cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-49422,https://securityvulnerability.io/vulnerability/CVE-2024-49422,Protection Mechanism Flaw in Samsung Bootloader,"A significant vulnerability exists in the Samsung bootloader prior to the SMR October 2024 Release 1, which allows physical attackers to bypass the lockscreen failure count through hardware fault injection. This flaw requires user interaction to be exploited, thereby posing a risk to device security. Users should remain vigilant and consider updating their devices to mitigate the risk associated with this protection mechanism failure.",Samsung,Samsung Devices,5.2,MEDIUM,0.0004299999854993075,false,false,false,false,false,false,false,2024-12-31T08:39:54.090Z,0
CVE-2024-49415,https://securityvulnerability.io/vulnerability/CVE-2024-49415,Remote Arbitrary Code Execution Vulnerability in libSaped.so Prior to SMR Dec-2024 Release 1,"The libsaped.so component in Samsung mobile devices contains an out-of-bound write vulnerability that enables remote attackers to exploit the issue and execute arbitrary code on affected systems. This vulnerability, which impacts versions prior to the SMR Dec-2024 Release 1, poses a significant security risk, necessitating immediate attention from users and administrators to mitigate potential threats.",Samsung,Samsung Devices,8.1,HIGH,0.0004299999854993075,false,false,false,false,,true,false,2024-12-03T05:47:58.657Z,4620
CVE-2024-49414,https://securityvulnerability.io/vulnerability/CVE-2024-49414,Physical Attackers Temporarily Access Recent App List Using Alternate Path Before SMR Dec-2024 Release 1,Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list.,Samsung,Samsung Devices,2.4,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-12-03T05:47:57.426Z,0
CVE-2024-49413,https://securityvulnerability.io/vulnerability/CVE-2024-49413,Local Attackers Can Install Malicious Apps Due to Improper Verification of Cryptographic Signature Prior to SMR Dec-2024 Release 1,"The vulnerability arises from an improper verification of cryptographic signatures in Samsung's SmartSwitch software. This flaw enables local attackers to exploit the system by installing malicious applications without proper authentication checks. Users who have not updated to the SMR Dec-2024 Release 1 are particularly at risk, as their systems may be susceptible to unauthorized software installations that could compromise data integrity and security. Organizations and individuals utilizing SmartSwitch should ensure they have the latest updates installed to mitigate potential exploitation.",Samsung,Samsung Devices,7.1,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-12-03T05:47:56.157Z,0
CVE-2024-49412,https://securityvulnerability.io/vulnerability/CVE-2024-49412,Bluetooth Signal Broadcast Vulnerability in Galaxy Watch Discovered,Improper input validation in Settings prior to SMR Dec-2024 Release 1 allows local attackers to broadcast signal for discovering Bluetooth on Galaxy Watch.,Samsung,Samsung Devices,5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-03T05:47:54.841Z,0
CVE-2024-49411,https://securityvulnerability.io/vulnerability/CVE-2024-49411,Wi-Fi 6 Spending Growth to Slow in 2023 as Economy Weakens,Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege.,Samsung,Samsung Devices,4.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-03T05:47:53.600Z,0
CVE-2024-49410,https://securityvulnerability.io/vulnerability/CVE-2024-49410,Arbitrary Code Execution Vulnerability Discovered in libswmfextractor.so Prior to SMR Dec-2024 Release 1,Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code.,Samsung,Samsung Devices,5.9,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-12-03T05:47:52.309Z,0
CVE-2024-49409,https://securityvulnerability.io/vulnerability/CVE-2024-49409,Out-of-Bounds Write Vulnerability Affects Samsung Galaxy S24,Out-of-bounds write in Battery Full Capacity node prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.,Samsung,Samsung Devices,6.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-11-06T02:17:27.963Z,0
CVE-2024-49408,https://securityvulnerability.io/vulnerability/CVE-2024-49408,Out-of-bounds write in USB driver before Firmware update on Galaxy S24 allows local attackers to write out-of-bounds memory.,Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.,Samsung,Samsung Devices,6.7,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-11-06T02:17:26.793Z,0
CVE-2024-49402,https://securityvulnerability.io/vulnerability/CVE-2024-49402,Physical Attackers Access Data Across Multiple User Profiles,Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles.,Samsung,Samsung Devices,4.6,MEDIUM,0.0005200000014156103,false,false,false,false,,false,false,2024-11-06T02:17:19.952Z,0
CVE-2024-49401,https://securityvulnerability.io/vulnerability/CVE-2024-49401,Privileged Activities Attack via Improper Input Validation,"A vulnerability exists in Samsung's Settings Suggestions feature, where improper input validation can allow local attackers to carry out privileged activities. This flaw enhances the attack surface for potential exploits, emphasizing the need for prompt updates. Affected devices prior to the SMR Nov-2024 Release 1 version are particularly at risk, highlighting the importance of maintaining up-to-date security protocols. For further details, refer to the Samsung Mobile Security Update documentation.",Samsung,Samsung Devices,7.1,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-11-06T02:17:18.793Z,0
CVE-2024-34682,https://securityvulnerability.io/vulnerability/CVE-2024-34682,Physical Attackers Can Access Stored WiFi Password in Maintenance Mode,Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode.,Samsung,Samsung Devices,2.4,LOW,0.0004400000034365803,false,false,false,false,,false,false,2024-11-06T02:17:10.127Z,0
CVE-2024-34681,https://securityvulnerability.io/vulnerability/CVE-2024-34681,BluetoothAdapter Vulnerability Affects Galaxy Watch,Improper input validation in BluetoothAdapter prior to SMR Nov-2024 Release 1 allows local attackers to cause local permanent denial of service on Galaxy Watch.,Samsung,Samsung Devices,6.6,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-11-06T02:17:09.014Z,0
CVE-2024-34680,https://securityvulnerability.io/vulnerability/CVE-2024-34680,Sensitive Communication Vulnerability in WlanTest,Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information.,Samsung,Samsung Devices,5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-11-06T02:17:07.897Z,0
CVE-2024-34679,https://securityvulnerability.io/vulnerability/CVE-2024-34679,Local Attackers Can Access Sensitive Files with Phone Privilege Due to Incorrect Default Permissions in Crane SMR Nov-2024 Release 1,"In Crane, incorrect default permissions prior to the SMR Nov-2024 Release 1 create a security vulnerability that allows local attackers to gain unauthorized access to sensitive files. This flaw compromises the privacy and integrity of user data, highlighting the importance of maintaining secure configurations and regular updates to mitigate such risks effectively.",Samsung,Samsung Devices,7.1,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-11-06T02:17:06.753Z,0
CVE-2024-34678,https://securityvulnerability.io/vulnerability/CVE-2024-34678,LibSAPExtractor Memory Corruption Vulnerability,"The vulnerability related to the libsapeextractor.so library allows local attackers to exploit an out-of-bounds write condition, leading to potential memory corruption. Products from Samsung Mobile that are affected include those running versions prior to the SMR November 2024 Release 1. Users are urged to update their devices to mitigate risks associated with this vulnerability.",Samsung,Samsung Devices,7.8,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-11-06T02:17:05.626Z,0
CVE-2024-34677,https://securityvulnerability.io/vulnerability/CVE-2024-34677,Malicious Apps Disguised as Legitimate Apps in System UI Prior to SMR Nov-2024 Release 1,Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate.,Samsung,Samsung Devices,3.3,LOW,0.0004299999854993075,false,false,false,false,,false,false,2024-11-06T02:17:04.515Z,0
CVE-2024-34676,https://securityvulnerability.io/vulnerability/CVE-2024-34676,Memory Corruption Vulnerability in libsubextractor.so Prior to SMR Nov-2024 Release 1,"An out-of-bounds write vulnerability exists in the parsing of subtitle files within libsubextractor.so versions released prior to the SMR November 2024 Release 1. This flaw can be exploited by local attackers, enabling them to induce memory corruption through user interaction with the vulnerable component. Users may unwittingly trigger this vulnerability while handling subtitle files, leading to potential security risks and system instability.",Samsung,Samsung Devices,7.3,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-11-06T02:17:03.360Z,0
CVE-2024-34675,https://securityvulnerability.io/vulnerability/CVE-2024-34675,Unlocked Screens Vulnerable to Physical Attacks,Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen.,Samsung,Samsung Devices,4.6,MEDIUM,0.0005200000014156103,false,false,false,false,,false,false,2024-11-06T02:17:02.153Z,0
CVE-2024-34674,https://securityvulnerability.io/vulnerability/CVE-2024-34674,Physical Attackers Can Access Data Across Multiple User Profiles Due to Lack of Access Control in iPhone,Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles.,Samsung,Samsung Devices,4.6,MEDIUM,0.0005200000014156103,false,false,false,false,,false,false,2024-11-06T02:17:00.954Z,0
CVE-2024-34673,https://securityvulnerability.io/vulnerability/CVE-2024-34673,Denial-of-Service Vulnerability in IpcProtocol Modem,Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service.,Samsung,Samsung Devices,5.5,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-11-06T02:16:59.701Z,0
CVE-2024-34669,https://securityvulnerability.io/vulnerability/CVE-2024-34669,Remote Execution of Arbitrary Code with System Privileges Through Out-of-Bounds Write in librtppayload.so Prior to SMR Oct-2024 Release 1,"An out-of-bounds write vulnerability exists in the parsing of H.263+ format within the librtppayload.so library used in Samsung products. This flaw allows remote attackers to execute arbitrary code with system privileges upon user interaction, leading to potentially severe security implications. The vulnerability affects versions of the librtppayload.so library prior to the SMR Oct-2024 Release 1. Users are advised to stay informed about updates and exercise caution to mitigate the risks associated with this vulnerability.",Samsung,Samsung Devices,8.8,HIGH,0.0007099999929778278,false,false,false,false,,false,false,2024-10-08T06:30:51.317Z,0
CVE-2024-34668,https://securityvulnerability.io/vulnerability/CVE-2024-34668,Remote Code Execution Vulnerability in librtppayload.so Prior to SMR Oct-2024 Release 1,"The vulnerability arises from an out-of-bounds write flaw in the H.263 format parsing within librtppayload.so, which allows remote attackers to potentially execute arbitrary code with system privileges. To trigger this vulnerability, user interaction is required, creating a risk for users when handling specially crafted inputs that take advantage of this weakness. The issue affects various Samsung products using the affected versions of librtppayload.so and reveals the need for prompt updates to mitigate potential exploits.",Samsung,Samsung Devices,8.8,HIGH,0.0007099999929778278,false,false,false,false,,false,false,2024-10-08T06:30:49.849Z,0
CVE-2024-34667,https://securityvulnerability.io/vulnerability/CVE-2024-34667,Remotely Exploitable Out-of-Bounds Write Vulnerability in librtppayload.so Prior to SMR Oct-2024 Release 1,"An out-of-bounds write vulnerability has been identified in the H.265 parsing functionality of Samsung's librtppayload.so. This flaw allows remote attackers to exploit the vulnerability and execute arbitrary code with system privileges, provided that user interaction occurs to trigger the attack. Systems affected are those running versions prior to the SMR October 2024 Release 1. It is crucial for users and administrators of affected systems to apply available security updates promptly to mitigate potential risks associated with this vulnerability.",Samsung,Samsung Devices,8.8,HIGH,0.0007099999929778278,false,false,false,false,,false,false,2024-10-08T06:30:48.635Z,0
CVE-2024-34666,https://securityvulnerability.io/vulnerability/CVE-2024-34666,Arbitrary Code Execution Vulnerability in Librtppayload.so Pre-Oct-2024 Release 1,"The vulnerability involves an out-of-bounds write in the parsing of H.264 format within the shared library librtppayload.so, found in certain Samsung devices. This issue can potentially allow remote attackers to execute arbitrary code with system privileges, but requires user interaction to trigger the vulnerability. Users of affected products should be aware of the risk and ensure timely updates to the latest release, which addresses this security concern.",Samsung,Samsung Devices,8.8,HIGH,0.0007099999929778278,false,false,false,false,,false,false,2024-10-08T06:30:47.405Z,0