Khilli

**Name of the Vulnerable Software and Affected Versions** Samsung Members versions prior to 5.0.00.11 **Description** The issue allows attackers to read and write arbitrary files with the privilege of Samsung Members due to a path traversal vulnerability. **Recommendations** For versions prior to 5.0.00.11, update to version 5.0.00.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Notes versions prior to 4.4.26.71 **Description** The issue is related to an out-of-bounds read in action link data, which allows attackers to read out-of-bounds memory. **Recommendations** For versions prior to 4.4.26.71, update to version 4.4.26.71 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Media Controller versions prior to 1.0.24.5282 **Description** The issue is related to improper access control in Media Controller, allowing a local attacker to launch activities within MediaController's privilege. **Recommendations** For versions prior to 1.0.24.5282, update to version 1.0.24.5282 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** SmartThings versions prior to 1.8.21 **Description** The use of implicit intent for sensitive communication in SmartThings allows local attackers to obtain sensitive information. **Recommendations** For versions prior to 1.8.21, update to version 1.8.21 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Smart Touch Call versions prior to 1.0.0.8 **Description** The use of implicit intent for sensitive communication in Smart Touch Call allows local attackers to launch privileged activities. User interaction is required to trigger this issue. **Recommendations** For versions prior to 1.0.0.8, update to version 1.0.0.8 or later to resolve the issue. As a temporary workaround, consider restricting user interaction with sensitive communication features until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Sound Assistant versions prior to 6.1.0.9 **Description** The issue concerns the use of implicit intent for sensitive communication in Sound Assistant, allowing local attackers to obtain sensitive information. **Recommendations** For versions prior to 6.1.0.9, update to version 6.1.0.9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Internet versions prior to 26.0.3.1 **Description** The issue concerns the use of implicit intent for sensitive communication in translation, allowing local attackers to obtain sensitive information. User interaction is required to trigger this issue. **Recommendations** For versions prior to 26.0.3.1, update to version 26.0.3.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** My Files versions prior to SMR Sep-2024 Release 1 **Description** The issue concerns an improper export of an android application component in My Files, allowing local attackers to access files with the privilege of My Files. This enables unauthorized access to sensitive data. **Recommendations** For versions prior to SMR Sep-2024 Release 1, update to SMR Sep-2024 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive files and directories to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Samsung Email versions prior to 6.1.94.2 **Description** The issue concerns the use of implicit intent for sensitive communication in Samsung Email, allowing local attackers to obtain sensitive information. **Recommendations** For versions prior to 6.1.94.2, update to version 6.1.94.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Message versions prior to SMR Jul-2024 Release 1 **Description** The issue is related to improper access control, allowing local attackers to access location data. This could potentially lead to unauthorized access to sensitive information. **Recommendations** For Samsung Message versions prior to SMR Jul-2024 Release 1, update to the SMR Jul-2024 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to location data until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Samsung Messages versions prior to SMR Jul-2024 Release 1 **Description** The issue is related to the use of implicit intent for sensitive communication in Samsung Messages, allowing local attackers to obtain sensitive information. User interaction is required to trigger this issue. **Recommendations** For Samsung Messages versions prior to SMR Jul-2024 Release 1, update to SMR Jul-2024 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information within the application until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** SoftphoneClient in IMS service versions prior to SMR Jul-2024 Release 1 **Description** The issue allows local attackers to obtain sensitive information due to the use of implicit intent for sensitive communication in the SoftphoneClient. **Recommendations** For versions prior to SMR Jul-2024 Release 1, update to SMR Jul-2024 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Tips versions prior to 6.2.9.4 **Description** The issue is related to improper input validation, allowing a local attacker to send a broadcast with Tips' privilege. **Recommendations** For versions prior to 6.2.9.4, update to version 6.2.9.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** FCM function in IMS service versions prior to SMR Jul-2024 Release 1 **Description** The issue concerns the use of implicit intent for sensitive communication in the FCM function within the IMS service, allowing local attackers to obtain sensitive information. **Recommendations** For versions prior to SMR Jul-2024 Release 1, update to SMR Jul-2024 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information handled by the FCM function in the IMS service until the update is applied.