Vendor CVEs
Samsung Mobile
All CVEs
2,204 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-27373 | 0.00 | — | 0.00 | Jun 5, 2024 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on disc_attr->mesh_id_len coming from userspace, which can lead to a heap… | |||
| CVE-2024-27374 | 0.00 | — | 0.00 | Jun 5, 2024 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_publish_get_nl_params(), there is no input validation check on hal_req->service_specific_info_len coming from userspace, which can lead… | |||
| CVE-2024-27375 | 0.00 | — | 0.00 | Jun 5, 2024 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation check on hal_req->sdea_service_specific_info_len coming from userspace, which… | |||
| CVE-2024-27372 | 0.00 | — | 0.00 | Jun 5, 2024 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on disc_attr->infrastructure_ssid_len coming from userspace, which can lead… | |||
| CVE-2024-27377 | 0.00 | — | 0.00 | Jun 5, 2024 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_get_security_info_nl(), there is no input validation check on sec_info->key_info.body.pmk_info.pmk_len coming from userspace, which can… | |||
| CVE-2024-27370 | 0.00 | — | 0.00 | Jun 5, 2024 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on hal_req->num_config_discovery_attr coming from userspace, which can lead… | |||
| CVE-2024-27381 | 0.00 | — | 0.00 | Jun 5, 2024 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_send_action_frame_ut(), there is no input validation check on len coming from userspace, which can lead to a heap over-read. | |||
| CVE-2024-27382 | 0.00 | — | 0.00 | Jun 5, 2024 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_send_action_frame(), there is no input validation check on len coming from userspace, which can lead to a heap over-read. | |||
| CVE-2024-27378 | 0.00 | — | 0.00 | Jun 5, 2024 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_send_action_frame_cert(), there is no input validation check on len coming from userspace, which can lead to a heap over-read. | |||
| CVE-2024-27376 | 0.00 | — | 0.00 | Jun 5, 2024 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_subscribe_get_nl_params(), there is no input validation check on hal_req->rx_match_filter_len coming from userspace, which can lead to… | |||
| CVE-2024-27380 | 0.00 | — | 0.00 | Jun 5, 2024 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_set_delayed_wakeup_type(), there is no input validation check on a length of ioctl_args->args[i] coming from userspace, which can lead to a… | |||
| CVE-2024-27379 | 0.00 | — | 0.00 | Jun 5, 2024 | An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_subscribe_get_nl_params(), there is no input validation check on hal_req->num_intf_addr_present coming from userspace, which can lead… | |||
| CVE-2023-50803 | 0.00 | — | 0.00 | Jun 5, 2024 | An issue was discovered in Samsung Mobile Processor, and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not… | |||
| CVE-2023-49927 | 0.00 | — | 0.00 | Jun 5, 2024 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300. The baseband… | |||
| CVE-2024-28818 | 0.00 | — | 0.00 | Jun 5, 2024 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly… | |||
| CVE-2023-49928 | 0.00 | — | 0.00 | Jun 5, 2024 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300. The baseband… | |||
| CVE-2023-50804 | 0.00 | — | 0.00 | Jun 5, 2024 | An issue was discovered in Samsung Mobile Processor, and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not… | |||
| CVE-2024-20887 | 0.00 | — | 0.00 | Jun 4, 2024 | Arbitrary directory creation in GalaxyBudsManager PC prior to version 2.1.240315.51 allows attacker to create arbitrary directory. | |||
| CVE-2024-20885 | 0.00 | — | 0.00 | Jun 4, 2024 | Improper component protection vulnerability in Samsung Dialer prior to SMR May-2024 Release 1 allows local attackers to make a call without proper permission. | |||
| CVE-2024-20884 | 0.00 | — | 0.00 | Jun 4, 2024 | Incorrect use of privileged API vulnerability in getSemBatteryUsageStats in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API. | |||
| CVE-2024-20883 | 0.00 | — | 0.00 | Jun 4, 2024 | Incorrect use of privileged API vulnerability in registerBatteryStatsCallback in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API. | |||
| CVE-2024-20882 | 0.00 | — | 0.00 | Jun 4, 2024 | Out-of-bounds read vulnerability in bootloader prior to SMR June-2024 Release 1 allows physical attackers to arbitrary data access. | |||
| CVE-2024-20881 | 0.00 | — | 0.00 | Jun 4, 2024 | Improper input validation vulnerability in chnactiv TA prior to SMR Jun-2024 Release 1 allows local privileged attackers lead to potential arbitrary code execution. | |||
| CVE-2024-20880 | 0.00 | — | 0.00 | Jun 4, 2024 | Stack-based buffer overflow vulnerability in bootloader prior to SMR Jun-2024 Release 1 allows physical attackers to overwrite memory. | |||
| CVE-2024-20879 | 0.00 | — | 0.00 | Jun 4, 2024 | Improper input validation vulnerability in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers to write out-of-bounds memory. | |||
| CVE-2024-20878 | 0.00 | — | 0.00 | Jun 4, 2024 | Heap out-of-bound write vulnerability in parsing grid image in libsavscmn.so prior to SMR June-2024 Release 1 allows local attackers to execute arbitrary code. | |||
| CVE-2024-20877 | 0.00 | — | 0.00 | Jun 4, 2024 | Heap out-of-bound write vulnerability in parsing grid image header in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers to execute arbitrary code. | |||
| CVE-2024-20876 | 0.00 | — | 0.00 | Jun 4, 2024 | Improper input validation in libsheifdecadapter.so prior to SMR Jun-2024 Release 1 allows local attackers to lead to memory corruption. | |||
| CVE-2024-20875 | 0.00 | — | 0.00 | Jun 4, 2024 | Improper caller verification vulnerability in SemClipboard prior to SMR June-2024 Release 1 allows local attackers to access arbitrary files. | |||
| CVE-2024-20874 | 0.00 | — | 0.00 | Jun 4, 2024 | Improper access control vulnerability in SmartManagerCN prior to SMR Jun-2024 Release 1 allows local attackers to launch privileged activities. | |||
| CVE-2024-20873 | 0.00 | — | 0.00 | Jun 4, 2024 | Improper input validation vulnerability in caminfo driver prior to SMR Jun-2024 Release 1 allows local privileged attackers to write out-of-bounds memory. | |||
| CVE-2024-29152 | 0.00 | — | 0.00 | Jun 4, 2024 | An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400, Exynos Modem 5123, and Exynos Modem 5300. The baseband software does not properly… | |||
| CVE-2024-31953 | 0.00 | — | 0.00 | May 9, 2024 | An issue was discovered in Samsung Magician 8.0.0 on macOS. Because it is possible to tamper with the directory and executable files used during the installation process, an attacker can escalate privileges through arbitrary code execution. (The attacker must already have user… | |||
| CVE-2024-31952 | 0.00 | — | 0.00 | May 9, 2024 | An issue was discovered in Samsung Magician 8.0.0 on macOS. Because symlinks are used during the installation process, an attacker can escalate privileges via arbitrary file permission writes. (The attacker must already have user privileges, and an administrator password must be… | |||
| CVE-2024-20855 | 0.00 | — | 0.00 | May 7, 2024 | Improper access control vulnerability in multitasking framework prior to SMR May-2024 Release 1 allows physical attackers to access unlocked screen for a while. | |||
| CVE-2024-20871 | 0.00 | — | 0.00 | May 7, 2024 | Improper authorization vulnerability in Samsung Keyboard prior to version One UI 5.1.1 allows physical attackers to partially bypass the factory reset protection. | |||
| CVE-2024-20870 | 0.00 | — | 0.00 | May 7, 2024 | Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store. | |||
| CVE-2024-20869 | 0.00 | — | 0.00 | May 7, 2024 | Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for cookies. | |||
| CVE-2024-20868 | 0.00 | — | 0.00 | May 7, 2024 | Improper input validation in Samsung Notes prior to version 4.4.15 allows local attackers to delete files with Samsung Notes privilege under certain conditions. | |||
| CVE-2024-20867 | 0.00 | — | 0.00 | May 7, 2024 | Improper privilege management vulnerability in Samsung Email prior to version 6.1.91.14 allows local attackers to access sensitive information. | |||
| CVE-2024-20866 | 0.00 | — | 0.00 | May 7, 2024 | Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical attackers to skip activation step. | |||
| CVE-2024-20865 | 0.00 | — | 0.00 | May 7, 2024 | Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary images. | |||
| CVE-2024-20864 | 0.00 | — | 0.00 | May 7, 2024 | Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system resources. | |||
| CVE-2024-20863 | 0.00 | — | 0.00 | May 7, 2024 | Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code. | |||
| CVE-2024-20862 | 0.00 | — | 0.00 | May 7, 2024 | Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code. | |||
| CVE-2024-20861 | 0.00 | — | 0.00 | May 7, 2024 | Use after free vulnerability in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to cause memory corruption. | |||
| CVE-2024-20860 | 0.00 | — | 0.00 | May 7, 2024 | Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper permission. | |||
| CVE-2024-20859 | 0.00 | — | 0.00 | May 7, 2024 | Improper access control vulnerability in FactoryCamera prior to SMR May-2024 Release 1 allows local attackers to take pictures without privilege. | |||
| CVE-2024-20858 | 0.00 | — | 0.00 | May 7, 2024 | Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application. | |||
| CVE-2024-20857 | 0.00 | — | 0.00 | May 7, 2024 | Improper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application. |
- CVE-2024-27373Jun 5, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on disc_attr->mesh_id_len coming from userspace, which can lead to a heap…
- CVE-2024-27374Jun 5, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_publish_get_nl_params(), there is no input validation check on hal_req->service_specific_info_len coming from userspace, which can lead…
- CVE-2024-27375Jun 5, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation check on hal_req->sdea_service_specific_info_len coming from userspace, which…
- CVE-2024-27372Jun 5, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on disc_attr->infrastructure_ssid_len coming from userspace, which can lead…
- CVE-2024-27377Jun 5, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_get_security_info_nl(), there is no input validation check on sec_info->key_info.body.pmk_info.pmk_len coming from userspace, which can…
- CVE-2024-27370Jun 5, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation check on hal_req->num_config_discovery_attr coming from userspace, which can lead…
- CVE-2024-27381Jun 5, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_send_action_frame_ut(), there is no input validation check on len coming from userspace, which can lead to a heap over-read.
- CVE-2024-27382Jun 5, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_send_action_frame(), there is no input validation check on len coming from userspace, which can lead to a heap over-read.
- CVE-2024-27378Jun 5, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_send_action_frame_cert(), there is no input validation check on len coming from userspace, which can lead to a heap over-read.
- CVE-2024-27376Jun 5, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_subscribe_get_nl_params(), there is no input validation check on hal_req->rx_match_filter_len coming from userspace, which can lead to…
- CVE-2024-27380Jun 5, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_set_delayed_wakeup_type(), there is no input validation check on a length of ioctl_args->args[i] coming from userspace, which can lead to a…
- CVE-2024-27379Jun 5, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_subscribe_get_nl_params(), there is no input validation check on hal_req->num_intf_addr_present coming from userspace, which can lead…
- CVE-2023-50803Jun 5, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Mobile Processor, and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not…
- CVE-2023-49927Jun 5, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300. The baseband…
- CVE-2024-28818Jun 5, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not properly…
- CVE-2023-49928Jun 5, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 9110, Exynos W920, Exynos Modem 5123, Exynos Modem 5300. The baseband…
- CVE-2023-50804Jun 5, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Mobile Processor, and Modem Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos Modem 5123, Exynos Modem 5300. The baseband software does not…
- CVE-2024-20887Jun 4, 2024risk 0.00cvss —epss 0.00
Arbitrary directory creation in GalaxyBudsManager PC prior to version 2.1.240315.51 allows attacker to create arbitrary directory.
- CVE-2024-20885Jun 4, 2024risk 0.00cvss —epss 0.00
Improper component protection vulnerability in Samsung Dialer prior to SMR May-2024 Release 1 allows local attackers to make a call without proper permission.
- CVE-2024-20884Jun 4, 2024risk 0.00cvss —epss 0.00
Incorrect use of privileged API vulnerability in getSemBatteryUsageStats in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API.
- CVE-2024-20883Jun 4, 2024risk 0.00cvss —epss 0.00
Incorrect use of privileged API vulnerability in registerBatteryStatsCallback in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API.
- CVE-2024-20882Jun 4, 2024risk 0.00cvss —epss 0.00
Out-of-bounds read vulnerability in bootloader prior to SMR June-2024 Release 1 allows physical attackers to arbitrary data access.
- CVE-2024-20881Jun 4, 2024risk 0.00cvss —epss 0.00
Improper input validation vulnerability in chnactiv TA prior to SMR Jun-2024 Release 1 allows local privileged attackers lead to potential arbitrary code execution.
- CVE-2024-20880Jun 4, 2024risk 0.00cvss —epss 0.00
Stack-based buffer overflow vulnerability in bootloader prior to SMR Jun-2024 Release 1 allows physical attackers to overwrite memory.
- CVE-2024-20879Jun 4, 2024risk 0.00cvss —epss 0.00
Improper input validation vulnerability in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers to write out-of-bounds memory.
- CVE-2024-20878Jun 4, 2024risk 0.00cvss —epss 0.00
Heap out-of-bound write vulnerability in parsing grid image in libsavscmn.so prior to SMR June-2024 Release 1 allows local attackers to execute arbitrary code.
- CVE-2024-20877Jun 4, 2024risk 0.00cvss —epss 0.00
Heap out-of-bound write vulnerability in parsing grid image header in libsavscmn.so prior to SMR Jun-2024 Release 1 allows local attackers to execute arbitrary code.
- CVE-2024-20876Jun 4, 2024risk 0.00cvss —epss 0.00
Improper input validation in libsheifdecadapter.so prior to SMR Jun-2024 Release 1 allows local attackers to lead to memory corruption.
- CVE-2024-20875Jun 4, 2024risk 0.00cvss —epss 0.00
Improper caller verification vulnerability in SemClipboard prior to SMR June-2024 Release 1 allows local attackers to access arbitrary files.
- CVE-2024-20874Jun 4, 2024risk 0.00cvss —epss 0.00
Improper access control vulnerability in SmartManagerCN prior to SMR Jun-2024 Release 1 allows local attackers to launch privileged activities.
- CVE-2024-20873Jun 4, 2024risk 0.00cvss —epss 0.00
Improper input validation vulnerability in caminfo driver prior to SMR Jun-2024 Release 1 allows local privileged attackers to write out-of-bounds memory.
- CVE-2024-29152Jun 4, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, Exynos 990, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, Exynos 2400, Exynos Modem 5123, and Exynos Modem 5300. The baseband software does not properly…
- CVE-2024-31953May 9, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Magician 8.0.0 on macOS. Because it is possible to tamper with the directory and executable files used during the installation process, an attacker can escalate privileges through arbitrary code execution. (The attacker must already have user…
- CVE-2024-31952May 9, 2024risk 0.00cvss —epss 0.00
An issue was discovered in Samsung Magician 8.0.0 on macOS. Because symlinks are used during the installation process, an attacker can escalate privileges via arbitrary file permission writes. (The attacker must already have user privileges, and an administrator password must be…
- CVE-2024-20855May 7, 2024risk 0.00cvss —epss 0.00
Improper access control vulnerability in multitasking framework prior to SMR May-2024 Release 1 allows physical attackers to access unlocked screen for a while.
- CVE-2024-20871May 7, 2024risk 0.00cvss —epss 0.00
Improper authorization vulnerability in Samsung Keyboard prior to version One UI 5.1.1 allows physical attackers to partially bypass the factory reset protection.
- CVE-2024-20870May 7, 2024risk 0.00cvss —epss 0.00
Improper verification of intent by broadcast receiver vulnerability in Galaxy Store prior to version 4.5.71.8 allows local attackers to write arbitrary files with the privilege of Galaxy Store.
- CVE-2024-20869May 7, 2024risk 0.00cvss —epss 0.00
Improper privilege management vulnerability in Samsung Internet prior to version 25.0.0.41 allows local attackers to bypass protection for cookies.
- CVE-2024-20868May 7, 2024risk 0.00cvss —epss 0.00
Improper input validation in Samsung Notes prior to version 4.4.15 allows local attackers to delete files with Samsung Notes privilege under certain conditions.
- CVE-2024-20867May 7, 2024risk 0.00cvss —epss 0.00
Improper privilege management vulnerability in Samsung Email prior to version 6.1.91.14 allows local attackers to access sensitive information.
- CVE-2024-20866May 7, 2024risk 0.00cvss —epss 0.00
Authentication bypass vulnerability in Setupwizard prior to SMR May-2024 Release 1 allows physical attackers to skip activation step.
- CVE-2024-20865May 7, 2024risk 0.00cvss —epss 0.00
Authentication bypass in bootloader prior to SMR May-2024 Release 1 allows physical attackers to flash arbitrary images.
- CVE-2024-20864May 7, 2024risk 0.00cvss —epss 0.00
Improper access control vulnerability in DarManagerService prior to SMR May-2024 Release 1 allows local attackers to monitor system resources.
- CVE-2024-20863May 7, 2024risk 0.00cvss —epss 0.00
Out of bounds write vulnerability in SNAP in HAL prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code.
- CVE-2024-20862May 7, 2024risk 0.00cvss —epss 0.00
Out-of-bounds write in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to execute arbitrary code.
- CVE-2024-20861May 7, 2024risk 0.00cvss —epss 0.00
Use after free vulnerability in SveService prior to SMR May-2024 Release 1 allows local privileged attackers to cause memory corruption.
- CVE-2024-20860May 7, 2024risk 0.00cvss —epss 0.00
Improper export of android application components vulnerability in TelephonyUI prior to SMR May-2024 Release 1 allows local attackers to reboot the device without proper permission.
- CVE-2024-20859May 7, 2024risk 0.00cvss —epss 0.00
Improper access control vulnerability in FactoryCamera prior to SMR May-2024 Release 1 allows local attackers to take pictures without privilege.
- CVE-2024-20858May 7, 2024risk 0.00cvss —epss 0.00
Improper access control vulnerability in setCocktailHostCallbacks of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.
- CVE-2024-20857May 7, 2024risk 0.00cvss —epss 0.00
Improper access control vulnerability in startListening of CocktailBarService prior to SMR May-2024 Release 1 allows local attackers to access information of current application.
Page 18 of 45