Vendor CVEs
Samsung Mobile
All CVEs
2,204 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-36871 | 0.00 | — | 0.00 | Sep 9, 2022 | Pending Intent hijacking vulnerability in NotiCenterUtils in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent. | |||
| CVE-2022-36875 | 0.00 | — | 0.00 | Sep 9, 2022 | Improper restriction of broadcasting Intent in SaWebViewRelayActivity of?Waterplugin prior to version 2.2.11.22081151 allows attacker to access the file without permission. | |||
| CVE-2022-36858 | 0.00 | — | 0.00 | Sep 9, 2022 | A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc() function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. | |||
| CVE-2022-36854 | 0.00 | — | 0.00 | Sep 9, 2022 | Out of bound read in libapexjni.media.samsung.so prior to SMR Sep-2022 Release 1 allows attacker access unauthorized information. | |||
| CVE-2022-36874 | 0.00 | — | 0.00 | Sep 9, 2022 | Improper Handling of Insufficient Permissions or Privileges vulnerability in Waterplugin prior to 2.2.11.22040751 allows attacker to access device IMEI and Serial number. | |||
| CVE-2022-36862 | 0.00 | — | 0.00 | Sep 9, 2022 | A heap-based overflow vulnerability in HWR::EngineCJK::Impl::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. | |||
| CVE-2022-36842 | 0.00 | — | 0.00 | Sep 9, 2022 | A heap-based overflow vulnerability in prepareRecogLibrary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. | |||
| CVE-2022-36863 | 0.00 | — | 0.00 | Sep 9, 2022 | A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. | |||
| CVE-2022-36860 | 0.00 | — | 0.00 | Sep 9, 2022 | A heap-based overflow vulnerability in LoadEnvironment function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. | |||
| CVE-2022-36843 | 0.00 | — | 0.00 | Sep 9, 2022 | A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. | |||
| CVE-2022-36844 | 0.00 | — | 0.00 | Sep 9, 2022 | A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. | |||
| CVE-2022-36846 | 0.00 | — | 0.00 | Sep 9, 2022 | A heap-based overflow vulnerability in ConstructDictionary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. | |||
| CVE-2022-36845 | 0.00 | — | 0.00 | Sep 9, 2022 | A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. | |||
| CVE-2022-36859 | 0.00 | — | 0.00 | Sep 9, 2022 | Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6 allows privileged attackers to trigger a XSS on a victim's devices. | |||
| CVE-2022-36847 | 0.00 | — | 0.00 | Sep 9, 2022 | Use after free vulnerability in mtp_send_signal function of MTP driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions. | |||
| CVE-2022-36876 | 0.00 | — | 0.00 | Sep 9, 2022 | Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication. | |||
| CVE-2022-36849 | 0.00 | — | 0.00 | Sep 9, 2022 | Use after free vulnerability in sdp_mm_set_process_sensitive function of sdpmm driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions. | |||
| CVE-2022-36841 | 0.00 | — | 0.00 | Sep 9, 2022 | A heap-based overflow vulnerability in PrepareRecogLibrary_Part function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault. | |||
| CVE-2022-39844 | 0.00 | — | 0.00 | Sep 9, 2022 | Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083 allows local attackers to delete arbitrary directory using directory junction. | |||
| CVE-2022-39846 | 0.00 | — | 0.00 | Sep 9, 2022 | DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22083_3 allows attacker to execute arbitrary code. | |||
| CVE-2022-36877 | 0.00 | — | 0.00 | Sep 9, 2022 | Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via log. | |||
| CVE-2022-36878 | 0.00 | — | 0.00 | Sep 9, 2022 | Exposure of Sensitive Information in Find My Mobile prior to version 7.2.25.14 allows local attacker to access IMEI via log. | |||
| CVE-2022-39845 | 0.00 | — | 0.00 | Sep 9, 2022 | Improper validation of integrity check vulnerability in Samsung Kies prior to version 2.6.4.22074 allows local attackers to delete arbitrary directory using directory junction. | |||
| CVE-2022-40280 | 0.00 | — | 0.01 | Sep 8, 2022 | An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_close after sqlite3_open_v2, leading to a denial of service. | |||
| CVE-2022-40278 | 0.00 | — | 0.01 | Sep 8, 2022 | An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_free after sqlite3_exec, leading to a denial of service. | |||
| CVE-2022-40279 | 0.00 | — | 0.01 | Sep 8, 2022 | An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dispatch, leading to a denial of service (malfunction). | |||
| CVE-2022-40281 | 0.00 | — | 0.01 | Sep 8, 2022 | An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). cyassl_connect_step2 in curl/vtls/cyassl.c has a missing X509_free after SSL_get_peer_certificate, leading to information disclosure. | |||
| CVE-2022-39828 | 0.00 | — | 0.01 | Sep 5, 2022 | sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service. | |||
| CVE-2022-39829 | 0.00 | — | 0.01 | Sep 5, 2022 | There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new. | |||
| CVE-2022-39830 | 0.00 | — | 0.01 | Sep 5, 2022 | sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service. | |||
| CVE-2022-36622 | 0.00 | — | 0.01 | Sep 1, 2022 | Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1. | |||
| CVE-2022-36621 | 0.00 | — | 0.01 | Sep 1, 2022 | Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject. | |||
| CVE-2022-34302 | 0.00 | — | 0.01 | Aug 26, 2022 | A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed… | |||
| CVE-2022-34303 | 0.00 | — | 0.01 | Aug 26, 2022 | A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader… | |||
| CVE-2022-20321 | 0.00 | — | 0.00 | Aug 11, 2022 | In Settings, there is a possible way for an application without permissions to read content of WiFi QR codes due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for… | |||
| CVE-2022-20297 | 0.00 | — | 0.00 | Aug 11, 2022 | In Settings, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:… | |||
| CVE-2022-38155 | 0.00 | — | 0.01 | Aug 11, 2022 | TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash. | |||
| CVE-2022-33720 | 0.00 | — | 0.00 | Aug 5, 2022 | Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut. | |||
| CVE-2022-33730 | 0.00 | — | 0.00 | Aug 5, 2022 | Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers. | |||
| CVE-2022-33719 | 0.00 | — | 0.00 | Aug 5, 2022 | Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow. | |||
| CVE-2022-33724 | 0.00 | — | 0.00 | Aug 5, 2022 | Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log. | |||
| CVE-2022-36833 | 0.00 | — | 0.00 | Aug 5, 2022 | Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in Android 10, and 3.5.04.8 in Android 11 and above allows local attacker to execute hidden function for developer by changing package name. | |||
| CVE-2022-33726 | 0.00 | — | 0.00 | Aug 5, 2022 | Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity. | |||
| CVE-2022-33722 | 0.00 | — | 0.00 | Aug 5, 2022 | Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address. | |||
| CVE-2022-36839 | 0.00 | — | 0.00 | Aug 5, 2022 | SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information. | |||
| CVE-2022-33721 | 0.00 | — | 0.00 | Aug 5, 2022 | A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege. | |||
| CVE-2022-33732 | 0.00 | — | 0.00 | Aug 5, 2022 | Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call. | |||
| CVE-2022-36832 | 0.00 | — | 0.00 | Aug 5, 2022 | Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows attackers to access external storage as Cameralyzer privilege. | |||
| CVE-2022-33731 | 0.00 | — | 0.00 | Aug 5, 2022 | Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components. | |||
| CVE-2022-36840 | 0.00 | — | 0.00 | Aug 5, 2022 | DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code. |
- CVE-2022-36871Sep 9, 2022risk 0.00cvss —epss 0.00
Pending Intent hijacking vulnerability in NotiCenterUtils in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.
- CVE-2022-36875Sep 9, 2022risk 0.00cvss —epss 0.00
Improper restriction of broadcasting Intent in SaWebViewRelayActivity of?Waterplugin prior to version 2.2.11.22081151 allows attacker to access the file without permission.
- CVE-2022-36858Sep 9, 2022risk 0.00cvss —epss 0.00
A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc() function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
- CVE-2022-36854Sep 9, 2022risk 0.00cvss —epss 0.00
Out of bound read in libapexjni.media.samsung.so prior to SMR Sep-2022 Release 1 allows attacker access unauthorized information.
- CVE-2022-36874Sep 9, 2022risk 0.00cvss —epss 0.00
Improper Handling of Insufficient Permissions or Privileges vulnerability in Waterplugin prior to 2.2.11.22040751 allows attacker to access device IMEI and Serial number.
- CVE-2022-36862Sep 9, 2022risk 0.00cvss —epss 0.00
A heap-based overflow vulnerability in HWR::EngineCJK::Impl::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
- CVE-2022-36842Sep 9, 2022risk 0.00cvss —epss 0.00
A heap-based overflow vulnerability in prepareRecogLibrary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
- CVE-2022-36863Sep 9, 2022risk 0.00cvss —epss 0.00
A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
- CVE-2022-36860Sep 9, 2022risk 0.00cvss —epss 0.00
A heap-based overflow vulnerability in LoadEnvironment function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
- CVE-2022-36843Sep 9, 2022risk 0.00cvss —epss 0.00
A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
- CVE-2022-36844Sep 9, 2022risk 0.00cvss —epss 0.00
A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
- CVE-2022-36846Sep 9, 2022risk 0.00cvss —epss 0.00
A heap-based overflow vulnerability in ConstructDictionary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
- CVE-2022-36845Sep 9, 2022risk 0.00cvss —epss 0.00
A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
- CVE-2022-36859Sep 9, 2022risk 0.00cvss —epss 0.00
Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6 allows privileged attackers to trigger a XSS on a victim's devices.
- CVE-2022-36847Sep 9, 2022risk 0.00cvss —epss 0.00
Use after free vulnerability in mtp_send_signal function of MTP driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions.
- CVE-2022-36876Sep 9, 2022risk 0.00cvss —epss 0.00
Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication.
- CVE-2022-36849Sep 9, 2022risk 0.00cvss —epss 0.00
Use after free vulnerability in sdp_mm_set_process_sensitive function of sdpmm driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions.
- CVE-2022-36841Sep 9, 2022risk 0.00cvss —epss 0.00
A heap-based overflow vulnerability in PrepareRecogLibrary_Part function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
- CVE-2022-39844Sep 9, 2022risk 0.00cvss —epss 0.00
Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083 allows local attackers to delete arbitrary directory using directory junction.
- CVE-2022-39846Sep 9, 2022risk 0.00cvss —epss 0.00
DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22083_3 allows attacker to execute arbitrary code.
- CVE-2022-36877Sep 9, 2022risk 0.00cvss —epss 0.00
Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via log.
- CVE-2022-36878Sep 9, 2022risk 0.00cvss —epss 0.00
Exposure of Sensitive Information in Find My Mobile prior to version 7.2.25.14 allows local attacker to access IMEI via log.
- CVE-2022-39845Sep 9, 2022risk 0.00cvss —epss 0.00
Improper validation of integrity check vulnerability in Samsung Kies prior to version 2.6.4.22074 allows local attackers to delete arbitrary directory using directory junction.
- CVE-2022-40280Sep 8, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_close after sqlite3_open_v2, leading to a denial of service.
- CVE-2022-40278Sep 8, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_free after sqlite3_exec, leading to a denial of service.
- CVE-2022-40279Sep 8, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dispatch, leading to a denial of service (malfunction).
- CVE-2022-40281Sep 8, 2022risk 0.00cvss —epss 0.01
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). cyassl_connect_step2 in curl/vtls/cyassl.c has a missing X509_free after SSL_get_peer_certificate, leading to information disclosure.
- CVE-2022-39828Sep 5, 2022risk 0.00cvss —epss 0.01
sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service.
- CVE-2022-39829Sep 5, 2022risk 0.00cvss —epss 0.01
There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new.
- CVE-2022-39830Sep 5, 2022risk 0.00cvss —epss 0.01
sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service.
- CVE-2022-36622Sep 1, 2022risk 0.00cvss —epss 0.01
Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1.
- CVE-2022-36621Sep 1, 2022risk 0.00cvss —epss 0.01
Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject.
- CVE-2022-34302Aug 26, 2022risk 0.00cvss —epss 0.01
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed…
- CVE-2022-34303Aug 26, 2022risk 0.00cvss —epss 0.01
A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader…
- CVE-2022-20321Aug 11, 2022risk 0.00cvss —epss 0.00
In Settings, there is a possible way for an application without permissions to read content of WiFi QR codes due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for…
- CVE-2022-20297Aug 11, 2022risk 0.00cvss —epss 0.00
In Settings, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…
- CVE-2022-38155Aug 11, 2022risk 0.00cvss —epss 0.01
TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash.
- CVE-2022-33720Aug 5, 2022risk 0.00cvss —epss 0.00
Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut.
- CVE-2022-33730Aug 5, 2022risk 0.00cvss —epss 0.00
Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers.
- CVE-2022-33719Aug 5, 2022risk 0.00cvss —epss 0.00
Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow.
- CVE-2022-33724Aug 5, 2022risk 0.00cvss —epss 0.00
Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log.
- CVE-2022-36833Aug 5, 2022risk 0.00cvss —epss 0.00
Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in Android 10, and 3.5.04.8 in Android 11 and above allows local attacker to execute hidden function for developer by changing package name.
- CVE-2022-33726Aug 5, 2022risk 0.00cvss —epss 0.00
Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity.
- CVE-2022-33722Aug 5, 2022risk 0.00cvss —epss 0.00
Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address.
- CVE-2022-36839Aug 5, 2022risk 0.00cvss —epss 0.00
SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information.
- CVE-2022-33721Aug 5, 2022risk 0.00cvss —epss 0.00
A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege.
- CVE-2022-33732Aug 5, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call.
- CVE-2022-36832Aug 5, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows attackers to access external storage as Cameralyzer privilege.
- CVE-2022-33731Aug 5, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components.
- CVE-2022-36840Aug 5, 2022risk 0.00cvss —epss 0.00
DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code.
Page 28 of 45