Filtered by vendor Samsung
Subscribe
Total
1539 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-39863 | 1 Samsung | 1 Account | 2024-11-21 | N/A | 3.6 LOW |
|
Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission.
|
|||||
| CVE-2022-39862 | 2 Google, Samsung | 2 Android, Dynamic Lockscreen | 2024-11-21 | N/A | 5.3 MEDIUM |
|
Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api.
|
|||||
| CVE-2022-39861 | 1 Samsung | 1 Factorycamera | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege.
|
|||||
| CVE-2022-39860 | 1 Samsung | 1 Quick Share | 2024-11-21 | N/A | 4.4 MEDIUM |
|
Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast.
|
|||||
| CVE-2022-39859 | 1 Samsung | 1 Uphelper Library | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Implicit intent hijacking vulnerability in UPHelper library prior to version 3.0.12 allows attackers to access sensitive information via implicit intent.
|
|||||
| CVE-2022-39858 | 1 Samsung | 1 Factorycamera | 2024-11-21 | N/A | 7.3 HIGH |
|
Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to write arbitrary file as FactoryCamera privilege.
|
|||||
| CVE-2022-39857 | 1 Samsung | 1 Factorycamerafb | 2024-11-21 | N/A | 7.3 HIGH |
|
Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege.
|
|||||
| CVE-2022-39854 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | N/A | 6.4 MEDIUM |
|
Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory.
|
|||||
| CVE-2022-39846 | 1 Samsung | 1 Smart Switch Pc | 2024-11-21 | N/A | 6.2 MEDIUM |
|
DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22083_3 allows attacker to execute arbitrary code.
|
|||||
| CVE-2022-39845 | 1 Samsung | 1 Kies | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Improper validation of integrity check vulnerability in Samsung Kies prior to version 2.6.4.22074 allows local attackers to delete arbitrary directory using directory junction.
|
|||||
| CVE-2022-39844 | 1 Samsung | 1 Smart Switch Pc | 2024-11-21 | N/A | 5.5 MEDIUM |
|
Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083 allows local attackers to delete arbitrary directory using directory junction.
|
|||||
| CVE-2022-39830 | 1 Samsung | 1 Mtower | 2024-11-21 | N/A | 7.5 HIGH |
|
sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service.
|
|||||
| CVE-2022-39829 | 1 Samsung | 1 Mtower | 2024-11-21 | N/A | 7.5 HIGH |
|
There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new.
|
|||||
| CVE-2022-39828 | 1 Samsung | 1 Mtower | 2024-11-21 | N/A | 7.5 HIGH |
|
sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service.
|
|||||
| CVE-2022-38155 | 1 Samsung | 1 Mtower | 2024-11-21 | N/A | 7.5 HIGH |
|
TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash.
|
|||||
| CVE-2022-36878 | 1 Samsung | 1 Find My Mobile | 2024-11-21 | N/A | 3.3 LOW |
|
Exposure of Sensitive Information in Find My Mobile prior to version 7.2.25.14 allows local attacker to access IMEI via log.
|
|||||
| CVE-2022-36877 | 1 Samsung | 1 Samsung Members | 2024-11-21 | N/A | 2.8 LOW |
|
Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via log.
|
|||||
| CVE-2022-36876 | 1 Samsung | 1 Samsung Pass | 2024-11-21 | N/A | 1.8 LOW |
|
Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication.
|
|||||
| CVE-2022-36875 | 1 Samsung | 1 Galaxy Watch Plugin | 2024-11-21 | N/A | 6.6 MEDIUM |
|
Improper restriction of broadcasting Intent in SaWebViewRelayActivity of?Waterplugin prior to version 2.2.11.22081151 allows attacker to access the file without permission.
|
|||||
| CVE-2022-36874 | 1 Samsung | 1 Galaxy Watch Plugin | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper Handling of Insufficient Permissions or Privileges vulnerability in Waterplugin prior to 2.2.11.22040751 allows attacker to access device IMEI and Serial number.
|
|||||
| CVE-2022-36873 | 1 Samsung | 1 Galaxy Watch Plugin | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLinker of?Waterplugin prior to version 2.2.11.22081151 leaks MAC address of the connected Bluetooth device.
|
|||||
| CVE-2022-36872 | 1 Samsung | 2 Samsung Pay, Samsung Pay Kr | 2024-11-21 | N/A | 5.0 MEDIUM |
|
Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.
|
|||||
| CVE-2022-36871 | 1 Samsung | 2 Samsung Pay, Samsung Pay Kr | 2024-11-21 | N/A | 5.0 MEDIUM |
|
Pending Intent hijacking vulnerability in NotiCenterUtils in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.
|
|||||
| CVE-2022-36870 | 1 Samsung | 2 Samsung Pay, Samsung Pay Kr | 2024-11-21 | N/A | 5.0 MEDIUM |
|
Pending Intent hijacking vulnerability in MTransferNotificationManager in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.
|
|||||
| CVE-2022-36869 | 1 Samsung | 1 Contacts Provider | 2024-11-21 | N/A | 6.6 MEDIUM |
|
Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the file without permission.
|
|||||
| CVE-2022-36867 | 1 Samsung | 1 Editor Lite | 2024-11-21 | N/A | 5.9 MEDIUM |
|
Improper access control vulnerability in Editor Lite prior to version 4.0.40.14 allows attackers to access sensitive information.
|
|||||
| CVE-2022-36866 | 2 Google, Samsung | 2 Android, Group Sharing | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Improper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.
|
|||||
| CVE-2022-36865 | 2 Google, Samsung | 2 Android, Group Sharing | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Improper access control in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to access device information.
|
|||||
| CVE-2022-36864 | 1 Samsung | 1 Samsung Email | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Improper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and execute privileged behavior.
|
|||||
| CVE-2022-36859 | 1 Samsung | 1 Smarttagplugin | 2024-11-21 | N/A | 5.7 MEDIUM |
|
Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6 allows privileged attackers to trigger a XSS on a victim's devices.
|
|||||
| CVE-2022-36857 | 2 Google, Samsung | 2 Android, Photo Editor | 2024-11-21 | N/A | 1.9 LOW |
|
Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data.
|
|||||
| CVE-2022-36851 | 1 Samsung | 1 Samsung Pass | 2024-11-21 | N/A | 3.9 LOW |
|
Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device.
|
|||||
| CVE-2022-36840 | 1 Samsung | 1 Update | 2024-11-21 | N/A | 4.5 MEDIUM |
|
DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code.
|
|||||
| CVE-2022-36839 | 1 Samsung | 1 Checkout | 2024-11-21 | N/A | 5.9 MEDIUM |
|
SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information.
|
|||||
| CVE-2022-36838 | 1 Samsung | 1 Galaxy Wearable | 2024-11-21 | N/A | 4.0 MEDIUM |
|
Implicit Intent hijacking vulnerability in Galaxy Wearable prior to version 2.2.50 allows attacker to get sensitive information.
|
|||||
| CVE-2022-36837 | 1 Samsung | 1 Samsung Email | 2024-11-21 | N/A | 6.2 MEDIUM |
|
Intent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows attacker to get sensitive information.
|
|||||
| CVE-2022-36836 | 1 Samsung | 2 Charm, Charm Firmware | 2024-11-21 | N/A | 6.2 MEDIUM |
|
Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to read connection state without permission.
|
|||||
| CVE-2022-36835 | 1 Samsung | 1 Samsung Internet Browser | 2024-11-21 | N/A | 3.3 LOW |
|
Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allows attackers to access arbitrary files.
|
|||||
| CVE-2022-36834 | 1 Samsung | 1 Game Launcher | 2024-11-21 | N/A | 3.3 LOW |
|
Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interaction.
|
|||||
| CVE-2022-36833 | 2 Google, Samsung | 2 Android, Gameoptimizingservice | 2024-11-21 | N/A | 7.3 HIGH |
|
Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in Android 10, and 3.5.04.8 in Android 11 and above allows local attacker to execute hidden function for developer by changing package name.
|
|||||