Samsung
Products by Samsung Sorted by Most Security Vulnerabilities since 2018
@samsung Tweets

Fri Jan 27 04:23:15 +0000 2023

Thu Jan 26 08:34:17 +0000 2023

Thu Jan 26 01:14:27 +0000 2023

Fri Jan 20 02:23:23 +0000 2023

Fri Jan 20 01:15:30 +0000 2023
By the Year
In 2023 there have been 0 vulnerabilities in Samsung . Last year Samsung had 145 security vulnerabilities published. Right now, Samsung is on track to have less security vulnerabilities in 2023 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2023 | 0 | 0.00 |
2022 | 145 | 5.66 |
2021 | 64 | 5.72 |
2020 | 7 | 9.26 |
2019 | 6 | 6.72 |
2018 | 19 | 7.39 |
It may take a day or so for new Samsung vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Samsung Security Vulnerabilities
Insufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager prior to version 2.1.221019.51
CVE-2022-39909
5.5 - Medium
- December 08, 2022
Insufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager prior to version 2.1.221019.51 allows local attackers to create arbitrary file using symbolic link.
Insufficient Verification of Data Authenticity
Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7
CVE-2022-39910
4.2 - Medium
- December 08, 2022
Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view.
Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version 4.0.06.1
CVE-2022-39911
6.8 - Medium
- December 08, 2022
Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version 4.0.06.1 allows attacker to access Samsung Pass.
Improper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.2.12.22101351
CVE-2022-39889
3.3 - Low
- November 09, 2022
Improper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.2.12.22101351 allows attackers to access wearable device information.
Improper Authorization in Samsung Billing prior to version 5.0.56.0
CVE-2022-39890
7.5 - High
- November 09, 2022
Improper Authorization in Samsung Billing prior to version 5.0.56.0 allows attacker to get sensitive information.
Heap overflow vulnerability in parse_pce function in libsavsaudio.so in Editor Lite prior to version 4.0.41.3
CVE-2022-39891
7.5 - High
- November 09, 2022
Heap overflow vulnerability in parse_pce function in libsavsaudio.so in Editor Lite prior to version 4.0.41.3 allows attacker to get information.
Memory Corruption
Improper access control in Samsung Pass prior to version 4.0.05.1
CVE-2022-39892
9.8 - Critical
- November 09, 2022
Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature.
Sensitive information exposure vulnerability in FmmBaseModel in Galaxy Buds Pro Manage prior to version 4.1.22092751
CVE-2022-39893
3.3 - Low
- November 09, 2022
Sensitive information exposure vulnerability in FmmBaseModel in Galaxy Buds Pro Manage prior to version 4.1.22092751 allows local attackers with log access permission to get device identifier data through device log.
Insertion of Sensitive Information into Log File
Improper access control vulnerability in QuickShare prior to version 13.2.3.5
CVE-2022-39860
3.5 - Low
- October 07, 2022
Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast.
Exposure of Resource to Wrong Sphere
Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51
CVE-2022-39861
3.3 - Low
- October 07, 2022
Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege.
AuthZ
Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3
CVE-2022-39863
4.7 - Medium
- October 07, 2022
Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission.
Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25
CVE-2022-39864
7.5 - High
- October 07, 2022
Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit intent.
Exposure of Resource to Wrong Sphere
Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0
CVE-2022-39865
7.5 - High
- October 07, 2022
Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.
Exposure of Resource to Wrong Sphere
Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0
CVE-2022-39866
7.5 - High
- October 07, 2022
Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.
Exposure of Resource to Wrong Sphere
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0
CVE-2022-39867
7.5 - High
- October 07, 2022
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast.
Exposure of Resource to Wrong Sphere
Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0
CVE-2022-39868
7.5 - High
- October 07, 2022
Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.
Exposure of Resource to Wrong Sphere
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0
CVE-2022-39869
7.5 - High
- October 07, 2022
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast.
Exposure of Resource to Wrong Sphere
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0
CVE-2022-39870
7.5 - High
- October 07, 2022
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast.
Exposure of Resource to Wrong Sphere
Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0
CVE-2022-39871
7.5 - High
- October 07, 2022
Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts.
Exposure of Resource to Wrong Sphere
Improper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC address of the connected Bluetooth device.
CVE-2022-39872
3.3 - Low
- October 07, 2022
Improper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC address of the connected Bluetooth device.
Improper Handling of Exceptional Conditions
Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0
CVE-2022-39874
5.5 - Medium
- October 07, 2022
Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.
Insertion of Sensitive Information into Log File
Improper component protection vulnerability in Samsung Account prior to version 13.5.0
CVE-2022-39875
4.4 - Medium
- October 07, 2022
Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.
Insertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13
CVE-2022-39876
3.3 - Low
- October 07, 2022
Insertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13 allows attacker to access device IMEI.
Insertion of Sensitive Information into Log File
Improper access control vulnerability in Samsung Checkout prior to version 5.0.55.3
CVE-2022-39878
5.5 - Medium
- October 07, 2022
Improper access control vulnerability in Samsung Checkout prior to version 5.0.55.3 allows attackers to access sensitive information via implicit intent broadcast.
Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14
CVE-2022-39873
4.6 - Medium
- October 07, 2022
Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication.
AuthZ
Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51
CVE-2022-39857
5.5 - Medium
- October 07, 2022
Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege.
Exposure of Resource to Wrong Sphere
Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51
CVE-2022-39858
7.8 - High
- October 07, 2022
Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to write arbitrary file as FactoryCamera privilege.
Directory traversal
Implicit intent hijacking vulnerability in UPHelper library prior to version 3.0.12
CVE-2022-39859
3.3 - Low
- October 07, 2022
Implicit intent hijacking vulnerability in UPHelper library prior to version 3.0.12 allows attackers to access sensitive information via implicit intent.
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE)
CVE-2022-40279
7.5 - High
- September 29, 2022
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dispatch, leading to a denial of service (malfunction).
Unchecked Return Value
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE)
CVE-2022-40278
7.5 - High
- September 29, 2022
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_free after sqlite3_exec, leading to a denial of service.
Dangling pointer
A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACComputeFinal function in Samsung mTower through 0.3.0
CVE-2022-40757
7.5 - High
- September 16, 2022
A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACComputeFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACComputeFinal with an excessive size value of messageLen.
Buffer Overflow
A Buffer Access with Incorrect Length Value vulnerablity in the TEE_CipherUpdate function in Samsung mTower through 0.3.0
CVE-2022-40758
7.5 - High
- September 16, 2022
A Buffer Access with Incorrect Length Value vulnerablity in the TEE_CipherUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_CipherUpdate with an excessive size value of srcLen.
Buffer Overflow
A NULL pointer dereference issue in the TEE_MACCompareFinal function in Samsung mTower through 0.3.0
CVE-2022-40759
7.5 - High
- September 16, 2022
A NULL pointer dereference issue in the TEE_MACCompareFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACCompareFinal with a NULL pointer for the parameter operation.
NULL Pointer Dereference
A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mTower through 0.3.0
CVE-2022-40760
7.5 - High
- September 16, 2022
A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACUpdate with an excessive size value of chunkSize.
Buffer Overflow
The function tee_obj_free in Samsung mTower through 0.3.0
CVE-2022-40761
7.5 - High
- September 16, 2022
The function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_AllocateOperation with a disturbed heap layout, related to utee_cryp_obj_alloc.
Improper Input Validation
A Memory Allocation with Excessive Size Value vulnerablity in the TEE_Realloc function in Samsung mTower through 0.3.0
CVE-2022-40762
7.5 - High
- September 16, 2022
A Memory Allocation with Excessive Size Value vulnerablity in the TEE_Realloc function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_Realloc with an excessive number for the parameter len.
Allocation of Resources Without Limits or Throttling
DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22083_3
CVE-2022-39846
7.8 - High
- September 09, 2022
DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22083_3 allows attacker to execute arbitrary code.
DLL preloading
Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLinker of?Waterplugin prior to version 2.2.11.22081151 leaks MAC address of the connected Bluetooth device.
CVE-2022-36873
6.5 - Medium
- September 09, 2022
Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLinker of?Waterplugin prior to version 2.2.11.22081151 leaks MAC address of the connected Bluetooth device.
Improper Handling of Insufficient Permissions or Privileges vulnerability in Waterplugin prior to 2.2.11.22040751
CVE-2022-36874
6.2 - Medium
- September 09, 2022
Improper Handling of Insufficient Permissions or Privileges vulnerability in Waterplugin prior to 2.2.11.22040751 allows attacker to access device IMEI and Serial number.
Improper Handling of Exceptional Conditions
Improper restriction of broadcasting Intent in SaWebViewRelayActivity of?Waterplugin prior to version 2.2.11.22081151
CVE-2022-36875
5.5 - Medium
- September 09, 2022
Improper restriction of broadcasting Intent in SaWebViewRelayActivity of?Waterplugin prior to version 2.2.11.22081151 allows attacker to access the file without permission.
Exposure of Resource to Wrong Sphere
Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10
CVE-2022-36876
2.4 - Low
- September 09, 2022
Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication.
AuthZ
Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China
CVE-2022-36877
3.3 - Low
- September 09, 2022
Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via log.
Insertion of Sensitive Information into Log File
Exposure of Sensitive Information in Find My Mobile prior to version 7.2.25.14
CVE-2022-36878
3.3 - Low
- September 09, 2022
Exposure of Sensitive Information in Find My Mobile prior to version 7.2.25.14 allows local attacker to access IMEI via log.
Information Disclosure
Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083
CVE-2022-39844
7.1 - High
- September 09, 2022
Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083 allows local attackers to delete arbitrary directory using directory junction.
Improper Validation of Integrity Check Value
Improper validation of integrity check vulnerability in Samsung Kies prior to version 2.6.4.22074
CVE-2022-39845
7.1 - High
- September 09, 2022
Improper validation of integrity check vulnerability in Samsung Kies prior to version 2.6.4.22074 allows local attackers to delete arbitrary directory using directory junction.
Improper Validation of Integrity Check Value
Improper access control vulnerability in Samsung pass prior to version 4.0.03.1
CVE-2022-36851
4.6 - Medium
- September 09, 2022
Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device.
Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6
CVE-2022-36859
4.8 - Medium
- September 09, 2022
Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6 allows privileged attackers to trigger a XSS on a victim's devices.
Improper Input Validation
Improper access control and intent redirection in Samsung Email prior to 6.1.70.20
CVE-2022-36864
7.8 - High
- September 09, 2022
Improper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and execute privileged behavior.
Improper access control vulnerability in Editor Lite prior to version 4.0.40.14
CVE-2022-36867
5.5 - Medium
- September 09, 2022
Improper access control vulnerability in Editor Lite prior to version 4.0.40.14 allows attackers to access sensitive information.
Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59
CVE-2022-36869
6.1 - Medium
- September 09, 2022
Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the file without permission.
Pending Intent hijacking vulnerability in MTransferNotificationManager in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global
CVE-2022-36870
6.5 - Medium
- September 09, 2022
Pending Intent hijacking vulnerability in MTransferNotificationManager in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.
Pending Intent hijacking vulnerability in NotiCenterUtils in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global
CVE-2022-36871
6.5 - Medium
- September 09, 2022
Pending Intent hijacking vulnerability in NotiCenterUtils in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.
Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global
CVE-2022-36872
6.5 - Medium
- September 09, 2022
Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE)
CVE-2022-40280
7.5 - High
- September 08, 2022
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_close after sqlite3_open_v2, leading to a denial of service.
Missing Release of Resource after Effective Lifetime
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE)
CVE-2022-40281
7.5 - High
- September 08, 2022
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). cyassl_connect_step2 in curl/vtls/cyassl.c has a missing X509_free after SSL_get_peer_certificate, leading to information disclosure.
Memory Leak
sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key
CVE-2022-39828
7.5 - High
- September 05, 2022
sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service.
There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new.
CVE-2022-39829
7.5 - High
- September 05, 2022
There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new.
NULL Pointer Dereference
sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates
CVE-2022-39830
7.5 - High
- September 05, 2022
sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service.
Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference
CVE-2022-36622
7.5 - High
- September 01, 2022
Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1.
NULL Pointer Dereference
Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference
CVE-2022-36621
7.5 - High
- September 01, 2022
Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject.
NULL Pointer Dereference
TEE_Malloc in Samsung mTower through 0.3.0
CVE-2022-38155
7.5 - High
- August 11, 2022
TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash.
Allocation of Resources Without Limits or Throttling
Implicit Intent hijacking vulnerability in Galaxy Wearable prior to version 2.2.50
CVE-2022-36838
4.6 - Medium
- August 05, 2022
Implicit Intent hijacking vulnerability in Galaxy Wearable prior to version 2.2.50 allows attacker to get sensitive information.
Intent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20
CVE-2022-36837
5.5 - Medium
- August 05, 2022
Intent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows attacker to get sensitive information.
Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3
CVE-2022-33733
3.3 - Low
- August 05, 2022
Sensitive information exposure in onCharacteristicRead in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission.
AuthZ
Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34
CVE-2022-36835
3.3 - Low
- August 05, 2022
Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allows attackers to access arbitrary files.
DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50
CVE-2022-36840
7.8 - High
- August 05, 2022
DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code.
DLL preloading
Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3
CVE-2022-33734
5.5 - Medium
- August 05, 2022
Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission.
AuthZ
SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1
CVE-2022-36839
5.5 - Medium
- August 05, 2022
SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information.
SQL Injection
Path traversal vulnerability in UriFileUtils of Samsung Notes prior to version 4.3.14.39
CVE-2022-36831
5.5 - Medium
- August 05, 2022
Path traversal vulnerability in UriFileUtils of Samsung Notes prior to version 4.3.14.39 allows attacker to access some file as Samsung Notes permission.
Directory traversal
Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51
CVE-2022-36832
3.3 - Low
- August 05, 2022
Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows attackers to access external storage as Cameralyzer privilege.
Improper Privilege Management
Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07
CVE-2022-36834
5 - Medium
- August 05, 2022
Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interaction.
Information Disclosure
The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0
CVE-2022-35858
7.8 - High
- August 04, 2022
The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by invoking the function TEE_PopulateTransientObject with a large number in the parameter attrCount.
Memory Leak
Improper validation of integrity check vulnerability in Samsung USB Driver Windows Installer for Mobile Phones prior to version 1.7.56.0
CVE-2022-33711
5.5 - Medium
- July 12, 2022
Improper validation of integrity check vulnerability in Samsung USB Driver Windows Installer for Mobile Phones prior to version 1.7.56.0 allows local attackers to delete arbitrary directory using directory junction.
Improper Validation of Integrity Check Value
Information exposure in Calendar prior to version 12.3.05.10000
CVE-2022-33705
3.3 - Low
- July 12, 2022
Information exposure in Calendar prior to version 12.3.05.10000 allows attacker to access calendar schedule without READ_CALENDAR permission.
AuthZ
Implicit Intent hijacking vulnerability in Samsung Cloud prior to version 5.2.0
CVE-2022-33713
7.5 - High
- July 12, 2022
Implicit Intent hijacking vulnerability in Samsung Cloud prior to version 5.2.0 allows attacker to get sensitive information.
Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8
CVE-2022-33706
2.4 - Low
- July 12, 2022
Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture.
Improper identifier creation logic in Find My Mobile prior to version 7.2.24.12
CVE-2022-33707
5.3 - Medium
- July 12, 2022
Improper identifier creation logic in Find My Mobile prior to version 7.2.24.12 allows attacker to identify the device.
Use of Insufficiently Random Values
Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8
CVE-2022-33708
7.8 - High
- July 12, 2022
Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.
Improper Privilege Management
Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8
CVE-2022-33709
7.8 - High
- July 12, 2022
Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.
Improper Privilege Management
Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8
CVE-2022-33710
7.8 - High
- July 12, 2022
Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.
Improper Privilege Management
Improper access control vulnerability in Quick Share prior to version 13.1.2.4
CVE-2022-30745
5.5 - Medium
- June 07, 2022
Improper access control vulnerability in Quick Share prior to version 13.1.2.4 allows attacker to access internal files in Quick Share.
AuthZ
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6
CVE-2022-30743
5.3 - Medium
- June 07, 2022
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission.
Improper Privilege Management
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6
CVE-2022-30739
4.3 - Medium
- June 07, 2022
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get an user email or phone number with a normal level permission.
Improper Privilege Management
Implicit Intent hijacking vulnerability in Samsung Account prior to version 13.2.00.6
CVE-2022-30737
5.3 - Medium
- June 07, 2022
Implicit Intent hijacking vulnerability in Samsung Account prior to version 13.2.00.6 allows attackers to get email ID.
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6
CVE-2022-30736
5.3 - Medium
- June 07, 2022
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission.
Improper Privilege Management
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6
CVE-2022-30735
7.5 - High
- June 07, 2022
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the access_token without permission.
Improper Privilege Management
Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6
CVE-2022-30734
5.3 - Medium
- June 07, 2022
Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission.
Exposure of Resource to Wrong Sphere
Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6
CVE-2022-30733
5.3 - Medium
- June 07, 2022
Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission.
Insertion of Sensitive Information into Log File
Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6
CVE-2022-30732
7.5 - High
- June 07, 2022
Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via onActivityResult.
Exposure of Resource to Wrong Sphere
DLL hijacking vulnerability in KiesWrapper in Samsung Kies prior to version 2.6.4.22043_1
CVE-2022-30744
7.8 - High
- June 07, 2022
DLL hijacking vulnerability in KiesWrapper in Samsung Kies prior to version 2.6.4.22043_1 allows attacker to execute arbitrary code.
DLL preloading
Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2.24.12
CVE-2022-30742
3.3 - Low
- June 07, 2022
Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permissio to get sim card information through device log.
Insertion of Sensitive Information into Log File
Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69
CVE-2022-30740
4.3 - Medium
- June 07, 2022
Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers.
Insecure Storage of Sensitive Information
Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12
CVE-2022-30741
3.3 - Low
- June 07, 2022
Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log.
Insertion of Sensitive Information into Log File
Improper access control vulnerability in Smart Things prior to 1.7.85.25
CVE-2022-30749
7.8 - High
- June 07, 2022
Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity.
authentification
Missing caller check in Smart Things prior to version 1.7.85.12
CVE-2022-30746
7.5 - High
- June 07, 2022
Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API.
Exposure of Resource to Wrong Sphere
PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25
CVE-2022-30747
5.5 - Medium
- June 07, 2022
PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent.
Incorrect Default Permissions
Unprotected dynamic receiver in Samsung Members prior to version 4.2.005
CVE-2022-30748
5.5 - Medium
- June 07, 2022
Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity.
Improper authorization in Samsung Pass prior to 1.0.00.33
CVE-2022-30730
4.6 - Medium
- June 07, 2022
Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication.
AuthZ
Improper access control vulnerability in My Files prior to version 13.1.00.193
CVE-2022-30731
5.5 - Medium
- June 07, 2022
Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application.
AuthZ