CVEs
Google TV Path Traversal
The Google TV Android application (`com.google.android.videos`) had an exported Content Provider which contains a Path Traversal vulnerability.
Read more →External reference:
YayUndisclosedYay - CVE-2025-20926
Improper export of Android application components in My Files prior to version 15.0.07.5 in Android 14 allows local attackers to access files with My Files’ privilege.
Read more →External references:
YayUndisclosedYay - CVE-2024-49421
Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location.
Read more →External references:
YayUndisclosedYay - CVE-2024-49420
Improper handling of responses in GamingHub prior to version 6.1.04.6 in Korea, 7.1.03.7 in Global allows remote attackers to launch arbitrary activity.
Read more →External references:
YayUndisclosedYay - CVE-2024-49419
Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to load an arbitrary URL in its webview."
Read more →External references:
YayUndisclosedYay - CVE-2024-49418
Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to enable JavaScript in its webview.
Read more →External references:
YayUndisclosedYay - CVE-2024-49413
Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.
Read more →External references:
Xiaomi GetApps Arbitrary Application Install
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones.
Read more →External references:
Samsung Galaxy Store Arbitrary JavaScript Execution
Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page.
Read more →External references:
Samsung Galaxy Store Arbitrary Application Install
Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store.
Read more →External references:
Samsung Galaxy Store Arbitrary Application Install
Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions.
Read more →External references:
Samsung Flow File System Access
Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission.
Read more →External references:
Samsung Galaxy Store Whitelist Abuse
Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist.
Read more →External references:
Samsung Members Improper Authorization
An improper authorization vulnerability in Samsung Members “samsungrewards” scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account.
Read more →External references:
Samsung Notes Path Traversal
Path Traversal vulnerability in Samsung Notes prior to version 4.2.00.22 allows attackers to access local files without permission.
Read more →External references:
Samsung Internet Improper Input Check
Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink.
Read more →External references:
Cisco UCM SQLi
A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system.
Read more →External references:
macOS Login Screen DoS
Some versions of macOS had a DoS issue on their login screen.
Read more →External references: