Samsung Notes
By the Year
In 2024 there have been 19 vulnerabilities in Samsung Notes with an average score of 5.8 out of ten. Notes did not have any published security vulnerabilities last year. That is, 19 more vulnerabilities have already been reported in 2024 as compared to last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 19 | 5.83 |
2023 | 0 | 0.00 |
2022 | 1 | 5.50 |
2021 | 11 | 6.84 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 1 | 7.00 |
It may take a day or so for new Notes vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Samsung Notes Security Vulnerabilities
Path traversal in Samsung Notes prior to version 4.4.21.62
CVE-2024-34656
7.8 - High
- September 04, 2024
Path traversal in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.
Directory traversal
Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62
CVE-2024-34657
9.8 - Critical
- September 04, 2024
Stack-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows remote attackers to execute arbitrary code.
Memory Corruption
Out-of-bounds read in Samsung Notes
CVE-2024-34658
7.1 - High
- September 04, 2024
Out-of-bounds read in Samsung Notes allows local attackers to bypass ASLR.
Out-of-bounds Read
Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62
CVE-2024-34660
7.8 - High
- September 04, 2024
Heap-based out-of-bounds write in Samsung Notes prior to version 4.4.21.62 allows local attackers to execute arbitrary code.
Memory Corruption
Out-of-bounds read in uuid parsing in Samsung Notes prior to version 4.4.21.62
CVE-2024-34632
3.3 - Low
- August 07, 2024
Out-of-bounds read in uuid parsing in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.
Out-of-bounds Read
Out-of-bounds read in applying binary with data in Samsung Notes prior to version 4.4.21.62
CVE-2024-34621
5.5 - Medium
- August 07, 2024
Out-of-bounds read in applying binary with data in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
Out-of-bounds Read
Out-of-bounds write in appending paragraph in Samsung Notes prior to version 4.4.21.62
CVE-2024-34622
7.8 - High
- August 07, 2024
Out-of-bounds write in appending paragraph in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege.
Memory Corruption
Out-of-bounds write in applying connected information in Samsung Notes prior to version 4.4.21.62
CVE-2024-34623
7.8 - High
- August 07, 2024
Out-of-bounds write in applying connected information in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege.
Memory Corruption
Out-of-bounds read in applying paragraphs in Samsung Notes prior to version 4.4.21.62
CVE-2024-34624
5.5 - Medium
- August 07, 2024
Out-of-bounds read in applying paragraphs in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
Out-of-bounds Read
Out-of-bounds read in applying connection point in Samsung Notes prior to version 4.4.21.62
CVE-2024-34625
5.5 - Medium
- August 07, 2024
Out-of-bounds read in applying connection point in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
Out-of-bounds Read
Out-of-bounds read in applying own binary in Samsung Notes prior to version 4.4.21.62
CVE-2024-34626
5.5 - Medium
- August 07, 2024
Out-of-bounds read in applying own binary in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
Out-of-bounds Read
Out-of-bounds read in parsing implemention in Samsung Notes prior to version 4.4.21.62
CVE-2024-34627
5.5 - Medium
- August 07, 2024
Out-of-bounds read in parsing implemention in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
Out-of-bounds Read
Out-of-bounds read in applying binary with path in Samsung Notes prior to version 4.4.21.62
CVE-2024-34628
5.5 - Medium
- August 07, 2024
Out-of-bounds read in applying binary with path in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
Out-of-bounds Read
Out-of-bounds read in applying binary with text common object in Samsung Notes prior to version 4.4.21.62
CVE-2024-34629
5.5 - Medium
- August 07, 2024
Out-of-bounds read in applying binary with text common object in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
Out-of-bounds Read
Out-of-bounds read in applying own binary with textbox in Samsung Notes prior to version 4.4.21.62
CVE-2024-34630
5.5 - Medium
- August 07, 2024
Out-of-bounds read in applying own binary with textbox in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
Out-of-bounds Read
Out-of-bounds read in applying new binary in Samsung Notes prior to version 4.4.21.62
CVE-2024-34631
5.5 - Medium
- August 07, 2024
Out-of-bounds read in applying new binary in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
Out-of-bounds Read
Out-of-bounds read in parsing object header in Samsung Notes prior to version 4.4.21.62
CVE-2024-34633
3.3 - Low
- August 07, 2024
Out-of-bounds read in parsing object header in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.
Out-of-bounds Read
Out-of-bounds read in parsing connected object list in Samsung Notes prior to version 4.4.21.62
CVE-2024-34634
3.3 - Low
- August 07, 2024
Out-of-bounds read in parsing connected object list in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.
Out-of-bounds Read
Out-of-bounds read in parsing textbox object in Samsung Notes prior to version 4.4.21.62
CVE-2024-34635
3.3 - Low
- August 07, 2024
Out-of-bounds read in parsing textbox object in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.
Out-of-bounds Read
Path traversal vulnerability in UriFileUtils of Samsung Notes prior to version 4.3.14.39
CVE-2022-36831
5.5 - Medium
- August 05, 2022
Path traversal vulnerability in UriFileUtils of Samsung Notes prior to version 4.3.14.39 allows attacker to access some file as Samsung Notes permission.
Directory traversal
A possible buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61
CVE-2021-25494
7.8 - High
- October 06, 2021
A possible buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution.
Classic Buffer Overflow
A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61
CVE-2021-25495
7.8 - High
- October 06, 2021
A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution.
Memory Corruption
A possible buffer overflow vulnerability in maetd_dec_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61
CVE-2021-25496
7.8 - High
- October 06, 2021
A possible buffer overflow vulnerability in maetd_dec_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution.
Classic Buffer Overflow
A possible buffer overflow vulnerability in maetd_cpy_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61
CVE-2021-25497
7.8 - High
- October 06, 2021
A possible buffer overflow vulnerability in maetd_cpy_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution.
Classic Buffer Overflow
A possible buffer overflow vulnerability in maetd_eco_cb_mode of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61
CVE-2021-25498
7.8 - High
- October 06, 2021
A possible buffer overflow vulnerability in maetd_eco_cb_mode of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution.
Classic Buffer Overflow
Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61
CVE-2021-25492
7.1 - High
- October 06, 2021
Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read.
Out-of-bounds Read
Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61
CVE-2021-25493
7.1 - High
- October 06, 2021
Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read
Buffer Overflow
An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27
CVE-2021-25405
5.5 - Medium
- June 11, 2021
An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files.
Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27
CVE-2021-25402
3.3 - Low
- June 11, 2021
Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information.
Insecure Storage of Sensitive Information
Path Traversal vulnerability in Samsung Notes prior to version 4.2.00.22
CVE-2021-25367
5.4 - Medium
- March 25, 2021
Path Traversal vulnerability in Samsung Notes prior to version 4.2.00.22 allows attackers to access local files without permission.
Directory traversal
Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22
CVE-2021-25355
7.8 - High
- March 25, 2021
Using unsafe PendingIntent in Samsung Notes prior to version 4.2.00.22 allows local attackers unauthorized action without permission via hijacking the PendingIntent.
Incorrect Default Permissions
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Notes Fixed in version 2.0.02.31
CVE-2018-10501
7 - High
- September 24, 2018
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Notes Fixed in version 2.0.02.31. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of ZIP files. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5358.
Directory traversal
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Samsung Notes or by Samsung? Click the Watch button to subscribe.