cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-20890,https://securityvulnerability.io/vulnerability/CVE-2025-20890,Out-of-Bounds Write Vulnerability in Samsung Mobile Software,"An out-of-bounds write vulnerability in the libsthmbc.so component prior to the SMR Jan-2025 Release 1 allows local attackers to exploit the system by executing arbitrary code. This flaw necessitates user interaction to trigger, posing a significant risk to systems using the affected version. Users are advised to update their software to mitigate potential exploitation.",Samsung,Samsung Devices,7,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-04T07:19:37.251Z,0
CVE-2025-20888,https://securityvulnerability.io/vulnerability/CVE-2025-20888,Out-of-Bounds Write Vulnerability in Samsung Mobile Software,"An out-of-bounds write vulnerability exists in the handling of the block size for the smp4vtd component within libsthmbc.so in Samsung Mobile Software. This flaw allows local attackers to exploit the vulnerability to execute arbitrary code with elevated privileges, contingent upon user interaction. The vulnerability must be addressed to maintain system integrity and prevent potential unauthorized actions.",Samsung,Samsung Devices,7,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-04T07:19:35.006Z,0
CVE-2025-20882,https://securityvulnerability.io/vulnerability/CVE-2025-20882,Out-of-bounds Write Vulnerability in Samsung Mobile's libsthmbc.so,"The vulnerability exists due to an out-of-bounds write condition that exposes uninitialized memory in libsthmbc.so prior to the SMR Jan-2025 Release 1. Local attackers can exploit this flaw to execute arbitrary code, but it requires user interaction to trigger the vulnerability. This can lead to significant security risks if exploited, highlighting the importance of keeping software up-to-date.",Samsung,Samsung Devices,7,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-04T07:19:27.982Z,0
CVE-2025-20881,https://securityvulnerability.io/vulnerability/CVE-2025-20881,Out-of-Bounds Write Vulnerability in Samsung's libsthmbc.so Library,"An out-of-bounds write vulnerability exists in the libsthmbc.so library, which can be exploited by local attackers. This issue arises during the access to the buffer that stores the decoded video frames, potentially allowing unauthorized code execution with elevated privileges. While user interaction is required to trigger this exploit, the risk remains significant, highlighting the need for timely updates and user precautions.",Samsung,Samsung Devices,7,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-04T07:19:26.808Z,0
CVE-2024-49420,https://securityvulnerability.io/vulnerability/CVE-2024-49420,Remote Attackers Can Launch Arbitrary Activity in GamingHub Prior to Version 6.1.04.6 in Korea,"A vulnerability exists in Samsung's GamingHub that relates to improper handling of responses, which can be exploited by remote attackers. Versions of GamingHub prior to 6.1.04.6 in Korea and 7.1.03.7 in Global are particularly affected. This flaw allows unauthorized parties to potentially execute arbitrary activities through manipulated responses, posing a significant risk to users and networks utilizing this gaming platform.",Samsung,Gaminghub,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-03T05:48:05.296Z,0
CVE-2024-49415,https://securityvulnerability.io/vulnerability/CVE-2024-49415,Remote Arbitrary Code Execution Vulnerability in libSaped.so Prior to SMR Dec-2024 Release 1,"The libsaped.so component in Samsung mobile devices contains an out-of-bound write vulnerability that enables remote attackers to exploit the issue and execute arbitrary code on affected systems. This vulnerability, which impacts versions prior to the SMR Dec-2024 Release 1, poses a significant security risk, necessitating immediate attention from users and administrators to mitigate potential threats.",Samsung,Samsung Devices,8.1,HIGH,0.0004299999854993075,false,,false,false,false,,,true,false,,2024-12-03T05:47:58.657Z,6238
CVE-2024-49413,https://securityvulnerability.io/vulnerability/CVE-2024-49413,Local Attackers Can Install Malicious Apps Due to Improper Verification of Cryptographic Signature Prior to SMR Dec-2024 Release 1,"The vulnerability arises from an improper verification of cryptographic signatures in Samsung's SmartSwitch software. This flaw enables local attackers to exploit the system by installing malicious applications without proper authentication checks. Users who have not updated to the SMR Dec-2024 Release 1 are particularly at risk, as their systems may be susceptible to unauthorized software installations that could compromise data integrity and security. Organizations and individuals utilizing SmartSwitch should ensure they have the latest updates installed to mitigate potential exploitation.",Samsung,Samsung Devices,7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-03T05:47:56.157Z,0
CVE-2024-39343,https://securityvulnerability.io/vulnerability/CVE-2024-39343,Samsung Exynos Processors Vulnerable to Denial of Service Attack,"A vulnerability identified in Samsung's Exynos mobile and wearable processors, specifically in the MM (Mobility Management) module of the baseband software, permits an improper validation of length checks. This oversight could potentially lead to a Denial of Service, affecting the operation of devices utilizing the Exynos 2100, 1280, 2200, 1330, 1380, 1480, 2400, along with Modem 5123 and Modem 5300. Users of these processors should be aware of this security flaw and take appropriate measures to mitigate any risks associated with its exploitation.",Samsung,,7,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-02T00:00:00.000Z,0
CVE-2024-39890,https://securityvulnerability.io/vulnerability/CVE-2024-39890,Out-of-Bounds Write Vulnerability in Samsung Exynos Mobile and Wearable Processors,"A vulnerability has been identified in Samsung's Exynos mobile and wearable processors, affecting a range of models including the Exynos 9820, 9825, 980, and several others. This vulnerability is associated with the baseband software, which fails to properly validate the length specified by Call Control (CC), potentially resulting in an out-of-bounds write condition. Exploitation of this vulnerability could allow unauthorized access to system memory, presenting significant risks for user data integrity and device functionality. Mitigation steps should be taken promptly by affected users to secure their devices.",Samsung,,8.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-02T00:00:00.000Z,0
CVE-2024-49401,https://securityvulnerability.io/vulnerability/CVE-2024-49401,Privileged Activities Attack via Improper Input Validation,"A vulnerability exists in Samsung's Settings Suggestions feature, where improper input validation can allow local attackers to carry out privileged activities. This flaw enhances the attack surface for potential exploits, emphasizing the need for prompt updates. Affected devices prior to the SMR Nov-2024 Release 1 version are particularly at risk, highlighting the importance of maintaining up-to-date security protocols. For further details, refer to the Samsung Mobile Security Update documentation.",Samsung,Samsung Devices,7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-06T02:17:18.793Z,0
CVE-2024-34679,https://securityvulnerability.io/vulnerability/CVE-2024-34679,Local Attackers Can Access Sensitive Files with Phone Privilege Due to Incorrect Default Permissions in Crane SMR Nov-2024 Release 1,"In Crane, incorrect default permissions prior to the SMR Nov-2024 Release 1 create a security vulnerability that allows local attackers to gain unauthorized access to sensitive files. This flaw compromises the privacy and integrity of user data, highlighting the importance of maintaining secure configurations and regular updates to mitigate such risks effectively.",Samsung,Samsung Devices,7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-06T02:17:06.753Z,0
CVE-2024-34678,https://securityvulnerability.io/vulnerability/CVE-2024-34678,LibSAPExtractor Memory Corruption Vulnerability,"The vulnerability related to the libsapeextractor.so library allows local attackers to exploit an out-of-bounds write condition, leading to potential memory corruption. Products from Samsung Mobile that are affected include those running versions prior to the SMR November 2024 Release 1. Users are urged to update their devices to mitigate risks associated with this vulnerability.",Samsung,Samsung Devices,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-06T02:17:05.626Z,0
CVE-2024-34676,https://securityvulnerability.io/vulnerability/CVE-2024-34676,Memory Corruption Vulnerability in libsubextractor.so Prior to SMR Nov-2024 Release 1,"An out-of-bounds write vulnerability exists in the parsing of subtitle files within libsubextractor.so versions released prior to the SMR November 2024 Release 1. This flaw can be exploited by local attackers, enabling them to induce memory corruption through user interaction with the vulnerable component. Users may unwittingly trigger this vulnerability while handling subtitle files, leading to potential security risks and system instability.",Samsung,Samsung Devices,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-06T02:17:03.360Z,0
CVE-2024-34669,https://securityvulnerability.io/vulnerability/CVE-2024-34669,Remote Execution of Arbitrary Code with System Privileges Through Out-of-Bounds Write in librtppayload.so Prior to SMR Oct-2024 Release 1,"An out-of-bounds write vulnerability exists in the parsing of H.263+ format within the librtppayload.so library used in Samsung products. This flaw allows remote attackers to execute arbitrary code with system privileges upon user interaction, leading to potentially severe security implications. The vulnerability affects versions of the librtppayload.so library prior to the SMR Oct-2024 Release 1. Users are advised to stay informed about updates and exercise caution to mitigate the risks associated with this vulnerability.",Samsung,Samsung Devices,8.8,HIGH,0.0007099999929778278,false,,false,false,false,,,false,false,,2024-10-08T06:30:51.317Z,0
CVE-2024-34668,https://securityvulnerability.io/vulnerability/CVE-2024-34668,Remote Code Execution Vulnerability in librtppayload.so Prior to SMR Oct-2024 Release 1,"The vulnerability arises from an out-of-bounds write flaw in the H.263 format parsing within librtppayload.so, which allows remote attackers to potentially execute arbitrary code with system privileges. To trigger this vulnerability, user interaction is required, creating a risk for users when handling specially crafted inputs that take advantage of this weakness. The issue affects various Samsung products using the affected versions of librtppayload.so and reveals the need for prompt updates to mitigate potential exploits.",Samsung,Samsung Devices,8.8,HIGH,0.0007099999929778278,false,,false,false,false,,,false,false,,2024-10-08T06:30:49.849Z,0
CVE-2024-34667,https://securityvulnerability.io/vulnerability/CVE-2024-34667,Remotely Exploitable Out-of-Bounds Write Vulnerability in librtppayload.so Prior to SMR Oct-2024 Release 1,"An out-of-bounds write vulnerability has been identified in the H.265 parsing functionality of Samsung's librtppayload.so. This flaw allows remote attackers to exploit the vulnerability and execute arbitrary code with system privileges, provided that user interaction occurs to trigger the attack. Systems affected are those running versions prior to the SMR October 2024 Release 1. It is crucial for users and administrators of affected systems to apply available security updates promptly to mitigate potential risks associated with this vulnerability.",Samsung,Samsung Devices,8.8,HIGH,0.0007099999929778278,false,,false,false,false,,,false,false,,2024-10-08T06:30:48.635Z,0
CVE-2024-34666,https://securityvulnerability.io/vulnerability/CVE-2024-34666,Arbitrary Code Execution Vulnerability in Librtppayload.so Pre-Oct-2024 Release 1,"The vulnerability involves an out-of-bounds write in the parsing of H.264 format within the shared library librtppayload.so, found in certain Samsung devices. This issue can potentially allow remote attackers to execute arbitrary code with system privileges, but requires user interaction to trigger the vulnerability. Users of affected products should be aware of the risk and ensure timely updates to the latest release, which addresses this security concern.",Samsung,Samsung Devices,8.8,HIGH,0.0007099999929778278,false,,false,false,false,,,false,false,,2024-10-08T06:30:47.405Z,0
CVE-2024-34665,https://securityvulnerability.io/vulnerability/CVE-2024-34665,Remote Arbitrary Code Execution Vulnerability in librtppayload.so Prior to SMR Oct-2024 Release 1,"A vulnerability exists in the parsing of H.264 format within librtppayload.so that can be exploited due to out-of-bounds write conditions. This flaw enables remote attackers to execute arbitrary code, necessitating user interaction for activation. The affected versions prior to the SMR Oct-2024 Release 1 are particularly at risk, highlighting the importance of adhering to security updates and patches to mitigate potential exploitation.",Samsung,Samsung Devices,8.8,HIGH,0.0007099999929778278,false,,false,false,false,,,false,false,,2024-10-08T06:30:46.198Z,0
CVE-2024-34662,https://securityvulnerability.io/vulnerability/CVE-2024-34662,Improper Access Control in ActivityManager Leads to Privileged Behaviors,"A vulnerability exists in the ActivityManager of the Android operating system, specifically affecting certain versions of Android 12, 13, and 14. This flaw allows local attackers to bypass security measures and execute privileged behaviors, potentially compromising the integrity of the device. The issue is present in versions prior to the SMR Oct-2024 Release 1 for Android 12 and 13, and SMR Sep-2024 Release 1 for Android 14. Users are advised to update their devices to mitigate potential risks arising from this vulnerability.",Samsung,Samsung Devices,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-08T06:30:42.509Z,0
CVE-2024-31960,https://securityvulnerability.io/vulnerability/CVE-2024-31960,Use After Free Vulnerability in Samsung Exynos Mobile Processors,"A reference count bug in the xclipse amdgpu driver used within Samsung's Exynos 1480 and Exynos 2400 mobile processors creates a vulnerability that may result in a use after free condition. This issue has potential implications for system stability and security, making affected devices susceptible to exploitation. Addressing this vulnerability is critical for maintaining the integrity and safety of the mobile platform.",Samsung,Exynos 1480 Firmware,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-10T00:00:00.000Z,0
CVE-2024-27383,https://securityvulnerability.io/vulnerability/CVE-2024-27383,Heap Overwrite Vulnerability Affects Samsung Mobile Processors,"A vulnerability affecting Samsung's Exynos mobile processors including models 980, 850, 1280, 1380, and 1330 has been identified. The flaw arises in the function slsi_get_scan_extra_ies(), where the system fails to perform adequate input validation on data sourced from userspace. This oversight can potentially lead to a heap overwrite, allowing attackers to manipulate the memory allocation process and execute arbitrary code, posing significant security risks to devices utilizing these processors.",Samsung,Exynos 980 Firmware,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-09T00:00:00.000Z,0
CVE-2024-27387,https://securityvulnerability.io/vulnerability/CVE-2024-27387,Heap Overwrite Vulnerability in Exynos Mobile Processor,"A vulnerability has been identified in various Samsung Exynos Mobile Processors, specifically within the function slsi_rx_range_done_ind(). This flaw stems from the absence of input validation checks on the rtt_id parameter received from userspace. Without proper validation, an attacker could potentially exploit this weakness, resulting in a heap overwrite condition that could compromise system integrity and lead to unauthorized access or manipulation of sensitive data.",Samsung,Exynos 1080 Firmware,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-09T00:00:00.000Z,0
CVE-2024-34660,https://securityvulnerability.io/vulnerability/CVE-2024-34660,Samsung Notes vulnerability allows local attackers to execute arbitrary code,"A heap-based out-of-bounds write vulnerability exists in Samsung Notes prior to version 4.4.21.62. This flaw allows local attackers to exploit the application, potentially leading to arbitrary code execution. The issue lies in how memory is managed, which could be leveraged to manipulate the application’s behavior and execute unauthorized commands within the device's context. Users are urged to update to the latest version to mitigate potential risks.",Samsung,Samsung Notes,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-04T05:32:46.359Z,0
CVE-2024-34658,https://securityvulnerability.io/vulnerability/CVE-2024-34658,Samsung Notes Vulnerability Allows Local Attackers to Bypass ASLR,"An out-of-bounds read vulnerability exists in Samsung Notes, which allows local attackers to access memory outside the intended limits. This vulnerability can potentially enable attackers to bypass the Address Space Layout Randomization (ASLR) security mechanism, thereby increasing the risk of executing arbitrary code in the affected application. With access to such memory resources, attackers may compromise the integrity and confidentiality of user data, posing significant security concerns for users of affected Samsung products.",Samsung,Samsung Notes,7.1,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-09-04T05:32:44.085Z,0
CVE-2024-34657,https://securityvulnerability.io/vulnerability/CVE-2024-34657,Samsung Notes vulnerability allows remote attackers to execute arbitrary code,"A stack-based out-of-bounds write vulnerability exists in Samsung Notes versions prior to 4.4.21.62, which can be exploited by remote attackers to execute arbitrary code on affected devices. This issue underscores significant security implications, highlighting the necessity for users to update their applications to mitigate the risk.",Samsung,Samsung Notes,9.8,CRITICAL,0.0007099999929778278,false,,false,false,false,,,false,false,,2024-09-04T05:32:42.971Z,0