CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-40754
https://notcve.org/view.php?id=CVE-2024-40754
Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0. • https://github.com/Samsung/escargot/pull/1369 • CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-7399 – Samsung MagicInfo Server getFileFromMultipartFile Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-7399
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1050 allows attackers to write arbitrary file as system authority. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung MagicInfo Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getFileFromMultipartFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. • https://security.samsungtv.com/securityUpdates • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32671
https://notcve.org/view.php?id=CVE-2024-32671
Heap-based Buffer Overflow vulnerability in Samsung Open Source Escargot JavaScript engine allows Overflow Buffers.This issue affects Escargot: 4.0.0. • https://github.com/Samsung/escargot/pull/1359 • CWE-122: Heap-based Buffer Overflow •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32670
https://notcve.org/view.php?id=CVE-2024-32670
Exposure of Sensitive Information to an Unauthorized Actor in Samsung Galaxy SmartTag2 prior to 0.20.04 allows attackes to potentially identify the tag's location by scanning the BLE adversting. La exposición de información confidencial a un actor no autorizado en Samsung Galaxy SmartTag2 anterior a 0.20.04 permite a los ataques identificar potencialmente la ubicación de la etiqueta al escanear la publicidad BLE. • https://securityreport.samsung.com • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 43EXPL: 0CVE-2024-34603
https://notcve.org/view.php?id=CVE-2024-34603
Improper access control in Samsung Message prior to SMR Jul-2024 Release 1 allows local attackers to access location data. El control de acceso inadecuado en Samsung Message anterior a SMR Jul-2024 Release 1 permite a atacantes locales acceder a datos de ubicación. • https://security.samsungmobile.com/securityUpdate.smsb?year=2024&month=07 •