Ken Gannon

**Name of the Vulnerable Software and Affected Versions** Samsung Account versions prior to 15.5.01.1 **Description** A URL redirection issue exists in Samsung Account. This allows remote attackers to potentially obtain an access token. The issue involves a redirection that could expose sensitive information. **Recommendations** Update Samsung Account to version 15.5.01.1 or later.

**Name of the Vulnerable Software and Affected Versions** Samsung Galaxy Store versions prior to 4.6.02 **Description** A flaw exists in the Galaxy Store application where insufficient input validation can allow a local attacker to execute arbitrary script. The issue affects the Galaxy Store application and could potentially lead to unauthorized code execution on a compromised device. **Recommendations** Update the Galaxy Store application to version 4.6.02 or later.

**Name of the Vulnerable Software and Affected Versions** My Files versions prior to 15.0.07.5 **Description** The issue concerns the improper export of Android application components in My Files, allowing local attackers to access files with My Files' privilege. This could potentially lead to unauthorized access to sensitive data. **Recommendations** For versions prior to 15.0.07.5, update to version 15.0.07.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** GamingHub versions prior to 6.1.03.4 in Korea GamingHub versions prior to 7.1.02.4 in Global **Description** The issue is related to insufficient verification of URL authenticity, allowing remote attackers to enable JavaScript in the webview. This could potentially lead to malicious activities. **Recommendations** For versions prior to 6.1.03.4 in Korea, update to version 6.1.03.4 or later. For versions prior to 7.1.02.4 in Global, update to version 7.1.02.4 or later.

**Name of the Vulnerable Software and Affected Versions** GamingHub versions prior to 6.1.04.6 in Korea GamingHub versions prior to 7.1.03.7 in Global **Description** The issue is related to the improper handling of responses in GamingHub, allowing remote attackers to launch arbitrary activity. **Recommendations** For GamingHub versions prior to 6.1.04.6 in Korea, update to version 6.1.04.6 or later. For GamingHub versions prior to 7.1.03.7 in Global, update to version 7.1.03.7 or later.

**Name of the Vulnerable Software and Affected Versions** GamingHub versions prior to 6.1.03.4 in Korea GamingHub versions prior to 7.1.02.4 in Global **Description** The issue is related to insufficient verification of URL authenticity in GamingHub, allowing remote attackers to load an arbitrary URL in its webview. **Recommendations** For GamingHub versions prior to 6.1.03.4 in Korea, update to version 6.1.03.4 or later. For GamingHub versions prior to 7.1.02.4 in Global, update to version 7.1.02.4 or later.

The software that is vulnerable is SmartSwitch, specifically versions prior to the SMR December 2024 Release 1. The vulnerability is related to the improper verification of cryptographic signatures, which allows local attackers to install malicious applications. This vulnerability has been assigned the identifier CVE-2024-49413. There is no information provided about a public exploit for this vulnerability or whether it has been exploited by attackers. The vulnerability can be exploited by local attackers, but there is no information about the number of Internet users that can be affected. The issue is related to the verification process of cryptographic signatures in SmartSwitch, which can be exploited to install malicious applications. #SmartSwitch #CVE202449413 #CryptographicSignature #Vulnerability #Cybersecurity #Infosec #Hacker #NVD #MITRE

**Name of the Vulnerable Software and Affected Versions** Xiaomi Pro 13 (affected versions not specified) **Description** This issue allows remote attackers to execute arbitrary code on affected installations of Xiaomi Pro 13 smartphones. User interaction is required to exploit this issue, where the target must visit a malicious page or open a malicious file. The specific flaw exists within the integral-dialog-page.html file, where the process does not properly sanitize user-supplied data when parsing the `integralInfo` parameter, leading to the injection of an arbitrary script. An attacker can leverage this issue to execute code in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Galaxy Store versions prior to 4.5.49.8 **Description** The issue exists due to inadequate protection of the web page structure, allowing an attacker to execute a JavaScript script when a web page is loaded. This is caused by an improper input validation vulnerability, which enables local attackers to launch a web page and execute JavaScript. **Recommendations** For Galaxy Store versions prior to 4.5.49.8, update to version 4.5.49.8 or later to resolve the issue. As a temporary workaround, consider restricting the execution of JavaScript scripts within the Galaxy Store application to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Galaxy Store versions prior to 4.5.36.4 **Description** The issue is related to improper access control in the Galaxy Store, allowing an attacker to install applications without user interaction. This can be exploited by manipulating the intent received by the Galaxy App Store, forcing it to automatically install other applications onto the victim's device without consent. **Recommendations** For Galaxy Store versions prior to 4.5.36.4, update to version 4.5.36.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Galaxy Store until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Samsung Members versions prior to 13.6.08.5 **Description** The issue is related to an improper access control vulnerability. It allows a local attacker to execute a call function without the required CALL PHONE permission. **Recommendations** For versions prior to 13.6.08.5, update to version 13.6.08.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Flow versions prior to 4.8.06.5 **Description** The issue is related to improper access control, allowing an attacker to write files without the necessary Samsung Flow permission. **Recommendations** For versions prior to 4.8.06.5, update to version 4.8.06.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Galaxy Store versions prior to 4.5.36.5 **Description** The issue is related to an improper authorization vulnerability. It allows for remote app installation from the allowlist. **Recommendations** For Galaxy Store versions prior to 4.5.36.5, update to version 4.5.36.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Cisco Unified Communications Manager (affected versions not specified) **Description** A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. The issue exists due to improper validation of SQL values by the web-based management interface. An attacker could exploit this by authenticating to the application and sending malicious requests to an affected system, potentially allowing them to modify or return values from the underlying database. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 10.14 Description: A validation issue was addressed with improved logic. Recommendations: For versions prior to 10.14, update to macOS Mojave 10.14 or later to resolve the issue.