Samsung Security Vulnerabilities
Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary...
6.4CVSS
6.7AI Score
0.0004EPSS
Incorrect default permission in AppLock prior to SMR MAr-2024 Release 1 allows local attackers to configure AppLock...
5.3CVSS
5.1AI Score
0.0004EPSS
Stack overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows local privileged attackers to execute arbitrary...
6.4CVSS
6.7AI Score
0.0004EPSS
Improper input validation in IpcTxSndSetLoopbackCtrl in libsec-ril prior to SMR Sep-2023 Release 1 allows local attackers to write out-of-bounds...
5.9CVSS
5.6AI Score
0.0004EPSS
Missing proper interaction for opening deeplink in Samsung Internet prior to version v24.0.0.0 allows remote attackers to open an application without proper...
5.4CVSS
5.5AI Score
0.0004EPSS
Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper...
4.6CVSS
4.5AI Score
0.001EPSS
Out-of-bounds Write vulnerabilities in svc1td_vld_slh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer...
7.8CVSS
7.6AI Score
0.0004EPSS
Out-of-bounds Write vulnerabilities in svc1td_vld_plh_ap of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer...
7.8CVSS
7.6AI Score
0.0004EPSS
Improper input validation in bootloader prior to SMR Feb-2024 Release 1 allows local privileged attackers to cause an Out-Of-Bounds...
7.1CVSS
6.6AI Score
0.0004EPSS
Out-of-bounds Write vulnerabilities in svc1td_vld_elh of libsthmbc.so prior to SMR Feb-2024 Release 1 allows local attackers to trigger buffer...
7.8CVSS
7.6AI Score
0.0004EPSS
Out-of-bounds Write in padmd_vld_qtbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary...
8.4CVSS
7.7AI Score
0.0004EPSS
Out-of-bounds Write in padmd_vld_htbl of libpadm.so prior to SMR Feb-2024 Release 1 allows local attacker to execute arbitrary...
8.4CVSS
7.7AI Score
0.0004EPSS
Improper authentication vulnerability in onCharacteristicWriteRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user...
8CVSS
6.5AI Score
0.0004EPSS
Out-of-bounds Read in padmd_vld_ac_prog_refine of libpadm.so prior to SMR Feb-2024 Release 1 allows local attackers access unauthorized...
5.5CVSS
5.3AI Score
0.0004EPSS
Improper authentication vulnerability in onCharacteristicReadRequest in Auto Hotspot prior to SMR Feb-2024 Release 1 allows adjacent attackers connect to victim's mobile hotspot without user...
8CVSS
6.5AI Score
0.0004EPSS
Improper caller verification in GameOptimizer prior to SMR Feb-2024 Release 1 allows local attackers to configure...
5.1CVSS
4AI Score
0.0004EPSS
Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows local attackers to get sensitive...
3.3CVSS
3.9AI Score
0.0004EPSS
Implicit intent hijacking vulnerability in Samsung Email prior to version 6.1.90.16 allows local attacker to get sensitive...
3.3CVSS
3.9AI Score
0.0004EPSS
Improper authentication vulnerability in Bluetooth pairing process prior to SMR Jan-2024 Release 1 allows remote attackers to establish pairing process without user...
6.8CVSS
6.6AI Score
0.001EPSS
Improper access control vulnerability in Samsung DeX prior to SMR Jan-2024 Release 1 allows owner to access other users' notification in a multi-user...
5.5CVSS
5.4AI Score
0.0004EPSS
Path traversal vulnerability in FileUriConverter of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary...
5.5CVSS
5.4AI Score
0.0004EPSS
Improper access control in Notification service prior to SMR Jan-2024 Release 1 allows local attacker to access notification...
6.2CVSS
5.3AI Score
0.0004EPSS
Path traversal vulnerability in ZipCompressor of MyFiles prior to SMR Jan-2024 Release 1 in Android 11 and Android 12, and version 14.5.00.21 in Android 13 allows local attackers to write arbitrary...
5.5CVSS
5.4AI Score
0.0004EPSS
Improper Access Control in Samsung Voice Recorder prior to versions 21.4.15.01 in Android 12 and Android 13, 21.4.50.17 in Android 14 allows physical attackers to access Voice Recorder information on the lock...
6.8CVSS
3.6AI Score
0.0004EPSS
Improper usage of insecure protocol (i.e. HTTP) in SogouSDK of Chinese Samsung Keyboard prior to versions 5.3.70.1 in Android 11, 5.4.60.49, 5.4.85.5, 5.5.00.58 in Android 12, and 5.6.00.52, 5.6.10.42, 5.7.00.45 in Android 13 allows adjacent attackers to access keystroke data using...
6.5CVSS
5.2AI Score
0.001EPSS
Improper handling of insufficient permissions or privileges vulnerability in Samsung Data Store prior to version 5.2.00.7 allows remote attackers to access location information without...
7.5CVSS
7.4AI Score
0.001EPSS
Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag...
6.8CVSS
6.6AI Score
0.001EPSS
Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid exception...
6.8CVSS
6.6AI Score
0.001EPSS
Implicit intent hijacking vulnerability in Samsung Account Web SDK prior to version 1.5.24 allows attacker to get sensitive...
5.5CVSS
5.4AI Score
0.001EPSS
Improper access control vulnerability in SmartManagerCN prior to SMR Dec-2023 Release 1 allows local attackers to access arbitrary files with system...
7.3CVSS
4.7AI Score
0.0004EPSS
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Dec-2023 Release 1 allows attacker to access device SIM...
5.9CVSS
4.1AI Score
0.0004EPSS
Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR...
4CVSS
4.1AI Score
0.0004EPSS
Improper access control in knoxcustom service prior to SMR Dec-2023 Release 1 allows attacker to send broadcast with system...
6.6CVSS
5.4AI Score
0.0004EPSS
Improper size check vulnerability in softsimd prior to SMR Dec-2023 Release 1 allows stack-based buffer...
7.8CVSS
7.6AI Score
0.0004EPSS
Integer overflow vulnerability in detectionFindFaceSupportMultiInstance of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap...
7.8CVSS
7.6AI Score
0.0004EPSS
Out-of-bound write vulnerability in libsavsvc prior to SMR Dec-2023 Release 1 allows local attackers to execute arbitrary...
7.8CVSS
7.7AI Score
0.0004EPSS
Integer overflow vulnerability in landmarkCopyImageToNative of libFacePreProcessingjni.camera.samsung.so prior to SMR Dec-2023 Release 1 allows attacker to trigger heap...
7.8CVSS
7.6AI Score
0.0004EPSS
Improper input validation vulnerability in Smart Clip prior to SMR Dec-2023 Release 1 allows local attackers with shell privilege to execute arbitrary...
7.3CVSS
6.7AI Score
0.0004EPSS
Out-of-bound write vulnerability in libIfaaCa prior to SMR Dec-2023 Release 1 allows local system attackers to execute arbitrary...
6.7CVSS
6.7AI Score
0.0004EPSS
Improper exception management vulnerability in Knox Guard prior to SMR Dec-2023 Release 1 allows Knox Guard lock bypass via changing system...
5.2CVSS
5.2AI Score
0.001EPSS
Heap out-of-bounds write vulnerability in dec_mono_audb of libsavsac.so prior to SMR Dec-2023 Release 1 allows an attacker to execute arbitrary...
7.8CVSS
7.9AI Score
0.0004EPSS
Improper usage of implicit intent in Contacts prior to SMR Dec-2023 Release 1 allows attacker to get sensitive...
5.5CVSS
5.4AI Score
0.001EPSS
Out of bounds write vulnerability in HDCP in HAL prior to SMR Dec-2023 Release 1 allows attacker to perform code...
7.8CVSS
7.8AI Score
0.0004EPSS
Heap out-of-bounds write vulnerability in bootloader prior to SMR Dec-2023 Release 1 allows a physical attacker to execute arbitrary...
7.1CVSS
6.8AI Score
0.001EPSS
Improper Authentication vulnerabiity in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass...
6.8CVSS
6.5AI Score
0.001EPSS
Improper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of...
5.3CVSS
5.2AI Score
0.0005EPSS
Use of implicit intent for sensitive communication vulnerability in startTncActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account...
6.5CVSS
6.5AI Score
0.0005EPSS
Use of implicit intent for sensitive communication vulnerability in startNameValidationActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account...
6.5CVSS
6.5AI Score
0.0005EPSS
Use of implicit intent for sensitive communication vulnerability in startSignIn in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account...
6.5CVSS
6.5AI Score
0.0005EPSS
Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account...
6.5CVSS
6.5AI Score
0.0005EPSS