My CVEs

All of my CVEs are documented here.

CVE-2023-21433

Some versions of the Galaxy App Store on certain versions of Android could have been abused to install other applications available on the Galaxy App Store.

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=1 - January 2023
Advisory - https://research.nccgroup.com/2023/01/20/technical-advisory-multiple-vulnerabilities-in-the-galaxy-app-store-cve-2023-21433-cve-2023-21434/
- Backup advisory - https://yogehi.github.io/cves/cve-2023-21433.html

CVE-2023-21434

Some versions of the Galaxy App Store could have been abused to launch a webview which would execute arbitrary JavaScript.

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2023&month=1 - January 2023
Advisory - https://research.nccgroup.com/2023/01/20/technical-advisory-multiple-vulnerabilities-in-the-galaxy-app-store-cve-2023-21433-cve-2023-21434/
- Backup advisory - https://yogehi.github.io/cves/cve-2023-21434.html

CVE-2022-28775

Some versions of the Samsung Flow application could have been abused to gain access to the external storage area of the device.

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=4 - April 2022
https://www.cvedetails.com/cve/CVE-2022-28775
Advisory - https://labs.f-secure.com/advisories/samsung-flow-any-app-can-read-the-external-storage/
- Backup advisory - https://yogehi.github.io/cves/cve-2022-28775.html

CVE-2022-28776

Some versions of the Galaxy App Store could have been abused to install other applications available on the Galaxy App Store.

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=4 - April 2022
https://www.cvedetails.com/cve/CVE-2022-28776
Advisory - https://labs.f-secure.com/advisories/samsung-galaxy-any-app-can-install-any-app/
- Backup advisory - https://yogehi.github.io/cves/cve-2022-28776.html

CVE-2022-22288

Some versions of the Galaxy App Store could have been abused to install a malicious application.

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=1 - January 2022
https://www.cvedetails.com/cve/CVE-2022-22288
Advisory - https://labs.f-secure.com/advisories/samsung-galaxy-one-tap-install-malicious-application/
- Backup advisory - https://yogehi.github.io/cves/cve-2022-22288.html

CVE-2021-25374

Some versions of Samsung Members Android application could have been abused to access a victim’s Samsung Account.

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=4 - April 2021
https://www.cvedetails.com/cve/CVE-2021-25374
Advisory - https://labs.f-secure.com/advisories/samsung-s20-gain-access-to-samsung-account/
- Backup advisory - https://yogehi.github.io/cves/cve-2021-25374.html

PoC:

https://github.com/Yogehi/CVE-2021-25374_Samsung-Account-Access

CVE-2021-25367

Some versions of Samsung Notes Android application could have been abused to access local files without permission.

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=2 - February 2021
https://www.cvedetails.com/cve/CVE-2021-25367
Advisory - https://labs.f-secure.com/advisories/samsung-s20-access-external-storage-files/
- Backup advisory - https://yogehi.github.io/cves/cve-2021-25367.html

CVE-2021-25354

Some versions of Samsung Internet Android application could have been abused to open non-exported activities via malicious deeplink.

References

https://security.samsungmobile.com/serviceWeb.smsb?year=2021&month=2 - February 2021
https://www.cvedetails.com/cve/CVE-2021-25354
Advisory up - https://labs.f-secure.com/advisories/open-activities-via-samsung-browser/
- Backup advisory - https://yogehi.github.io/cves/cve-2021-25354.html

CVE-2019-15972

Some versions of Cisco Unified Communications Manager’s admin portal had an authenticated SQLi issue.

References:

PoC:

https://github.com/Yogehi/Cisco-UCM-SQLi-Scripts

CVE-2018-4348

Some versions of macOS had a DoS issue on their login screen.