Latest Samsung Vulnerabilities

CVE-2024-27362
A vulnerability was discovered in Samsung Mobile Processors Exynos 1280, Exynos 2200, Exynos 1330, Exynos 1380, and Exynos 2400 where they do not properly check the length of the data, which can lead ...
Samsung Exynos 1280 Firmware
Samsung Exynos 1280
Samsung Exynos 2200 Firmware
Samsung Exynos 2200
Samsung Exynos 1330 Firmware
Samsung Exynos 1330
and 4 more
CVE-2024-27360
A vulnerability was discovered in Samsung Mobile Processors Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, and Exynos W930 where they do not properly check l...
Samsung Exynos 850 Firmware
Samsung Exynos 850
Samsung Exynos 1080 Firmware
Samsung Exynos 1080
Samsung Exynos 2100 Firmware
Samsung Exynos 2100
and 10 more
CVE-2024-28067
A vulnerability in Samsung Exynos Modem 5300 allows a Man-in-the-Middle (MITM) attacker to downgrade the security mode of packets going to the victim, enabling the attacker to send messages to the vic...
Samsung Exynos Modem 5300 Firmware
Samsung Exynos Modem 5300
CVE-2024-31957
A vulnerability was discovered in Samsung Mobile Processors Exynos 2200 and Exynos 2400 where they lack a check for the validation of native handles, which can result in a DoS(Denial of Service) attac...
Samsung Exynos 2200 Firmware
Samsung Exynos 2200
Samsung Exynos 2400 Firmware
Samsung Exynos 2400
CVE-2024-34603
Improper access control in Samsung Message prior to SMR Jul-2024 Release 1 allows local attackers to access location data.
Samsung Android=13.0
Samsung Android=13.0-smr-apr-2023-r1
Samsung Android=13.0-smr-apr-2024-r1
Samsung Android=13.0-smr-aug-2023-r1
Samsung Android=13.0-smr-dec-2022-r1
Samsung Android=13.0-smr-dec-2023-r1
and 37 more
CVE-2024-34602
Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. User interaction is required for triggering ...
Samsung Android=12.0
Samsung Android=12.0-smr-apr-2022-r1
Samsung Android=12.0-smr-apr-2023-r1
Samsung Android=12.0-smr-apr-2024-r1
Samsung Android=12.0-smr-aug-2022-r1
Samsung Android=12.0-smr-aug-2023-r1
and 70 more
CVE-2024-34601
Improper verification of intent by broadcast receiver vulnerability in GalaxyStore prior to version 4.5.81.0 allows local attackers to launch unexported activities of GalaxyStore.
Samsung Galaxystore<4.5.81.0
CVE-2024-34600
Improper verification of intent by broadcast receiver vulnerability in Samsung Flow prior to version 4.9.13.0 allows local attackers to copy image files to external storage.
Samsung Flow<4.9.13.0
CVE-2024-34599
Improper input validation in Tips prior to version 6.2.9.4 in Android 14 allows local attacker to send broadcast with Tips&#39; privilege.
Samsung Tips<6.2.9.4
Google Android=14.0
CVE-2024-34597
Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to write arbitrary document files to the sandbox of Samsung Health. User interaction is required for trig...
Samsung Health<6.27.0.113
CVE-2024-34596
Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner.
Samsung Smartthings<1.8.17
CVE-2024-34595
Improper access control in clickAdapterItem of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.
Samsung Android=12.0
Samsung Android=12.0-smr-apr-2022-r1
Samsung Android=12.0-smr-apr-2023-r1
Samsung Android=12.0-smr-apr-2024-r1
Samsung Android=12.0-smr-aug-2022-r1
Samsung Android=12.0-smr-aug-2023-r1
and 70 more
CVE-2024-34594
Exposure of sensitive information in proc file system prior to SMR Jul-2024 Release 1 allows local attackers to read kernel memory address.
Samsung Android=12.0
Samsung Android=12.0-smr-apr-2022-r1
Samsung Android=12.0-smr-apr-2023-r1
Samsung Android=12.0-smr-apr-2024-r1
Samsung Android=12.0-smr-aug-2022-r1
Samsung Android=12.0-smr-aug-2023-r1
and 70 more
CVE-2024-34593
Improper input validation in parsing and distributing RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction...
Samsung Android=12.0
Samsung Android=12.0-smr-apr-2022-r1
Samsung Android=12.0-smr-apr-2023-r1
Samsung Android=12.0-smr-apr-2024-r1
Samsung Android=12.0-smr-aug-2022-r1
Samsung Android=12.0-smr-aug-2023-r1
and 70 more
CVE-2024-34592
Improper input validation in parsing RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for trig...
Samsung Android=12.0
Samsung Android=12.0-smr-apr-2022-r1
Samsung Android=12.0-smr-apr-2023-r1
Samsung Android=12.0-smr-apr-2024-r1
Samsung Android=12.0-smr-aug-2022-r1
Samsung Android=12.0-smr-aug-2023-r1
and 70 more
CVE-2024-34591
Improper input validation in parsing an item data from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is...
Samsung Android=12.0
Samsung Android=12.0-smr-apr-2022-r1
Samsung Android=12.0-smr-apr-2023-r1
Samsung Android=12.0-smr-apr-2024-r1
Samsung Android=12.0-smr-aug-2022-r1
Samsung Android=12.0-smr-aug-2023-r1
and 70 more
CVE-2024-34590
Improper input validation혻in parsing an item type from RTCP SDES packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is...
Samsung Android=12.0
Samsung Android=12.0-smr-apr-2022-r1
Samsung Android=12.0-smr-apr-2023-r1
Samsung Android=12.0-smr-apr-2024-r1
Samsung Android=12.0-smr-aug-2022-r1
Samsung Android=12.0-smr-aug-2023-r1
and 70 more
CVE-2024-34589
Improper input validation in parsing RTCP RR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for trigge...
Samsung Android=12.0
Samsung Android=12.0-smr-apr-2022-r1
Samsung Android=12.0-smr-apr-2023-r1
Samsung Android=12.0-smr-apr-2024-r1
Samsung Android=12.0-smr-aug-2022-r1
Samsung Android=12.0-smr-aug-2023-r1
and 70 more
CVE-2024-34588
Improper input validation?in parsing RTCP SR packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to trigger temporary denial of service. User interaction is required for trigge...
Samsung Android=12.0
Samsung Android=12.0-smr-apr-2022-r1
Samsung Android=12.0-smr-apr-2023-r1
Samsung Android=12.0-smr-apr-2024-r1
Samsung Android=12.0-smr-aug-2022-r1
Samsung Android=12.0-smr-aug-2023-r1
and 70 more
CVE-2024-34587
Improper input validation in parsing application information from RTCP packet in librtp.so prior to SMR Jul-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User...
Samsung Android=12.0
Samsung Android=12.0-smr-apr-2022-r1
Samsung Android=12.0-smr-apr-2023-r1
Samsung Android=12.0-smr-apr-2024-r1
Samsung Android=12.0-smr-aug-2022-r1
Samsung Android=12.0-smr-aug-2023-r1
and 70 more
CVE-2024-34586
Improper access control in KnoxCustomManagerService prior to SMR Jul-2024 Release 1 allows local attackers to configure Knox privacy policy.
Samsung Android=12.0
Samsung Android=12.0-smr-apr-2022-r1
Samsung Android=12.0-smr-apr-2023-r1
Samsung Android=12.0-smr-apr-2024-r1
Samsung Android=12.0-smr-aug-2022-r1
Samsung Android=12.0-smr-aug-2023-r1
and 70 more
CVE-2024-34585
Improper access control in launchApp of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.
Samsung Android=12.0
Samsung Android=12.0-smr-apr-2022-r1
Samsung Android=12.0-smr-apr-2023-r1
Samsung Android=12.0-smr-apr-2024-r1
Samsung Android=12.0-smr-aug-2022-r1
Samsung Android=12.0-smr-aug-2023-r1
and 70 more
CVE-2024-34583
Improper access control in system property prior to SMR Jul-2024 Release 1 allows local attackers to get device identifier.
Samsung Android=12.0
Samsung Android=12.0-smr-apr-2022-r1
Samsung Android=12.0-smr-apr-2023-r1
Samsung Android=12.0-smr-apr-2024-r1
Samsung Android=12.0-smr-aug-2022-r1
Samsung Android=12.0-smr-aug-2023-r1
and 70 more
CVE-2024-20901
Improper input validation in copying data to buffer cache in libsaped prior to SMR Jul-2024 Release 1 allows local attackers to write out-of-bounds memory.
Samsung Android=12.0
Samsung Android=12.0-smr-apr-2022-r1
Samsung Android=12.0-smr-apr-2023-r1
Samsung Android=12.0-smr-apr-2024-r1
Samsung Android=12.0-smr-aug-2022-r1
Samsung Android=12.0-smr-aug-2023-r1
and 70 more
CVE-2024-20900
Improper authentication in MTP application prior to SMR Jul-2024 Release 1 allows local attackers to enter MTP mode without proper authentication.
Samsung Android=12.0
Samsung Android=12.0-smr-apr-2022-r1
Samsung Android=12.0-smr-apr-2023-r1
Samsung Android=12.0-smr-apr-2024-r1
Samsung Android=12.0-smr-aug-2022-r1
Samsung Android=12.0-smr-aug-2023-r1
and 70 more
CVE-2024-20899
Use of implicit intent for sensitive communication in RCS function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
Samsung Android=12.0
Samsung Android=12.0-smr-apr-2022-r1
Samsung Android=12.0-smr-apr-2023-r1
Samsung Android=12.0-smr-apr-2024-r1
Samsung Android=12.0-smr-aug-2022-r1
Samsung Android=12.0-smr-aug-2023-r1
and 70 more
CVE-2024-20898
Use of implicit intent for sensitive communication in SoftphoneClient in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
Samsung Android=12.0
Samsung Android=12.0-smr-apr-2022-r1
Samsung Android=12.0-smr-apr-2023-r1
Samsung Android=12.0-smr-apr-2024-r1
Samsung Android=12.0-smr-aug-2022-r1
Samsung Android=12.0-smr-aug-2023-r1
and 70 more
CVE-2024-20897
Use of implicit intent for sensitive communication in FCM function in IMS service prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
Samsung Android=12.0
Samsung Android=12.0-smr-apr-2022-r1
Samsung Android=12.0-smr-apr-2023-r1
Samsung Android=12.0-smr-apr-2024-r1
Samsung Android=12.0-smr-aug-2022-r1
Samsung Android=12.0-smr-aug-2023-r1
and 70 more
CVE-2024-20896
Use of implicit intent for sensitive communication in Configuration message prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information.
Samsung Android=12.0
Samsung Android=12.0-smr-apr-2022-r1
Samsung Android=12.0-smr-apr-2023-r1
Samsung Android=12.0-smr-apr-2024-r1
Samsung Android=12.0-smr-aug-2022-r1
Samsung Android=12.0-smr-aug-2023-r1
and 70 more
CVE-2024-20895
Improper access control in Dar service prior to SMR Jul-2024 Release 1 allows local attackers to bypass restriction for calling SDP features.
Samsung Android=12.0
Samsung Android=12.0-smr-apr-2022-r1
Samsung Android=12.0-smr-apr-2023-r1
Samsung Android=12.0-smr-apr-2024-r1
Samsung Android=12.0-smr-aug-2022-r1
Samsung Android=12.0-smr-aug-2023-r1
and 70 more
CVE-2024-20894
Improper handling of exceptional conditions in Secure Folder prior to SMR Jul-2024 Release 1 allows physical attackers to bypass authentication under certain condition. User interaction is required fo...
Samsung Android=12.0
Samsung Android=12.0-smr-apr-2022-r1
Samsung Android=12.0-smr-apr-2023-r1
Samsung Android=12.0-smr-apr-2024-r1
Samsung Android=12.0-smr-aug-2022-r1
Samsung Android=12.0-smr-aug-2023-r1
and 70 more
CVE-2024-20893
Improper input validation in libmediaextractorservice.so prior to SMR Jul-2024 Release 1 allows local attackers to trigger memory corruption.
Samsung Android=12.0
Samsung Android=12.0-smr-apr-2022-r1
Samsung Android=12.0-smr-apr-2023-r1
Samsung Android=12.0-smr-apr-2024-r1
Samsung Android=12.0-smr-aug-2022-r1
Samsung Android=12.0-smr-aug-2023-r1
and 70 more
CVE-2024-20892
Improper verification of signature in FilterProvider prior to SMR Jul-2024 Release 1 allows local attackers to execute privileged behaviors. User interaction is required for triggering this vulnerabil...
Samsung Android=12.0
Samsung Android=12.0-smr-apr-2022-r1
Samsung Android=12.0-smr-apr-2023-r1
Samsung Android=12.0-smr-apr-2024-r1
Samsung Android=12.0-smr-aug-2022-r1
Samsung Android=12.0-smr-aug-2023-r1
and 70 more
CVE-2024-20891
Improper access control in launchFullscreenIntent of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.
Samsung Android=12.0
Samsung Android=12.0-smr-apr-2022-r1
Samsung Android=12.0-smr-apr-2023-r1
Samsung Android=12.0-smr-apr-2024-r1
Samsung Android=12.0-smr-aug-2022-r1
Samsung Android=12.0-smr-aug-2023-r1
and 70 more
CVE-2024-20890
Improper input validation in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to trigger abnormal behavior.
Samsung Android=12.0
Samsung Android=12.0-smr-apr-2022-r1
Samsung Android=12.0-smr-apr-2023-r1
Samsung Android=12.0-smr-apr-2024-r1
Samsung Android=12.0-smr-aug-2022-r1
Samsung Android=12.0-smr-aug-2023-r1
and 70 more
CVE-2024-20889
Improper authentication in BLE prior to SMR Jul-2024 Release 1 allows adjacent attackers to pair with devices.
Samsung Android=12.0
Samsung Android=12.0-smr-apr-2022-r1
Samsung Android=12.0-smr-apr-2023-r1
Samsung Android=12.0-smr-apr-2024-r1
Samsung Android=12.0-smr-aug-2022-r1
Samsung Android=12.0-smr-aug-2023-r1
and 70 more
CVE-2024-20888
Improper access control in OneUIHome prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.
Samsung Android=12.0
Samsung Android=12.0-smr-apr-2022-r1
Samsung Android=12.0-smr-apr-2023-r1
Samsung Android=12.0-smr-apr-2024-r1
Samsung Android=12.0-smr-aug-2022-r1
Samsung Android=12.0-smr-aug-2023-r1
and 70 more
CVE-2024-31956
An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks proper buffer length checking, which can result in an Out-of-Bounds Write.
Samsung Exynos 2200 Firmware
Samsung Exynos 2200
Samsung Exynos 1480 Firmware
Samsung Exynos 1480
Samsung Exynos 2400 Firmware
Samsung Exynos 2400
CVE-2024-32504
An issue was discovered in Samsung Mobile Processor and Wearable Processor Exynos 850, Exynos 1080, Exynos 2100, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, Exynos W930. The mobile processor l...
Samsung Exynos 850 Firmware
Samsung Exynos 850
Samsung Exynos 1080 Firmware
Samsung Exynos 1080
Samsung Exynos 2100 Firmware
Samsung Exynos 2100
and 10 more
CVE-2024-27382
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_send_action_frame(), there is no input validation check on l...
Samsung Exynos 980 Firmware
Samsung Exynos 980
Samsung Exynos 850 Firmware
Samsung Exynos 850
Samsung Exynos 1280 Firmware
Samsung Exynos 1280
and 4 more
CVE-2024-27381
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_send_action_frame_ut(), there is no input validation check o...
Samsung Exynos 980 Firmware
Samsung Exynos 980
Samsung Exynos 850 Firmware
Samsung Exynos 850
Samsung Exynos 1280 Firmware
Samsung Exynos 1280
and 4 more
CVE-2024-27379
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_subscribe_get_nl_params(), there is no input validation ...
Samsung Exynos 980 Firmware
Samsung Exynos 980
Samsung Exynos 850 Firmware
Samsung Exynos 850
Samsung Exynos 1280 Firmware
Samsung Exynos 1280
and 4 more
CVE-2024-27378
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_send_action_frame_cert(), there is no input validation check...
Samsung Exynos 980 Firmware
Samsung Exynos 980
Samsung Exynos 850 Firmware
Samsung Exynos 850
Samsung Exynos 1280 Firmware
Samsung Exynos 1280
and 4 more
CVE-2024-27380
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_set_delayed_wakeup_type(), there is no input validation chec...
Samsung Exynos 980 Firmware
Samsung Exynos 980
Samsung Exynos 850 Firmware
Samsung Exynos 850
Samsung Exynos 1280 Firmware
Samsung Exynos 1280
and 4 more
CVE-2024-27376
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_subscribe_get_nl_params(), there is no input validation ...
Samsung Exynos 980 Firmware
Samsung Exynos 980
Samsung Exynos 850 Firmware
Samsung Exynos 850
Samsung Exynos 1280 Firmware
Samsung Exynos 1280
and 4 more
CVE-2024-27377
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_get_security_info_nl(), there is no input validation che...
Samsung Exynos 980 Firmware
Samsung Exynos 980
Samsung Exynos 850 Firmware
Samsung Exynos 850
Samsung Exynos 1280 Firmware
Samsung Exynos 1280
and 4 more
CVE-2024-27374
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_publish_get_nl_params(), there is no input validation ch...
and 4 more
CVE-2024-27375
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_followup_get_nl_params(), there is no input validation c...
Samsung Exynos 980 Firmware
Samsung Exynos 980
Samsung Exynos 850 Firmware
Samsung Exynos 850
Samsung Exynos 1280 Firmware
Samsung Exynos 1280
and 4 more
CVE-2024-27373
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation che...
Samsung Exynos 980 Firmware
Samsung Exynos 980
Samsung Exynos 850 Firmware
Samsung Exynos 850
Samsung Exynos 1280 Firmware
Samsung Exynos 1280
and 4 more
CVE-2024-27372
An issue was discovered in Samsung Mobile Processor Exynos 980, Exynos 850, Exynos 1280, Exynos 1380, and Exynos 1330. In the function slsi_nan_config_get_nl_params(), there is no input validation che...
Samsung Exynos 980 Firmware
Samsung Exynos 980
Samsung Exynos 850 Firmware
Samsung Exynos 850
Samsung Exynos 1280 Firmware
Samsung Exynos 1280
and 4 more

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203