Vendor CVEs
Samsung Mobile
All CVEs
2,204 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-39849 | 0.00 | — | 0.00 | Oct 7, 2022 | Improper access control in knox_vpn_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data. | |||
| CVE-2022-39870 | 0.00 | — | 0.00 | Oct 7, 2022 | Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast. | |||
| CVE-2022-39874 | 0.00 | — | 0.00 | Oct 7, 2022 | Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. | |||
| CVE-2022-39862 | 0.00 | — | 0.01 | Oct 7, 2022 | Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api. | |||
| CVE-2022-39847 | 0.00 | — | 0.00 | Oct 7, 2022 | Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions. | |||
| CVE-2022-39867 | 0.00 | — | 0.00 | Oct 7, 2022 | Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast. | |||
| CVE-2022-39854 | 0.00 | — | 0.00 | Oct 7, 2022 | Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory. | |||
| CVE-2022-39858 | 0.00 | — | 0.00 | Oct 7, 2022 | Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to write arbitrary file as FactoryCamera privilege. | |||
| CVE-2022-39859 | 0.00 | — | 0.00 | Oct 7, 2022 | Implicit intent hijacking vulnerability in UPHelper library prior to version 3.0.12 allows attackers to access sensitive information via implicit intent. | |||
| CVE-2022-39855 | 0.00 | — | 0.00 | Oct 7, 2022 | Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices. | |||
| CVE-2022-39869 | 0.00 | — | 0.00 | Oct 7, 2022 | Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast. | |||
| CVE-2022-39861 | 0.00 | — | 0.00 | Oct 7, 2022 | Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege. | |||
| CVE-2022-39848 | 0.00 | — | 0.00 | Oct 7, 2022 | Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log. | |||
| CVE-2022-39853 | 0.00 | — | 0.00 | Oct 7, 2022 | A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault. | |||
| CVE-2022-39876 | 0.00 | — | 0.00 | Oct 7, 2022 | Insertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13 allows attacker to access device IMEI. | |||
| CVE-2022-39865 | 0.00 | — | 0.00 | Oct 7, 2022 | Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast. | |||
| CVE-2022-39857 | 0.00 | — | 0.00 | Oct 7, 2022 | Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege. | |||
| CVE-2022-39850 | 0.00 | — | 0.00 | Oct 7, 2022 | Improper access control in mum_container_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data. | |||
| CVE-2022-39878 | 0.00 | — | 0.00 | Oct 7, 2022 | Improper access control vulnerability in Samsung Checkout prior to version 5.0.55.3 allows attackers to access sensitive information via implicit intent broadcast. | |||
| CVE-2022-36868 | 0.00 | — | 0.00 | Oct 7, 2022 | Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device. | |||
| CVE-2022-39871 | 0.00 | — | 0.00 | Oct 7, 2022 | Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts. | |||
| CVE-2022-32591 | 0.00 | — | 0.01 | Oct 7, 2022 | In ril, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07257259; Issue ID: ALPS07257259. | |||
| CVE-2022-39863 | 0.00 | — | 0.00 | Oct 7, 2022 | Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission. | |||
| CVE-2022-39875 | 0.00 | — | 0.00 | Oct 7, 2022 | Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout. | |||
| CVE-2022-39877 | 0.00 | — | 0.00 | Oct 7, 2022 | Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. | |||
| CVE-2022-39872 | 0.00 | — | 0.00 | Oct 7, 2022 | Improper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC address of the connected Bluetooth device. | |||
| CVE-2022-39873 | 0.00 | — | 0.00 | Oct 7, 2022 | Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication. | |||
| CVE-2022-40757 | 0.00 | — | 0.01 | Sep 16, 2022 | A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACComputeFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACComputeFinal with an excessive size value of messageLen. | |||
| CVE-2022-40758 | 0.00 | — | 0.01 | Sep 16, 2022 | A Buffer Access with Incorrect Length Value vulnerablity in the TEE_CipherUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_CipherUpdate with an excessive size value of srcLen. | |||
| CVE-2022-40759 | 0.00 | — | 0.01 | Sep 16, 2022 | A NULL pointer dereference issue in the TEE_MACCompareFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACCompareFinal with a NULL pointer for the parameter operation. | |||
| CVE-2022-40760 | 0.00 | — | 0.01 | Sep 16, 2022 | A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACUpdate with an excessive size value of chunkSize. | |||
| CVE-2022-40761 | 0.00 | — | 0.01 | Sep 16, 2022 | The function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_AllocateOperation with a disturbed heap layout, related to utee_cryp_obj_alloc. | |||
| CVE-2022-40762 | 0.00 | — | 0.01 | Sep 16, 2022 | A Memory Allocation with Excessive Size Value vulnerablity in the TEE_Realloc function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_Realloc with an excessive number for the parameter len. | |||
| CVE-2022-36869 | 0.00 | — | 0.00 | Sep 9, 2022 | Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the file without permission. | |||
| CVE-2022-36855 | 0.00 | — | 0.00 | Sep 9, 2022 | A use after free vulnerability in iva_ctl driver prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. | |||
| CVE-2022-36851 | 0.00 | — | 0.00 | Sep 9, 2022 | Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device. | |||
| CVE-2022-36864 | 0.00 | — | 0.00 | Sep 9, 2022 | Improper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and execute privileged behavior. | |||
| CVE-2022-36867 | 0.00 | — | 0.00 | Sep 9, 2022 | Improper access control vulnerability in Editor Lite prior to version 4.0.40.14 allows attackers to access sensitive information. | |||
| CVE-2022-36850 | 0.00 | — | 0.00 | Sep 9, 2022 | Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid. | |||
| CVE-2022-36866 | 0.00 | — | 0.00 | Sep 9, 2022 | Improper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. | |||
| CVE-2022-36857 | 0.00 | — | 0.00 | Sep 9, 2022 | Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data. | |||
| CVE-2022-36865 | 0.00 | — | 0.00 | Sep 9, 2022 | Improper access control in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to access device information. | |||
| CVE-2022-36861 | 0.00 | — | 0.00 | Sep 9, 2022 | Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege. | |||
| CVE-2022-36856 | 0.00 | — | 0.00 | Sep 9, 2022 | Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows attacker to start emergency calls via undefined permission. | |||
| CVE-2022-36852 | 0.00 | — | 0.00 | Sep 9, 2022 | Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local attacker to access internal application data. | |||
| CVE-2022-36853 | 0.00 | — | 0.00 | Sep 9, 2022 | Intent redirection in Photo Editor prior to SMR Sep-2022 Release 1 allows attacker to get sensitive information. | |||
| CVE-2022-36848 | 0.00 | — | 0.00 | Sep 9, 2022 | Improper Authorization vulnerability in setDualDARPolicyCmd prior to SMR Sep-2022 Release 1 allows local attackers to cause local permanent denial of service. | |||
| CVE-2022-36872 | 0.00 | — | 0.00 | Sep 9, 2022 | Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent. | |||
| CVE-2022-36873 | 0.00 | — | 0.00 | Sep 9, 2022 | Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLinker of?Waterplugin prior to version 2.2.11.22081151 leaks MAC address of the connected Bluetooth device. | |||
| CVE-2022-36870 | 0.00 | — | 0.00 | Sep 9, 2022 | Pending Intent hijacking vulnerability in MTransferNotificationManager in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent. |
- CVE-2022-39849Oct 7, 2022risk 0.00cvss —epss 0.00
Improper access control in knox_vpn_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data.
- CVE-2022-39870Oct 7, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via PUSH_MESSAGE_RECEIVED broadcast.
- CVE-2022-39874Oct 7, 2022risk 0.00cvss —epss 0.00
Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.
- CVE-2022-39862Oct 7, 2022risk 0.00cvss —epss 0.01
Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface api.
- CVE-2022-39847Oct 7, 2022risk 0.00cvss —epss 0.00
Use after free vulnerability in set_nft_pid and signal_handler function of NFC driver prior to SMR Oct-2022 Release 1 allows attackers to perform malicious actions.
- CVE-2022-39867Oct 7, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER broadcast.
- CVE-2022-39854Oct 7, 2022risk 0.00cvss —epss 0.00
Improper protection in IOMMU prior to SMR Oct-2022 Release 1 allows unauthorized access to secure memory.
- CVE-2022-39858Oct 7, 2022risk 0.00cvss —epss 0.00
Path traversal vulnerability in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to write arbitrary file as FactoryCamera privilege.
- CVE-2022-39859Oct 7, 2022risk 0.00cvss —epss 0.00
Implicit intent hijacking vulnerability in UPHelper library prior to version 3.0.12 allows attackers to access sensitive information via implicit intent.
- CVE-2022-39855Oct 7, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in FACM application prior to SMR Oct-2022 Release 1 allows a local attacker to connect arbitrary AP and Bluetooth devices.
- CVE-2022-39869Oct 7, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via REMOVE_PERSISTENT_BANNER broadcast.
- CVE-2022-39861Oct 7, 2022risk 0.00cvss —epss 0.00
Unprotected Receiver in AtBroadcastReceiver in FactoryCamera prior to version 3.5.51 allows attackers to record video without camera privilege.
- CVE-2022-39848Oct 7, 2022risk 0.00cvss —epss 0.00
Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log.
- CVE-2022-39853Oct 7, 2022risk 0.00cvss —epss 0.00
A use after free vulnerability in perf-mgr driver prior to SMR Oct-2022 Release 1 allows attacker to cause memory access fault.
- CVE-2022-39876Oct 7, 2022risk 0.00cvss —epss 0.00
Insertion of Sensitive Information into Log in PushRegIdUpdateClient of SReminder prior to 8.2.01.13 allows attacker to access device IMEI.
- CVE-2022-39865Oct 7, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcast.
- CVE-2022-39857Oct 7, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid privilege.
- CVE-2022-39850Oct 7, 2022risk 0.00cvss —epss 0.00
Improper access control in mum_container_policy service prior to SMR Oct-2022 Release 1 allows allows unauthorized read of configuration data.
- CVE-2022-39878Oct 7, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in Samsung Checkout prior to version 5.0.55.3 allows attackers to access sensitive information via implicit intent broadcast.
- CVE-2022-36868Oct 7, 2022risk 0.00cvss —epss 0.00
Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device.
- CVE-2022-39871Oct 7, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability cloudNotificationManager.java in SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit broadcasts.
- CVE-2022-32591Oct 7, 2022risk 0.00cvss —epss 0.01
In ril, there is a possible system crash due to an incorrect bounds check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07257259; Issue ID: ALPS07257259.
- CVE-2022-39863Oct 7, 2022risk 0.00cvss —epss 0.00
Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission.
- CVE-2022-39875Oct 7, 2022risk 0.00cvss —epss 0.00
Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.
- CVE-2022-39877Oct 7, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.
- CVE-2022-39872Oct 7, 2022risk 0.00cvss —epss 0.00
Improper restriction of broadcasting Intent in ShareLive prior to version 13.2.03.5 leaks MAC address of the connected Bluetooth device.
- CVE-2022-39873Oct 7, 2022risk 0.00cvss —epss 0.00
Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication.
- CVE-2022-40757Sep 16, 2022risk 0.00cvss —epss 0.01
A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACComputeFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACComputeFinal with an excessive size value of messageLen.
- CVE-2022-40758Sep 16, 2022risk 0.00cvss —epss 0.01
A Buffer Access with Incorrect Length Value vulnerablity in the TEE_CipherUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_CipherUpdate with an excessive size value of srcLen.
- CVE-2022-40759Sep 16, 2022risk 0.00cvss —epss 0.01
A NULL pointer dereference issue in the TEE_MACCompareFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACCompareFinal with a NULL pointer for the parameter operation.
- CVE-2022-40760Sep 16, 2022risk 0.00cvss —epss 0.01
A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACUpdate with an excessive size value of chunkSize.
- CVE-2022-40761Sep 16, 2022risk 0.00cvss —epss 0.01
The function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_AllocateOperation with a disturbed heap layout, related to utee_cryp_obj_alloc.
- CVE-2022-40762Sep 16, 2022risk 0.00cvss —epss 0.01
A Memory Allocation with Excessive Size Value vulnerablity in the TEE_Realloc function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_Realloc with an excessive number for the parameter len.
- CVE-2022-36869Sep 9, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the file without permission.
- CVE-2022-36855Sep 9, 2022risk 0.00cvss —epss 0.00
A use after free vulnerability in iva_ctl driver prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
- CVE-2022-36851Sep 9, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device.
- CVE-2022-36864Sep 9, 2022risk 0.00cvss —epss 0.00
Improper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and execute privileged behavior.
- CVE-2022-36867Sep 9, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in Editor Lite prior to version 4.0.40.14 allows attackers to access sensitive information.
- CVE-2022-36850Sep 9, 2022risk 0.00cvss —epss 0.00
Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid.
- CVE-2022-36866Sep 9, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.
- CVE-2022-36857Sep 9, 2022risk 0.00cvss —epss 0.00
Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data.
- CVE-2022-36865Sep 9, 2022risk 0.00cvss —epss 0.00
Improper access control in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to access device information.
- CVE-2022-36861Sep 9, 2022risk 0.00cvss —epss 0.00
Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege.
- CVE-2022-36856Sep 9, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows attacker to start emergency calls via undefined permission.
- CVE-2022-36852Sep 9, 2022risk 0.00cvss —epss 0.00
Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local attacker to access internal application data.
- CVE-2022-36853Sep 9, 2022risk 0.00cvss —epss 0.00
Intent redirection in Photo Editor prior to SMR Sep-2022 Release 1 allows attacker to get sensitive information.
- CVE-2022-36848Sep 9, 2022risk 0.00cvss —epss 0.00
Improper Authorization vulnerability in setDualDARPolicyCmd prior to SMR Sep-2022 Release 1 allows local attackers to cause local permanent denial of service.
- CVE-2022-36872Sep 9, 2022risk 0.00cvss —epss 0.00
Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.
- CVE-2022-36873Sep 9, 2022risk 0.00cvss —epss 0.00
Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLinker of?Waterplugin prior to version 2.2.11.22081151 leaks MAC address of the connected Bluetooth device.
- CVE-2022-36870Sep 9, 2022risk 0.00cvss —epss 0.00
Pending Intent hijacking vulnerability in MTransferNotificationManager in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.
Page 27 of 45