Samsung: Security Vulnerabilities
A vulnerability was discovered in Samsung Mobile Processor, Wearable Processor, and Modems with versions Exynos 9820, Exynos 9825, Exynos 980, Exynos 990, Exynos 850 Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380 Exynos 1330, Exynos 9110, Exynos W920, Exynos W930, Exynos Modem 5123, Exynos Modem 5300 that allows out-of-bounds access to a heap buffer in the SIM Proactive Command.
CVSS Score
8.4
EPSS Score
0.001
Published
2024-07-09
A vulnerability was discovered in Samsung Mobile Processors Exynos 2200 and Exynos 2400 where they lack a check for the validation of native handles, which can result in a DoS(Denial of Service) attack by unmapping an invalid length.
CVSS Score
6.2
EPSS Score
0.003
Published
2024-07-09
A vulnerability was discovered in Samsung Mobile Processors Exynos 850, Exynos 1080, Exynos 2100, Exynos 2200, Exynos 1280, Exynos 1380, Exynos 1330, and Exynos W930 where they do not properly check length of the data, which can lead to a Denial of Service.
CVSS Score
6.0
EPSS Score
0.002
Published
2024-07-09
A vulnerability was discovered in Samsung Mobile Processors Exynos 1280, Exynos 2200, Exynos 1330, Exynos 1380, and Exynos 2400 where they do not properly check the length of the data, which can lead to a Information disclosure.
CVSS Score
4.4
EPSS Score
0.003
Published
2024-07-09
A vulnerability in Samsung Exynos Modem 5300 allows a Man-in-the-Middle (MITM) attacker to downgrade the security mode of packets going to the victim, enabling the attacker to send messages to the victim in plaintext.
CVSS Score
5.3
EPSS Score
0.006
Published
2024-07-09
Improper access control in Samsung Message prior to SMR Jul-2024 Release 1 allows local attackers to access location data.
CVSS Score
4.0
EPSS Score
0.001
Published
2024-07-08
Use of implicit intent for sensitive communication in Samsung Messages prior to SMR Jul-2024 Release 1 allows local attackers to get sensitive information. User interaction is required for triggering this vulnerability.
CVSS Score
3.3
EPSS Score
0.001
Published
2024-07-08
Improper access control in clickAdapterItem of SystemUI prior to SMR Jul-2024 Release 1 allows local attackers to launch privileged activities.
CVSS Score
7.8
EPSS Score
0.001
Published
2024-07-02
Improper authentication in SmartThings prior to version 1.8.17 allows remote attackers to bypass the expiration date for members set by the owner.
CVSS Score
5.9
EPSS Score
0.003
Published
2024-07-02
Improper input validation in Samsung Health prior to version 6.27.0.113 allows local attackers to write arbitrary document files to the sandbox of Samsung Health. User interaction is required for triggering this vulnerability.
CVSS Score
4.4
EPSS Score
0.001
Published
2024-07-02