Samsung Pay
by Samsung Pay
CVEs (30)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-33722 | Med | 0.26 | 4.0 | 0.00 | Aug 5, 2022 | Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address. | ||
| CVE-2022-30716 | Med | 0.26 | 4.0 | 0.00 | Jun 7, 2022 | Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device. | ||
| CVE-2022-27832 | Med | 0.26 | 4.0 | 0.00 | Apr 11, 2022 | Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file. | ||
| CVE-2022-25822 | Med | 0.26 | 4.0 | 0.00 | Mar 10, 2022 | An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash. | ||
| CVE-2022-22272 | Med | 0.26 | 4.0 | 0.00 | Jan 10, 2022 | Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission | ||
| CVE-2022-36851 | Low | 0.25 | 3.9 | 0.00 | Sep 9, 2022 | Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device. | ||
| CVE-2022-24000 | Low | 0.25 | 3.9 | 0.00 | Feb 11, 2022 | PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. | ||
| CVE-2022-36834 | Low | 0.21 | 3.3 | 0.00 | Aug 5, 2022 | Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interaction. | ||
| CVE-2022-30753 | Low | 0.21 | 3.3 | 0.00 | Jul 12, 2022 | Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission. | ||
| CVE-2022-24924 | Low | 0.14 | 2.2 | 0.01 | Feb 11, 2022 | An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission. |
- risk 0.26cvss 4.0epss 0.00
Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address.
- risk 0.26cvss 4.0epss 0.00
Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device.
- risk 0.26cvss 4.0epss 0.00
Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file.
- risk 0.26cvss 4.0epss 0.00
An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash.
- risk 0.26cvss 4.0epss 0.00
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission
- risk 0.25cvss 3.9epss 0.00
Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device.
- risk 0.25cvss 3.9epss 0.00
PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent.
- risk 0.21cvss 3.3epss 0.00
Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interaction.
- risk 0.21cvss 3.3epss 0.00
Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission.
- risk 0.14cvss 2.2epss 0.01
An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission.
Page 2 of 2