All of my CVEs are documented here.

CVE-2024-49421

Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location.

References


CVE-2024-49420

Improper handling of responses in GamingHub prior to version 6.1.04.6 in Korea, 7.1.03.7 in Global allows remote attackers to launch arbitrary activity.

References


CVE-2024-49419

Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to load an arbitrary URL in its webview.

References


CVE-2024-49418

Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to enable JavaScript in its webview.

References


CVE-2024-49413

Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.

References


CVE-2024-4406

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

References


CVE-2023-21433

Some versions of the Galaxy App Store on certain versions of Android could have been abused to install other applications available on the Galaxy App Store.

References


CVE-2023-21434

Some versions of the Galaxy App Store could have been abused to launch a webview which would execute arbitrary JavaScript.

References


CVE-2022-28775

Some versions of the Samsung Flow application could have been abused to gain access to the external storage area of the device.

References


CVE-2022-28776

Some versions of the Galaxy App Store could have been abused to install other applications available on the Galaxy App Store.

References


CVE-2022-22288

Some versions of the Galaxy App Store could have been abused to install a malicious application.

References


CVE-2021-25374

Some versions of Samsung Members Android application could have been abused to access a victim’s Samsung Account.

References

PoC:


CVE-2021-25367

Some versions of Samsung Notes Android application could have been abused to access local files without permission.

References


CVE-2021-25354

Some versions of Samsung Internet Android application could have been abused to open non-exported activities via malicious deeplink.

References


CVE-2019-15972

Some versions of Cisco Unified Communications Manager’s admin portal had an authenticated SQLi issue.

References:

PoC:


CVE-2018-4348

Some versions of macOS had a DoS issue on their login screen.

References: