Samsung Internet
CVEs (19)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-25418 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2021 | Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition. | ||
| CVE-2021-25400 | Hig | 0.51 | 7.8 | 0.00 | Jun 11, 2021 | Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action. | ||
| CVE-2023-30674 | Med | 0.42 | 6.5 | 0.01 | Jul 6, 2023 | Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie. | ||
| CVE-2022-22290 | Med | 0.42 | 6.5 | 0.01 | Jan 14, 2022 | Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page. | ||
| CVE-2021-25466 | Med | 0.42 | 6.5 | 0.01 | Sep 9, 2021 | Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token. | ||
| CVE-2021-25419 | Med | 0.42 | 6.5 | 0.01 | Jun 11, 2021 | Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link. | ||
| CVE-2021-25520 | Med | 0.38 | 5.9 | 0.00 | Dec 8, 2021 | Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet. | ||
| CVE-2022-22284 | Med | 0.37 | 5.7 | 0.00 | Jan 10, 2022 | Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication | ||
| CVE-2021-25445 | Med | 0.35 | 5.3 | 0.01 | Aug 5, 2021 | Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted application to access internal files in Samsung Internet. | ||
| CVE-2022-39873 | Med | 0.28 | 4.3 | 0.00 | Oct 7, 2022 | Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication. | ||
| CVE-2022-30738 | Med | 0.28 | 4.3 | 0.01 | Jun 7, 2022 | Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script. | ||
| CVE-2022-30740 | Med | 0.27 | 4.1 | 0.00 | Jun 7, 2022 | Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers. | ||
| CVE-2021-25521 | Med | 0.26 | 4.0 | 0.00 | Dec 8, 2021 | Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet. | ||
| CVE-2023-30704 | Low | 0.25 | 3.8 | 0.00 | Aug 10, 2023 | Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication. | ||
| CVE-2022-27839 | Low | 0.21 | 3.3 | 0.01 | Apr 11, 2022 | Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials. | ||
| CVE-2021-25366 | Low | 0.21 | 3.2 | 0.00 | Mar 25, 2021 | Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate attackers to bypass the secret mode's authentication. | ||
| CVE-2021-25354 | Low | 0.21 | 3.3 | 0.00 | Mar 25, 2021 | Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink. | ||
| CVE-2024-20828 | Low | 0.16 | 2.4 | 0.00 | Feb 6, 2024 | Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication. | ||
| CVE-2021-25348 | Low | 0.14 | 2.1 | 0.00 | Mar 4, 2021 | Improper permission grant check in Samsung Internet prior to version 13.0.1.60 allows access to files in internal storage without authorized STORAGE permission. |
- risk 0.51cvss 7.8epss 0.00
Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition.
- risk 0.51cvss 7.8epss 0.00
Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action.
- risk 0.42cvss 6.5epss 0.01
Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie.
- risk 0.42cvss 6.5epss 0.01
Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page.
- risk 0.42cvss 6.5epss 0.01
Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token.
- risk 0.42cvss 6.5epss 0.01
Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link.
- risk 0.38cvss 5.9epss 0.00
Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet.
- risk 0.37cvss 5.7epss 0.00
Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication
- risk 0.35cvss 5.3epss 0.01
Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted application to access internal files in Samsung Internet.
- risk 0.28cvss 4.3epss 0.00
Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication.
- risk 0.28cvss 4.3epss 0.01
Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script.
- risk 0.27cvss 4.1epss 0.00
Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers.
- risk 0.26cvss 4.0epss 0.00
Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet.
- risk 0.25cvss 3.8epss 0.00
Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication.
- risk 0.21cvss 3.3epss 0.01
Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials.
- risk 0.21cvss 3.2epss 0.00
Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate attackers to bypass the secret mode's authentication.
- risk 0.21cvss 3.3epss 0.00
Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink.
- risk 0.16cvss 2.4epss 0.00
Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication.
- risk 0.14cvss 2.1epss 0.00
Improper permission grant check in Samsung Internet prior to version 13.0.1.60 allows access to files in internal storage without authorized STORAGE permission.