization in My Files prior to SMR Sep-2024 Release 1

CVE-2024-34651 5.5 - Medium - September 04, 2024

Improper authorization in My Files prior to SMR Sep-2024 Release 1 allows local attackers to access restricted data in My Files.

AuthZ

Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1

CVE-2024-34652 3.3 - Low - September 04, 2024

Incorrect authorization in kperfmon prior to SMR Sep-2024 Release 1 allows local attackers to access information related to performance including app usage.

AuthZ

Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7

CVE-2024-34661 4.3 - Medium - September 04, 2024

Improper handling of insufficient permissions in Samsung Assistant prior to version 9.1.00.7 allows remote attackers to access location data. User interaction is required for triggering this vulnerability.

Incorrect Default Permissions

Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62

CVE-2024-34657 9.8 - Critical - September 04, 2024

Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code.

Memory Corruption

Out-of-bounds read in Samsung Notes

CVE-2024-34658 7.1 - High - September 04, 2024

Out-of-bounds read in Samsung Notes allows local attackers to bypass ASLR.

Out-of-bounds Read

Exposure of sensitive information in GroupSharing prior to version 13.6.13.3

CVE-2024-34659 5.3 - Medium - September 04, 2024

Exposure of sensitive information in GroupSharing prior to version 13.6.13.3 allows remote attackers can force the victim to join the group.

Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62

CVE-2024-34660 7.8 - High - September 04, 2024

Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.

Memory Corruption

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050

CVE-2024-7399 7.5 - High - August 12, 2024

Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority.

Directory traversal

Use of implicit intent for sensitive communication in Samsung Email prior to version 6.1.94.2

CVE-2024-34636 5.5 - Medium - August 07, 2024

Use of implicit intent for sensitive communication in Samsung Email prior to version 6.1.94.2 allows local attackers to get sensitive information.

Improper access control in LedCoverService prior to SMR Aug-2024 Release 1

CVE-2024-34604 5.5 - Medium - August 07, 2024

Improper access control in LedCoverService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

Improper access control in SamsungHealthService prior to SMR Aug-2024 Release 1

CVE-2024-34605 5.5 - Medium - August 07, 2024

Improper access control in SamsungHealthService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1

CVE-2024-34606 5.5 - Medium - August 07, 2024

Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

Improper access control in SamsungNotesService prior to SMR Aug-2024 Release 1

CVE-2024-34607 5.5 - Medium - August 07, 2024

Improper access control in SamsungNotesService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

Improper access control in PaymentManagerService prior to SMR Aug-2024 Release 1

CVE-2024-34608 5.5 - Medium - August 07, 2024

Improper access control in PaymentManagerService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

Improper access control in VoiceNoteService prior to SMR Aug-2024 Release 1

CVE-2024-34609 5.5 - Medium - August 07, 2024

Improper access control in VoiceNoteService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.

Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1

CVE-2024-34610 5.5 - Medium - August 07, 2024

Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1 allows local attackers to access protected data.

Improper access control in KnoxService prior to SMR Aug-2024 Release 1

CVE-2024-34611 5.5 - Medium - August 07, 2024

Improper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get sensitive information.

Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1

CVE-2024-34612 7.8 - High - August 07, 2024

Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code.

Memory Corruption

Improper access control in Galaxy Watch prior to SMR Aug-2024 Release 1

CVE-2024-34613 5.5 - Medium - August 07, 2024

Improper access control in Galaxy Watch prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive information of Galaxy watch.

Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1

CVE-2024-34614 7.8 - High - August 07, 2024

Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code.

Memory Corruption

Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1

CVE-2024-34615 7.8 - High - August 07, 2024

Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to cause memory corruption.

Memory Corruption

Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1

CVE-2024-34616 5.5 - Medium - August 07, 2024

Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data.

Incorrect Default Permissions

Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1

CVE-2024-34617 3.3 - Low - August 07, 2024

Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows local attackers to configure default Message application.

Incorrect Default Permissions

Improper access control in System property prior to SMR Aug-2024 Release 1

CVE-2024-34618 3.3 - Low - August 07, 2024

Improper access control in System property prior to SMR Aug-2024 Release 1 allows local attackers to access cell related information.

Improper input validation in librtp.so prior to SMR Aug-2024 Release 1

CVE-2024-34619 8.8 - High - August 07, 2024

Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1

CVE-2024-34620 7.8 - High - August 07, 2024

Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1 allows local attackers to start privileged service.

Out-of-bounds read in applying binary with data in Samsung Notes prior to version 4.4.21.62

CVE-2024-34621 5.5 - Medium - August 07, 2024

Out-of-bounds read in applying binary with data in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Out-of-bounds Read

Out-of-bounds write in appending paragraph in Samsung Notes prior to version 4.4.21.62

CVE-2024-34622 7.8 - High - August 07, 2024

Out-of-bounds write in appending paragraph in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege.

Memory Corruption

Out-of-bounds write in applying connected information in Samsung Notes prior to version 4.4.21.62

CVE-2024-34623 7.8 - High - August 07, 2024

Out-of-bounds write in applying connected information in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege.

Memory Corruption

Out-of-bounds read in applying paragraphs in Samsung Notes prior to version 4.4.21.62

CVE-2024-34624 5.5 - Medium - August 07, 2024

Out-of-bounds read in applying paragraphs in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Out-of-bounds Read

Out-of-bounds read in applying connection point in Samsung Notes prior to version 4.4.21.62

CVE-2024-34625 5.5 - Medium - August 07, 2024

Out-of-bounds read in applying connection point in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Out-of-bounds Read

Out-of-bounds read in applying own binary in Samsung Notes prior to version 4.4.21.62

CVE-2024-34626 5.5 - Medium - August 07, 2024

Out-of-bounds read in applying own binary in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Out-of-bounds Read

Out-of-bounds read in parsing implemention in Samsung Notes prior to version 4.4.21.62

CVE-2024-34627 5.5 - Medium - August 07, 2024

Out-of-bounds read in parsing implemention in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Out-of-bounds Read

Out-of-bounds read in applying binary with path in Samsung Notes prior to version 4.4.21.62

CVE-2024-34628 5.5 - Medium - August 07, 2024

Out-of-bounds read in applying binary with path in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Out-of-bounds Read

Out-of-bounds read in applying binary with text common object in Samsung Notes prior to version 4.4.21.62

CVE-2024-34629 5.5 - Medium - August 07, 2024

Out-of-bounds read in applying binary with text common object in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Out-of-bounds Read

Out-of-bounds read in applying own binary with textbox in Samsung Notes prior to version 4.4.21.62

CVE-2024-34630 5.5 - Medium - August 07, 2024

Out-of-bounds read in applying own binary with textbox in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Out-of-bounds Read

Out-of-bounds read in applying new binary in Samsung Notes prior to version 4.4.21.62

CVE-2024-34631 5.5 - Medium - August 07, 2024

Out-of-bounds read in applying new binary in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.

Out-of-bounds Read

Out-of-bounds read in uuid parsing in Samsung Notes prior to version 4.4.21.62

CVE-2024-34632 3.3 - Low - August 07, 2024

Out-of-bounds read in uuid parsing in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.

Out-of-bounds Read

Out-of-bounds read in parsing object header in Samsung Notes prior to version 4.4.21.62

CVE-2024-34633 3.3 - Low - August 07, 2024

Out-of-bounds read in parsing object header in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.

Out-of-bounds Read

Out-of-bounds read in parsing connected object list in Samsung Notes prior to version 4.4.21.62

CVE-2024-34634 3.3 - Low - August 07, 2024

Out-of-bounds read in parsing connected object list in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.

Out-of-bounds Read

Out-of-bounds read in parsing textbox object in Samsung Notes prior to version 4.4.21.62

CVE-2024-34635 3.3 - Low - August 07, 2024

Out-of-bounds read in parsing textbox object in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.

Out-of-bounds Read

Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine

CVE-2024-32671 9.8 - Critical - July 29, 2024

Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0.

Memory Corruption

Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1

CVE-2024-34602 5.5 - Medium - July 08, 2024

Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability.

Improper access control in Samsung Message prior to SMR Jul-2024 Release 1

CVE-2024-34603 5.5 - Medium - July 08, 2024

Improper access control in Samsung Message prior to SMR Jul-2024 Release 1 allows local attackers to access location data.

Improper input validation in libmediaextractorservice.so prior to SMR Jul-2024 Release 1

CVE-2024-20893 7.8 - High - July 02, 2024

Improper input validation in libmediaextractorservice.so prior to SMR Jul-2024 Release 1 allows local attackers to trigger memory corruption.

Memory Corruption

Improper input validation in parsing an item data from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1

CVE-2024-34591 4.3 - Medium - July 02, 2024

Improper input validation in parsing an item data from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.

Improper input validation?in parsing an item type from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1

CVE-2024-34590 4.3 - Medium - July 02, 2024

Improper input validation?in parsing an item type from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.

Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0

CVE-2024-34601 5.3 - Medium - July 02, 2024

Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore.

Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to version 4.9.13.0

CVE-2024-34600 3.3 - Low - July 02, 2024

Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to version 4.9.13.0 allows local attackers to copy image files to external storage.

Improper input validation in Samsung Health prior to version 6.27.0.113

CVE-2024-34597 3.3 - Low - July 02, 2024

Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to write arbitrary document files to the sandbox of Samsung Health. User interaction is required for triggering this vulnerability.

Improper authentication in SmartThings prior to version 1.8.17

CVE-2024-34596 7.5 - High - July 02, 2024

Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner.

authentification

Improper access control in clickAdapterItem of SystemUI prior to SMR Jul-2024 Release 1

CVE-2024-34595 7.8 - High - July 02, 2024

Improper access control in clickAdapterItem of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.

Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1

CVE-2024-34594 5.5 - Medium - July 02, 2024

Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local attackers to read kernel memory address.

Improper input validation in parsing and distributing RTCP packet in librtp.so prior to SMR Jul-2024 Release 1

CVE-2024-34593 8.8 - High - July 02, 2024

Improper input validation in parsing and distributing RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

Improper input validation in parsing RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1

CVE-2024-34592 4.3 - Medium - July 02, 2024

Improper input validation in parsing RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.

Use of implicit intent for sensitive communication in FCM function in IMS service prior to SMR Jul-2024 Release 1

CVE-2024-20897 5.5 - Medium - July 02, 2024

Use of implicit intent for sensitive communication in FCM function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.

Use of implicit intent for sensitive communication in Configuration message prior to SMR Jul-2024 Release 1

CVE-2024-20896 5.5 - Medium - July 02, 2024

Use of implicit intent for sensitive communication in Configuration message prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.

Improper access control in Dar service prior to SMR Jul-2024 Release 1

CVE-2024-20895 5.5 - Medium - July 02, 2024

Improper access control in Dar service prior to SMR Jul-2024 Release 1 allows local attackers to bypass restriction for calling SDP features.

Improper handling of exceptional conditions in Secure Folder prior to SMR Jul-2024 Release 1

CVE-2024-20894 4.3 - Medium - July 02, 2024

Improper handling of exceptional conditions in Secure Folder prior to SMR Jul-2024 Release 1 allows physical attackers to bypass authentication under certain condition. User interaction is required for triggering this vulnerability.

Improper Handling of Exceptional Conditions

Improper verification of signature in FilterProvider prior to SMR Jul-2024 Release 1 allows local attackers to execute privileged behaviors

CVE-2024-20892 7.8 - High - July 02, 2024

Improper verification of signature in FilterProvider prior to SMR Jul-2024 Release 1 allows local attackers to execute privileged behaviors. User interaction is required for triggering this vulnerability.

Improper Verification of Cryptographic Signature

Improper access control in launchFullscreenIntent of SystemUI prior to SMR Jul-2024 Release 1

CVE-2024-20891 7.8 - High - July 02, 2024

Improper access control in launchFullscreenIntent of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.

Use of implicit intent for sensitive communication in SoftphoneClient in IMS service prior to SMR Jul-2024 Release 1

CVE-2024-20898 5.5 - Medium - July 02, 2024

Use of implicit intent for sensitive communication in SoftphoneClient in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.

Use of implicit intent for sensitive communication in RCS function in IMS service prior to SMR Jul-2024 Release 1

CVE-2024-20899 5.5 - Medium - July 02, 2024

Use of implicit intent for sensitive communication in RCS function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.

Improper authentication in MTP application prior to SMR Jul-2024 Release 1

CVE-2024-20900 3.3 - Low - July 02, 2024

Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to enter MTP mode without proper authentication.

authentification

Improper input validation in copying data to buffer cache in libsaped prior to SMR Jul-2024 Release 1

CVE-2024-20901 7.8 - High - July 02, 2024

Improper input validation in copying data to buffer cache in libsaped prior to SMR Jul-2024 Release 1 allows local attackers to write out-of-bounds memory.

Memory Corruption

Improper access control in system property prior to SMR Jul-2024 Release 1

CVE-2024-34583 3.3 - Low - July 02, 2024

Improper access control in system property prior to SMR Jul-2024 Release 1 allows local attackers to get device identifier.

Improper access control in launchApp of SystemUI prior to SMR Jul-2024 Release 1

CVE-2024-34585 7.8 - High - July 02, 2024

Improper access control in launchApp of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.

Improper access control in KnoxCustomManagerService prior to SMR Jul-2024 Release 1

CVE-2024-34586 3.3 - Low - July 02, 2024

Improper access control in KnoxCustomManagerService prior to SMR Jul-2024 Release 1 allows local attackers to configure Knox privacy policy.

Improper input validation?in parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1

CVE-2024-34588 6.5 - Medium - July 02, 2024

Improper input validation?in parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.

Improper input validation in parsing RTCP RR packet in librtp.so prior to SMR Jul-2024 Release 1

CVE-2024-34589 6.5 - Medium - July 02, 2024

Improper input validation in parsing RTCP RR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for triggering this vulnerability.

Improper access control in OneUIHome prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities

CVE-2024-20888 7.8 - High - July 02, 2024

Improper access control in OneUIHome prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.

Improper authentication in BLE prior to SMR Jul-2024 Release 1

CVE-2024-20889 4.3 - Medium - July 02, 2024

Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair with devices.

authentification

Improper input validation in BLE prior to SMR Jul-2024 Release 1

CVE-2024-20890 8.8 - High - July 02, 2024

Improper input validation in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to trigger abnormal behavior.

authentification

Improper input validation in parsing application information from RTCP packet in librtp.so prior to SMR Jul-2024 Release 1

CVE-2024-34587 6.8 - Medium - July 02, 2024

Improper input validation in parsing application information from RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.

Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4

CVE-2024-20827 4.6 - Medium - February 06, 2024

Improper access control vulnerability in Samsung Gallery prior to version 14.5.04.4 allows physical attackers to access the picture using physical keyboard on the lockscreen.

Improper authorization verification vulnerability in Samsung Internet prior to version 24.0

CVE-2024-20828 4.6 - Medium - February 06, 2024

Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication.

AuthZ

Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1

CVE-2024-20810 3.3 - Low - February 06, 2024

Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows local attackers to get sensitive information.

Clickjacking

Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1

CVE-2024-20811 3.3 - Low - February 06, 2024

Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure GameOptimizer.

Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1

CVE-2024-20812 7.8 - High - February 06, 2024

Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary code.

Memory Corruption

Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6

CVE-2024-20824 5.5 - Medium - February 06, 2024

Implicit intent hijacking vulnerability in VoiceSearch of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent.

Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1

CVE-2024-20815 6.5 - Medium - February 06, 2024

Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user awareness.

authentification

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.