My CVEs
All of my CVEs are documented here.
CVE-2024-49421
Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location.
References
- https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=12 - December 2024 (SVE-2024-2042)
- Technical details coming soon…
CVE-2024-49420
Improper handling of responses in GamingHub prior to version 6.1.04.6 in Korea, 7.1.03.7 in Global allows remote attackers to launch arbitrary activity.
References
- https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=12 - December 2024 (SVE-2024-2040)
- Technical details coming soon…
CVE-2024-49419
Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to load an arbitrary URL in its webview.
References
- https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=12 - December 2024 (SVE-2024-2039)
- Technical details coming soon…
CVE-2024-49418
Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to enable JavaScript in its webview.
References
- https://security.samsungmobile.com/serviceWeb.smsb?year=2024&month=12 - December 2024 (SVE-2024-2038)
- Technical details coming soon…
CVE-2024-49413
Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.
References
- https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=12 - December 2024 (SVE-2024-2044)
- Technical details coming soon…
CVE-2024-4406
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
References
- https://www.zerodayinitiative.com/advisories/ZDI-24-419/
- https://trust.mi.com/misrc/bulletins/advisory?cveId=545
- Advisory: https://www.nccgroup.com/us/research-blog/technical-advisory-xiaomi-13-pro-code-execution-via-getapps-dom-cross-site-scripting-xss/
- Backup advisory - https://yogehi.github.io/cves/cve-2024-4406.html
CVE-2023-21433
Some versions of the Galaxy App Store on certain versions of Android could have been abused to install other applications available on the Galaxy App Store.
References
- https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=1 - January 2023 (SVE-2022-2766)
- Advisory - https://research.nccgroup.com/2023/01/20/technical-advisory-multiple-vulnerabilities-in-the-galaxy-app-store-cve-2023-21433-cve-2023-21434/
- Backup advisory - https://yogehi.github.io/cves/cve-2023-21433.html
CVE-2023-21434
Some versions of the Galaxy App Store could have been abused to launch a webview which would execute arbitrary JavaScript.
References
- https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=1 - January 2023 (SVE-2022-2854)
- Advisory - https://research.nccgroup.com/2023/01/20/technical-advisory-multiple-vulnerabilities-in-the-galaxy-app-store-cve-2023-21433-cve-2023-21434/
- Backup advisory - https://yogehi.github.io/cves/cve-2023-21434.html
CVE-2022-28775
Some versions of the Samsung Flow application could have been abused to gain access to the external storage area of the device.
References
- https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=4 - April 2022 (SVE-2021-23625)
- https://www.cvedetails.com/cve/CVE-2022-28775
- Advisory - https://labs.f-secure.com/advisories/samsung-flow-any-app-can-read-the-external-storage/
- Backup advisory - https://yogehi.github.io/cves/cve-2022-28775.html
CVE-2022-28776
Some versions of the Galaxy App Store could have been abused to install other applications available on the Galaxy App Store.
References
- https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=4 - April 2022 (SVE-2021-23627)
- https://www.cvedetails.com/cve/CVE-2022-28776
- Advisory - https://labs.f-secure.com/advisories/samsung-galaxy-any-app-can-install-any-app/
- Backup advisory - https://yogehi.github.io/cves/cve-2022-28776.html
CVE-2022-22288
Some versions of the Galaxy App Store could have been abused to install a malicious application.
References
- https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=1 - January 2022 (SVE-2021-23791)
- https://www.cvedetails.com/cve/CVE-2022-22288
- Advisory - https://labs.f-secure.com/advisories/samsung-galaxy-one-tap-install-malicious-application/
- Backup advisory - https://yogehi.github.io/cves/cve-2022-22288.html
CVE-2021-25374
Some versions of Samsung Members Android application could have been abused to access a victim’s Samsung Account.
References
- https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=4 - April 2021 (SVE-2021-19144)
- https://www.cvedetails.com/cve/CVE-2021-25374
- Advisory - https://labs.f-secure.com/advisories/samsung-s20-gain-access-to-samsung-account/
- Backup advisory - https://yogehi.github.io/cves/cve-2021-25374.html
PoC:
CVE-2021-25367
Some versions of Samsung Notes Android application could have been abused to access local files without permission.
References
- https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=2 - February 2021
- https://www.cvedetails.com/cve/CVE-2021-25367
- Advisory - https://labs.f-secure.com/advisories/samsung-s20-access-external-storage-files/
- Backup advisory - https://yogehi.github.io/cves/cve-2021-25367.html
CVE-2021-25354
Some versions of Samsung Internet Android application could have been abused to open non-exported activities via malicious deeplink.
References
- https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=2 - February 2021
- https://www.cvedetails.com/cve/CVE-2021-25354
- Advisory up - https://labs.f-secure.com/advisories/open-activities-via-samsung-browser/
- Backup advisory - https://yogehi.github.io/cves/cve-2021-25354.html
CVE-2019-15972
Some versions of Cisco Unified Communications Manager’s admin portal had an authenticated SQLi issue.
References:
- https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20191120-cucm-sql
- https://www.cvedetails.com/cve/CVE-2019-15972
- Advisory - https://labs.f-secure.com/advisories/cisco-ucm-informix-sql-injection/
- Backup advisory - https://yogehi.github.io/cves/cve-2019-15972.html
- Write up - https://labs.f-secure.com/blog/uncommon-sql-database-alert-informix-sql-injection/
- Backup write up - https://yogehi.github.io/published-research/informix-sql-injection.html
PoC:
CVE-2018-4348
Some versions of macOS had a DoS issue on their login screen.
References:
- https://support.apple.com/en-us/HT209193
- https://support.apple.com/en-us/HT209139
- https://www.cvedetails.com/cve/CVE-2018-4348
- Advisory - https://labs.f-secure.com/advisories/macos-user-interface-denial-of-service/
- Backup advisory - https://yogehi.github.io/cves/cve-2018-4348.html