Samsung Latest Vulnerabilities

December 3

Attackers can create arbitrary folders in system directory via symbolic link in Samsung Magician 8.1.0 installer

CVE-2024-53921
Samsung

Path Traversal Vulnerability Affects Quick Share Agent Versions

CVE-2024-49421
SamsungQuick Share Agent4.3MEDIUM

Remote Attackers Can Launch Arbitrary Activity in GamingHub Prior to Version 6.1.04.6 in Korea

CVE-2024-49420
SamsungGaminghub7.5HIGH

Arbitrary URL Loading Vulnerability in GamingHub

CVE-2024-49419
SamsungGaminghub4.3MEDIUM

Remote attackers can enable JavaScript in webview due to insufficient url authenticity verification

CVE-2024-49418
SamsungGaminghub6.5MEDIUM

Privileged Activities via Implicit Intent before 1.0.0.8

CVE-2024-49417
SamsungSmart Touch Call2LOW

Security Vulnerability in SmartThings Prior to Version 1.8.21 Allows Local Attackers to Access Sensitive Information

CVE-2024-49416
SamsungSmartthings4MEDIUM

Remote Arbitrary Code Execution Vulnerability in libSaped.so Prior to SMR Dec-2024 Release 1

CVE-2024-49415
SamsungSamsung Devices8.1HIGH

Physical Attackers Temporarily Access Recent App List Using Alternate Path Before SMR Dec-2024 Release 1

CVE-2024-49414
SamsungSamsung Devices2.4LOW

Local Attackers Can Install Malicious Apps Due to Improper Verification of Cryptographic Signature Prior to SMR Dec-2024 Release 1

CVE-2024-49413
SamsungSamsung Devices7.1HIGH

Bluetooth Signal Broadcast Vulnerability in Galaxy Watch Discovered

CVE-2024-49412
SamsungSamsung Devices5.5MEDIUM

Wi-Fi 6 Spending Growth to Slow in 2023 as Economy Weakens

CVE-2024-49411
SamsungSamsung Devices4.3MEDIUM

Arbitrary Code Execution Vulnerability Discovered in libswmfextractor.so Prior to SMR Dec-2024 Release 1

CVE-2024-49410
SamsungSamsung Devices5.9MEDIUM

December 2

Samsung Exynos Processors Vulnerable to Denial of Service Attack

CVE-2024-39343
Samsung7HIGH

November 6

Out-of-Bounds Write Vulnerability Affects Samsung Galaxy S24

CVE-2024-49409
SamsungSamsung Devices6.7MEDIUM

Out-of-bounds write in USB driver before Firmware update on Galaxy S24 allows local attackers to write out-of-bounds memory.

CVE-2024-49408
SamsungSamsung Devices6.7MEDIUM

Samsung Flow Vulnerability Allows Physical Attackers to Access Data Across Multiple User Profiles

CVE-2024-49407
SamsungSamsung Flow4.6MEDIUM

Untrusted Modification of Transactions Possible in Pre-1.3.16 Versions of Blockchain Keystore

CVE-2024-49406
SamsungBlockchain Keystore4.4MEDIUM

Samsung Pass Vulnerability Allows Physical Attackers to Access Sensitive Information

CVE-2024-49405
SamsungSamsung Pass4.6MEDIUM

Physical Attackers Can Access Other Users' Video Files via Improper Access Control in Samsung Video Player

CVE-2024-49404
SamsungSamsung Video Player4.6MEDIUM

Security Vulnerability in Samsung Voice Recorder Allows Access to Recordings

CVE-2024-49403
SamsungSamsung Voice Recorder4.6MEDIUM

Physical Attackers Access Data Across Multiple User Profiles

CVE-2024-49402
SamsungSamsung Devices4.6MEDIUM

Privileged Activities Attack via Improper Input Validation

CVE-2024-49401
SamsungSamsung Devices7.1HIGH

Physical Attackers Can Access Stored WiFi Password in Maintenance Mode

CVE-2024-34682
SamsungSamsung Devices2.4LOW

BluetoothAdapter Vulnerability Affects Galaxy Watch

CVE-2024-34681
SamsungSamsung Devices6.6MEDIUM

Sensitive Communication Vulnerability in WlanTest

CVE-2024-34680
SamsungSamsung Devices5.5MEDIUM

Local Attackers Can Access Sensitive Files with Phone Privilege Due to Incorrect Default Permissions in Crane SMR Nov-2024 Release 1

CVE-2024-34679
SamsungSamsung Devices7.1HIGH

LibSAPExtractor Memory Corruption Vulnerability

CVE-2024-34678
SamsungSamsung Devices7.8HIGH

Malicious Apps Disguised as Legitimate Apps in System UI Prior to SMR Nov-2024 Release 1

CVE-2024-34677
SamsungSamsung Devices3.3LOW

Memory Corruption Vulnerability in libsubextractor.so Prior to SMR Nov-2024 Release 1

CVE-2024-34676
SamsungSamsung Devices7.3HIGH

Unlocked Screens Vulnerable to Physical Attacks

CVE-2024-34675
SamsungSamsung Devices4.6MEDIUM

Physical Attackers Can Access Data Across Multiple User Profiles Due to Lack of Access Control in iPhone

CVE-2024-34674
SamsungSamsung Devices4.6MEDIUM

Denial-of-Service Vulnerability in IpcProtocol Modem

CVE-2024-34673
SamsungSamsung Devices5.5MEDIUM

November 4

Samsung Exynos Processors Vulnerable to Heap Overflow Attacks

CVE-2024-45185
Samsung

October 8

Attackers Can Access Other Users' Video Files Through Improper Input Validation in SamsungVideoPlayer

CVE-2024-34672
SamsungSamsungvideoplayer5.5MEDIUM

Local Attackers Can Access Sensitive Information Through Implicit Intent in Prior Versions of Samsung Internet

CVE-2024-34671
SamsungSamsung Internet3.3LOW

Local Attackers Can Steal Sensitive Information Using Implicit Intent Before Version 6.1.0.9

CVE-2024-34670
SamsungSound Assistant4MEDIUM

Remote Execution of Arbitrary Code with System Privileges Through Out-of-Bounds Write in librtppayload.so Prior to SMR Oct-2024 Release 1

CVE-2024-34669
SamsungSamsung Devices8.8HIGH

Remote Code Execution Vulnerability in librtppayload.so Prior to SMR Oct-2024 Release 1

CVE-2024-34668
SamsungSamsung Devices8.8HIGH

Remotely Exploitable Out-of-Bounds Write Vulnerability in librtppayload.so Prior to SMR Oct-2024 Release 1

CVE-2024-34667
SamsungSamsung Devices8.8HIGH

Arbitrary Code Execution Vulnerability in Librtppayload.so Pre-Oct-2024 Release 1

CVE-2024-34666
SamsungSamsung Devices8.8HIGH

Remote Arbitrary Code Execution Vulnerability in librtppayload.so Prior to SMR Oct-2024 Release 1

CVE-2024-34665
SamsungSamsung Devices8.8HIGH

Bypassancy of Knox Guard in a Multi-User Environment Due to Improper Check for Exception Conditions

CVE-2024-34664
SamsungSamsung Devices4.1MEDIUM

Out-of-Bounds Memory Write Vulnerability in libSEF.quram.so Prior to SMR Oct-2024 Release 1

CVE-2024-34663
SamsungSamsung Devices5.3MEDIUM

Improper Access Control in ActivityManager Leads to Privileged Behaviors

CVE-2024-34662
SamsungSamsung Devices7.8HIGH

October 7

Samsung's Exynos Processors Vulnerable to Privilege Escalation Due to Use-After-Free Bug

CVE-2024-44068
Samsung👾

September 10

CVE-2024-31960
SamsungExynos 1480 Firmware7.8HIGH

September 9

Exynos Processors Vulnerable to Heap Over-Read Due to Lack of Input Validation

CVE-2024-27364
SamsungExynos 980 Firmware5.5MEDIUM

Heap Overwrite Vulnerability Affects Samsung Mobile Processors

CVE-2024-27383
SamsungExynos 980 Firmware7.8HIGH

Heap Over-read Vulnerability in Samsung Exynos Processors

CVE-2024-27365
SamsungExynos 980 Firmware5.5MEDIUM

CVE-2024-27367
SamsungExynos 980 Firmware5.5MEDIUM

Samsung Mobile Processor Vulnerable to Heap Over-Read

CVE-2024-27366
SamsungExynos 980 Firmware5.5MEDIUM

Samsung Exynos Processor Vulnerable to Heap Over-Read Due to Lack of Input Validation

CVE-2024-27368
SamsungExynos 980 Firmware5.5MEDIUM

Heap Overwrite Vulnerability in Exynos Mobile Processor

CVE-2024-27387
SamsungExynos 1080 Firmware7.8HIGH

September 4

Samsung Assistant Location Data Vulnerability

CVE-2024-34661
SamsungSamsung Assistant4.3MEDIUM

Samsung Notes vulnerability allows local attackers to execute arbitrary code

CVE-2024-34660
SamsungSamsung Notes7.8HIGH

Remotely Forced Group Join Vulnerability in GroupSharing Prior to Version 13.6.13.3

CVE-2024-34659
SamsungGroup Sharing5.3MEDIUM

Samsung Notes Vulnerability Allows Local Attackers to Bypass ASLR

CVE-2024-34658
SamsungSamsung Notes7.1HIGH

Samsung Notes vulnerability allows remote attackers to execute arbitrary code

CVE-2024-34657
SamsungSamsung Notes9.8CRITICAL

Samsung Notes Path Traversal Vulnerability Allows Local Attackers to Execute Arbitrary Code

CVE-2024-34656
SamsungSamsung Notes7.8HIGH

Local Attackers Can Access Privileged API in UniversalCredentialManager Prior to Sep-2024 Release 1

CVE-2024-34655
SamsungSamsung Devices5.5MEDIUM

local attackers can access files with increased privileges

CVE-2024-34654
SamsungSamsung Devices5.5MEDIUM

Physical Attackers Can Access Your Files

CVE-2024-34653
SamsungSamsung Devices4.6MEDIUM

Local Attackers Can Access Performance Information Through Incorrect Authorization in kperfmon

CVE-2024-34652
SamsungSamsung Devices3.3LOW

My Files Vulnerability: Local Attackers Can Access Restricted Data Prior to Sep-2024 Release 1

CVE-2024-34651
SamsungSamsung Devices5.5MEDIUM

Local Attackers Can Access Privileged APIs After Incorrect Authorization Prior to Sep-2024 Release 1

CVE-2024-34650
SamsungSamsung Devices3.3LOW

Physical Attackers Can Temporarily Access Unlocked Screens Through Improper Access Control

CVE-2024-34649
SamsungSamsung Devices2.4LOW

Attackers Can Access Sensitive Data Due to Improper Handling of Insufficient Permissions

CVE-2024-34648
SamsungSamsung Devices5.5MEDIUM

Local Attackers Gain Access to Privileged APIs through Incorrect Use of DualDarManagerProxy Prior to SMR Sep-2024 Release 1

CVE-2024-34647
SamsungSamsung Devices5.5MEDIUM

Local Attackers Can Cause Permanent Denial of Service with Improper Access Control Before Sep-2024 Release 1

CVE-2024-34646
SamsungSamsung Devices5.5MEDIUM

Physical Attackers Can Install Privileged Applications via Improper Input Validation vulnerability

CVE-2024-34645
SamsungSamsung Devices4.6MEDIUM

Local Attackers Can Access Protected Data Due to Improper Access Control in Dressroom's Item Selection Before Sep-2024 Release 1

CVE-2024-34644
SamsungSamsung Devices5.5MEDIUM

Local Attackers Can Access Protected Data Through Improper Access Control

CVE-2024-34643
SamsungSamsung Devices5.5MEDIUM

Samsung One UI Home Vulnerable to Physical Attacks

CVE-2024-34642
SamsungSamsung Devices4.6MEDIUM

Improper Export of Android Application Components in FeliCaTest Prior to SMR Sep-2024 Release Allows Local Attackers to Enable NFC Configuration

CVE-2024-34641
SamsungSamsung Devices3.3LOW

Bypassing Process Expiration via Improper Access Control in BGProtectManager

CVE-2024-34640
SamsungSamsung Devices3.3LOW

Bypass Proper Validation Through Physical Attack

CVE-2024-34639
SamsungSamsung Devices4.6MEDIUM

Local Attackers Can Delete Non-Preloaded Applications

CVE-2024-34638
SamsungSamsung Devices7.1HIGH

Bypassing Restrictions on Starting Services from Background in Android

CVE-2024-34637
SamsungSamsung Devices5.5MEDIUM

August 7

Attackers can Steal Sensitive Information via Implicit Intent in Pre-6.1.94.2 Samsung Email

CVE-2024-34636
SamsungSamsung Email5.5MEDIUM

Samsung Notes Vulnerability Allows Local Access to Unauthorized Memory

CVE-2024-34635
SamsungSamsung Notes3.3LOW

Samsung Notes Vulnerability Allows Local Attacker Access to Unauthorized Memory

CVE-2024-34634
SamsungSamsung Notes3.3LOW

Memory Tampering Vulnerability in Samsung Notes

CVE-2024-34633
SamsungSamsung Notes3.3LOW

Local Attacker can Access Unauthorized Memory through Uuid Parsing Bug

CVE-2024-34632
SamsungSamsung Notes3.3LOW

Samsung Notes Vulnerability Allows Local Attackers to Read Memory

CVE-2024-34631
SamsungSamsung Notes5.5MEDIUM

Samsung Notes Vulnerability Allows Local Attackers to Read Memory

CVE-2024-34630
SamsungSamsung Notes5.5MEDIUM

Samsung Notes Vulnerability Could Allow Local Attackers to Read Memory

CVE-2024-34629
SamsungSamsung Notes5.5MEDIUM

Samsung Notes Vulnerability Allows Local Attackers to Read Memory

CVE-2024-34628
SamsungSamsung Notes5.5MEDIUM

Samsung Notes Vulnerability: Local Attackers Can Access Memory

CVE-2024-34627
SamsungSamsung Notes5.5MEDIUM

Samsung Notes Vulnerability Allows Local Attackers to Access Memory

CVE-2024-34626
SamsungSamsung Notes5.5MEDIUM

Samsung Notes Prior to 4.4.21.62 Vulnerable to Local Attackers via Out-of-Bounds Read

CVE-2024-34625
SamsungSamsung Notes5.5MEDIUM

Samsung Notes Vulnerability Allows Local Attackers to Read Memory

CVE-2024-34624
SamsungSamsung Notes5.5MEDIUM

Samsung Notes Vulnerability Affects Android Devices

CVE-2024-34623
SamsungSamsung Notes7.8HIGH

Samsung Notes Vulnerability Allows Local Attackers to Execute Arbitrary Code

CVE-2024-34622
SamsungSamsung Notes7.8HIGH

Samsung Notes Vulnerability Allows Local Attackers to Read Memory

CVE-2024-34621
SamsungSamsung Notes5.5MEDIUM

Privilege Escalation Vulnerability in SumeNNService

CVE-2024-34620
SamsungSamsung Devices7.8HIGH

Remote Code Execution Vulnerability in librtp.so

CVE-2024-34619
SamsungSamsung Devices8.8HIGH

Attackers Can Access Cell Related Information via Improper Access Control

CVE-2024-34618
SamsungSamsung Devices3.3LOW

Local Attackers Can Configure Default Message App Prior to SMR Aug-2024 Release 1

CVE-2024-34617
SamsungSamsung Devices3.3LOW

Local Attackers Can Access Sensitive Data Due to Improper Handling of Insufficient Permissions

CVE-2024-34616
SamsungSamsung Devices5.5MEDIUM