Vendor CVEs
Samsung Mobile
All CVEs
2,204 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-34649 | 0.00 | — | 0.00 | Sep 4, 2024 | Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access an unlocked screen. | |||
| CVE-2024-34648 | 0.00 | — | 0.00 | Sep 4, 2024 | Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allows local attackers to access sensitive data. | |||
| CVE-2024-34647 | 0.00 | — | 0.00 | Sep 4, 2024 | Incorrect use of privileged API in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to knox without proper license. | |||
| CVE-2024-34646 | 0.00 | — | 0.00 | Sep 4, 2024 | Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to cause local permanent denial of service. | |||
| CVE-2024-34645 | 0.00 | — | 0.00 | Sep 4, 2024 | Improper input validation in ThemeCenter prior to SMR Sep-2024 Release 1 allows physical attackers to install privileged applications. | |||
| CVE-2024-34644 | 0.00 | — | 0.00 | Sep 4, 2024 | Improper access control in item selection related in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability. | |||
| CVE-2024-34643 | 0.00 | — | 0.00 | Sep 4, 2024 | Improper access control in key input related function in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability. | |||
| CVE-2024-34642 | 0.00 | — | 0.00 | Sep 4, 2024 | Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access sensitive information. | |||
| CVE-2024-34641 | 0.00 | — | 0.00 | Sep 4, 2024 | Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuration. | |||
| CVE-2024-34640 | 0.00 | — | 0.00 | Sep 4, 2024 | Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows local attackers to bypass restriction of process expiration. | |||
| CVE-2024-34639 | 0.00 | — | 0.00 | Sep 4, 2024 | Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows physical attackers to bypass proper validation. | |||
| CVE-2024-34638 | 0.00 | — | 0.00 | Sep 4, 2024 | Improper handling of exceptional conditions in ThemeCenter prior to SMR Sep-2024 Release 1 allows local attackers to delete non-preloaded applications. | |||
| CVE-2024-34637 | 0.00 | — | 0.00 | Sep 4, 2024 | Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on starting services from the background. | |||
| CVE-2024-39771 | 0.00 | — | 0.00 | Aug 28, 2024 | QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certificates, which may allow a network-adjacent unauthenticated attacker to obtain and/or alter communications of the affected product via a man-in-the-middle attack. | |||
| CVE-2024-34636 | 0.00 | — | 0.00 | Aug 7, 2024 | Use of implicit intent for sensitive communication in Samsung Email prior to version 6.1.94.2 allows local attackers to get sensitive information. | |||
| CVE-2024-34635 | 0.00 | — | 0.00 | Aug 7, 2024 | Out-of-bounds read in parsing textbox object in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory. | |||
| CVE-2024-34634 | 0.00 | — | 0.00 | Aug 7, 2024 | Out-of-bounds read in parsing connected object list in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory. | |||
| CVE-2024-34633 | 0.00 | — | 0.00 | Aug 7, 2024 | Out-of-bounds read in parsing object header in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory. | |||
| CVE-2024-34632 | 0.00 | — | 0.00 | Aug 7, 2024 | Out-of-bounds read in uuid parsing in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory. | |||
| CVE-2024-34631 | 0.00 | — | 0.00 | Aug 7, 2024 | Out-of-bounds read in applying new binary in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory. | |||
| CVE-2024-34630 | 0.00 | — | 0.00 | Aug 7, 2024 | Out-of-bounds read in applying own binary with textbox in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory. | |||
| CVE-2024-34629 | 0.00 | — | 0.00 | Aug 7, 2024 | Out-of-bounds read in applying binary with text common object in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory. | |||
| CVE-2024-34628 | 0.00 | — | 0.00 | Aug 7, 2024 | Out-of-bounds read in applying binary with path in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory. | |||
| CVE-2024-34627 | 0.00 | — | 0.00 | Aug 7, 2024 | Out-of-bounds read in parsing implemention in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory. | |||
| CVE-2024-34626 | 0.00 | — | 0.00 | Aug 7, 2024 | Out-of-bounds read in applying own binary in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory. | |||
| CVE-2024-34625 | 0.00 | — | 0.00 | Aug 7, 2024 | Out-of-bounds read in applying connection point in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory. | |||
| CVE-2024-34624 | 0.00 | — | 0.00 | Aug 7, 2024 | Out-of-bounds read in applying paragraphs in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory. | |||
| CVE-2024-34623 | 0.00 | — | 0.00 | Aug 7, 2024 | Out-of-bounds write in applying connected information in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege. | |||
| CVE-2024-34622 | 0.00 | — | 0.00 | Aug 7, 2024 | Out-of-bounds write in appending paragraph in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege. | |||
| CVE-2024-34621 | 0.00 | — | 0.00 | Aug 7, 2024 | Out-of-bounds read in applying binary with data in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory. | |||
| CVE-2024-34620 | 0.00 | — | 0.00 | Aug 7, 2024 | Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1 allows local attackers to start privileged service. | |||
| CVE-2024-34619 | 0.00 | — | 0.01 | Aug 7, 2024 | Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability. | |||
| CVE-2024-34618 | 0.00 | — | 0.00 | Aug 7, 2024 | Improper access control in System property prior to SMR Aug-2024 Release 1 allows local attackers to access cell related information. | |||
| CVE-2024-34617 | 0.00 | — | 0.00 | Aug 7, 2024 | Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows local attackers to configure default Message application. | |||
| CVE-2024-34616 | 0.00 | — | 0.00 | Aug 7, 2024 | Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data. | |||
| CVE-2024-34615 | 0.00 | — | 0.00 | Aug 7, 2024 | Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to cause memory corruption. | |||
| CVE-2024-34614 | 0.00 | — | 0.00 | Aug 7, 2024 | Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. | |||
| CVE-2024-34613 | 0.00 | — | 0.00 | Aug 7, 2024 | Improper access control in Galaxy Watch prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive information of Galaxy watch. | |||
| CVE-2024-34612 | 0.00 | — | 0.00 | Aug 7, 2024 | Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code. | |||
| CVE-2024-34611 | 0.00 | — | 0.00 | Aug 7, 2024 | Improper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get sensitive information. | |||
| CVE-2024-34610 | 0.00 | — | 0.00 | Aug 7, 2024 | Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1 allows local attackers to access protected data. | |||
| CVE-2024-34609 | 0.00 | — | 0.00 | Aug 7, 2024 | Improper access control in VoiceNoteService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||
| CVE-2024-34608 | 0.00 | — | 0.00 | Aug 7, 2024 | Improper access control in PaymentManagerService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||
| CVE-2024-34607 | 0.00 | — | 0.00 | Aug 7, 2024 | Improper access control in SamsungNotesService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||
| CVE-2024-34606 | 0.00 | — | 0.00 | Aug 7, 2024 | Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||
| CVE-2024-34605 | 0.00 | — | 0.00 | Aug 7, 2024 | Improper access control in SamsungHealthService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||
| CVE-2024-34604 | 0.00 | — | 0.00 | Aug 7, 2024 | Improper access control in LedCoverService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background. | |||
| CVE-2024-32671 | 0.00 | — | 0.00 | Jul 29, 2024 | Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0. | |||
| CVE-2024-27386 | 0.00 | — | 0.00 | Jul 9, 2024 | A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind function in Samsung Mobile Processor Exynos 1380 and Exynos 1480 related to no input validation check on tag_len for tx coming from userspace, which can lead to heap overwrite. | |||
| CVE-2024-27385 | 0.00 | — | 0.00 | Jul 9, 2024 | A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind function in Samsung Mobile Processor Exynos 1380 and Exynos 1480 related to no input validation check on tag_len for rx coming from userspace, which can lead to heap overwrite. |
- CVE-2024-34649Sep 4, 2024risk 0.00cvss —epss 0.00
Improper access control in new Dex Mode in multitasking framework prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access an unlocked screen.
- CVE-2024-34648Sep 4, 2024risk 0.00cvss —epss 0.00
Improper Handling of Insufficient Permissions in KnoxMiscPolicy prior to SMR Sep-2024 Release 1 allows local attackers to access sensitive data.
- CVE-2024-34647Sep 4, 2024risk 0.00cvss —epss 0.00
Incorrect use of privileged API in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to access privileged APIs related to knox without proper license.
- CVE-2024-34646Sep 4, 2024risk 0.00cvss —epss 0.00
Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to cause local permanent denial of service.
- CVE-2024-34645Sep 4, 2024risk 0.00cvss —epss 0.00
Improper input validation in ThemeCenter prior to SMR Sep-2024 Release 1 allows physical attackers to install privileged applications.
- CVE-2024-34644Sep 4, 2024risk 0.00cvss —epss 0.00
Improper access control in item selection related in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability.
- CVE-2024-34643Sep 4, 2024risk 0.00cvss —epss 0.00
Improper access control in key input related function in Dressroom prior to SMR Sep-2024 Release 1 allows local attackers to access protected data. User interaction is required for triggering this vulnerability.
- CVE-2024-34642Sep 4, 2024risk 0.00cvss —epss 0.00
Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access sensitive information.
- CVE-2024-34641Sep 4, 2024risk 0.00cvss —epss 0.00
Improper Export of Android Application Components in FeliCaTest prior to SMR Sep-2024 Release 1 allows local attackers to enable NFC configuration.
- CVE-2024-34640Sep 4, 2024risk 0.00cvss —epss 0.00
Improper access control vulnerability in BGProtectManager prior to SMR Sep-2024 Release 1 allows local attackers to bypass restriction of process expiration.
- CVE-2024-34639Sep 4, 2024risk 0.00cvss —epss 0.00
Improper handling of exceptional conditions in Setupwizard prior to SMR Aug-2024 Release 1 allows physical attackers to bypass proper validation.
- CVE-2024-34638Sep 4, 2024risk 0.00cvss —epss 0.00
Improper handling of exceptional conditions in ThemeCenter prior to SMR Sep-2024 Release 1 allows local attackers to delete non-preloaded applications.
- CVE-2024-34637Sep 4, 2024risk 0.00cvss —epss 0.00
Improper access control in WindowManagerService prior to SMR Sep-2024 Release 1 in Android 12, and SMR Jun-2024 Release 1 in Android 13 and Android 14 allows local attackers to bypass restrictions on starting services from the background.
- CVE-2024-39771Aug 28, 2024risk 0.00cvss —epss 0.00
QBiC CLOUD CC-2L v1.1.30 and earlier and Safie One v1.8.2 and earlier do not properly validate certificates, which may allow a network-adjacent unauthenticated attacker to obtain and/or alter communications of the affected product via a man-in-the-middle attack.
- CVE-2024-34636Aug 7, 2024risk 0.00cvss —epss 0.00
Use of implicit intent for sensitive communication in Samsung Email prior to version 6.1.94.2 allows local attackers to get sensitive information.
- CVE-2024-34635Aug 7, 2024risk 0.00cvss —epss 0.00
Out-of-bounds read in parsing textbox object in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.
- CVE-2024-34634Aug 7, 2024risk 0.00cvss —epss 0.00
Out-of-bounds read in parsing connected object list in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.
- CVE-2024-34633Aug 7, 2024risk 0.00cvss —epss 0.00
Out-of-bounds read in parsing object header in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.
- CVE-2024-34632Aug 7, 2024risk 0.00cvss —epss 0.00
Out-of-bounds read in uuid parsing in Samsung Notes prior to version 4.4.21.62 allows local attacker to access unauthorized memory.
- CVE-2024-34631Aug 7, 2024risk 0.00cvss —epss 0.00
Out-of-bounds read in applying new binary in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
- CVE-2024-34630Aug 7, 2024risk 0.00cvss —epss 0.00
Out-of-bounds read in applying own binary with textbox in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
- CVE-2024-34629Aug 7, 2024risk 0.00cvss —epss 0.00
Out-of-bounds read in applying binary with text common object in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
- CVE-2024-34628Aug 7, 2024risk 0.00cvss —epss 0.00
Out-of-bounds read in applying binary with path in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
- CVE-2024-34627Aug 7, 2024risk 0.00cvss —epss 0.00
Out-of-bounds read in parsing implemention in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
- CVE-2024-34626Aug 7, 2024risk 0.00cvss —epss 0.00
Out-of-bounds read in applying own binary in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
- CVE-2024-34625Aug 7, 2024risk 0.00cvss —epss 0.00
Out-of-bounds read in applying connection point in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
- CVE-2024-34624Aug 7, 2024risk 0.00cvss —epss 0.00
Out-of-bounds read in applying paragraphs in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
- CVE-2024-34623Aug 7, 2024risk 0.00cvss —epss 0.00
Out-of-bounds write in applying connected information in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege.
- CVE-2024-34622Aug 7, 2024risk 0.00cvss —epss 0.00
Out-of-bounds write in appending paragraph in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially execute arbitrary code with Samsung Notes privilege.
- CVE-2024-34621Aug 7, 2024risk 0.00cvss —epss 0.00
Out-of-bounds read in applying binary with data in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory.
- CVE-2024-34620Aug 7, 2024risk 0.00cvss —epss 0.00
Improper privilege management in SumeNNService prior to SMR Aug-2024 Release 1 allows local attackers to start privileged service.
- CVE-2024-34619Aug 7, 2024risk 0.00cvss —epss 0.01
Improper input validation in librtp.so prior to SMR Aug-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
- CVE-2024-34618Aug 7, 2024risk 0.00cvss —epss 0.00
Improper access control in System property prior to SMR Aug-2024 Release 1 allows local attackers to access cell related information.
- CVE-2024-34617Aug 7, 2024risk 0.00cvss —epss 0.00
Improper handling of insufficient permission in Telephony prior to SMR Aug-2024 Release 1 allows local attackers to configure default Message application.
- CVE-2024-34616Aug 7, 2024risk 0.00cvss —epss 0.00
Improper handling of insufficient permission in KnoxDualDARPolicy prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive data.
- CVE-2024-34615Aug 7, 2024risk 0.00cvss —epss 0.00
Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to cause memory corruption.
- CVE-2024-34614Aug 7, 2024risk 0.00cvss —epss 0.00
Out-of-bound write in libsmat.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code.
- CVE-2024-34613Aug 7, 2024risk 0.00cvss —epss 0.00
Improper access control in Galaxy Watch prior to SMR Aug-2024 Release 1 allows local attackers to access sensitive information of Galaxy watch.
- CVE-2024-34612Aug 7, 2024risk 0.00cvss —epss 0.00
Out-of-bound write in libcodec2secmp4vdec.so prior to SMR Aug-2024 Release 1 allows local attackers to execute arbitrary code.
- CVE-2024-34611Aug 7, 2024risk 0.00cvss —epss 0.00
Improper access control in KnoxService prior to SMR Aug-2024 Release 1 allows local attackers to get sensitive information.
- CVE-2024-34610Aug 7, 2024risk 0.00cvss —epss 0.00
Improper access control in ExtControlDeviceService prior to SMR Aug-2024 Release 1 allows local attackers to access protected data.
- CVE-2024-34609Aug 7, 2024risk 0.00cvss —epss 0.00
Improper access control in VoiceNoteService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
- CVE-2024-34608Aug 7, 2024risk 0.00cvss —epss 0.00
Improper access control in PaymentManagerService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
- CVE-2024-34607Aug 7, 2024risk 0.00cvss —epss 0.00
Improper access control in SamsungNotesService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
- CVE-2024-34606Aug 7, 2024risk 0.00cvss —epss 0.00
Improper access control in SmartThingsService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
- CVE-2024-34605Aug 7, 2024risk 0.00cvss —epss 0.00
Improper access control in SamsungHealthService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
- CVE-2024-34604Aug 7, 2024risk 0.00cvss —epss 0.00
Improper access control in LedCoverService prior to SMR Aug-2024 Release 1 allows local attackers to bypass restrictions on starting services from the background.
- CVE-2024-32671Jul 29, 2024risk 0.00cvss —epss 0.00
Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0.
- CVE-2024-27386Jul 9, 2024risk 0.00cvss —epss 0.00
A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind function in Samsung Mobile Processor Exynos 1380 and Exynos 1480 related to no input validation check on tag_len for tx coming from userspace, which can lead to heap overwrite.
- CVE-2024-27385Jul 9, 2024risk 0.00cvss —epss 0.00
A vulnerability was discovered in the slsi_handle_nan_rx_event_log_ind function in Samsung Mobile Processor Exynos 1380 and Exynos 1480 related to no input validation check on tag_len for rx coming from userspace, which can lead to heap overwrite.
Page 16 of 45