Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2024-49421
Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent...
Description: Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2024-49420
Improper handling of responses in GamingHub prior to version 6.1.04.6 in Korea, 7.1.03.7 in Global allows remote attackers to launch arbitrary...
Description: Improper handling of responses in GamingHub prior to version 6.1.04.6 in Korea, 7.1.03.7 in Global allows remote attackers to launch arbitrary activity.

CVSS: HIGH (7.5)

EPSS Score: 0.04%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2024-49419
Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to load...
Description: Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to load an arbitrary URL in its webview.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2024-49418
Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to enable...
Description: Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to enable JavaScript in its webview.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2024-49417
Use of implicit intent for sensitive communication in Smart Touch Call prior to 1.0.0.8 allows local attackers to launch privileged activities....
Description: Use of implicit intent for sensitive communication in Smart Touch Call prior to 1.0.0.8 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.

CVSS: LOW (2.0)

EPSS Score: 0.04%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2024-49416
Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows local attackers to get sensitive information.
Description: Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows local attackers to get sensitive information.

CVSS: MEDIUM (4.0)

EPSS Score: 0.04%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2024-49415
Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.
Description: Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.

CVSS: HIGH (8.1)

EPSS Score: 0.04%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2024-49414
Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent...
Description: Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list.

CVSS: LOW (2.4)

EPSS Score: 0.04%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2024-49413
Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious...
Description: Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.

CVSS: HIGH (7.1)

EPSS Score: 0.04%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2024-49412
Improper input validation in Settings prior to SMR Dec-2024 Release 1 allows local attackers to broadcast signal for discovering Bluetooth on...
Description: Improper input validation in Settings prior to SMR Dec-2024 Release 1 allows local attackers to broadcast signal for discovering Bluetooth on Galaxy Watch.

CVSS: MEDIUM (5.5)

EPSS Score: 0.04%

Source: CVE
December 4th, 2024 (5 months ago)