VYPR

Vendor CVEs

Samsung Mobile

All CVEs

2,204 total · sorted by risk
  • CVE-2022-36871Sep 9, 2022
    risk 0.00cvss epss 0.00

    Pending Intent hijacking vulnerability in NotiCenterUtils in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.

  • CVE-2022-36875Sep 9, 2022
    risk 0.00cvss epss 0.00

    Improper restriction of broadcasting Intent in SaWebViewRelayActivity of?Waterplugin prior to version 2.2.11.22081151 allows attacker to access the file without permission.

  • CVE-2022-36858Sep 9, 2022
    risk 0.00cvss epss 0.00

    A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc() function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

  • CVE-2022-36854Sep 9, 2022
    risk 0.00cvss epss 0.00

    Out of bound read in libapexjni.media.samsung.so prior to SMR Sep-2022 Release 1 allows attacker access unauthorized information.

  • CVE-2022-36874Sep 9, 2022
    risk 0.00cvss epss 0.00

    Improper Handling of Insufficient Permissions or Privileges vulnerability in Waterplugin prior to 2.2.11.22040751 allows attacker to access device IMEI and Serial number.

  • CVE-2022-36862Sep 9, 2022
    risk 0.00cvss epss 0.00

    A heap-based overflow vulnerability in HWR::EngineCJK::Impl::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

  • CVE-2022-36842Sep 9, 2022
    risk 0.00cvss epss 0.00

    A heap-based overflow vulnerability in prepareRecogLibrary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

  • CVE-2022-36863Sep 9, 2022
    risk 0.00cvss epss 0.00

    A heap-based overflow vulnerability in GetCorrectDbLanguageTypeEsPKc function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

  • CVE-2022-36860Sep 9, 2022
    risk 0.00cvss epss 0.00

    A heap-based overflow vulnerability in LoadEnvironment function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

  • CVE-2022-36843Sep 9, 2022
    risk 0.00cvss epss 0.00

    A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

  • CVE-2022-36844Sep 9, 2022
    risk 0.00cvss epss 0.00

    A heap-based overflow vulnerability in HWR::EngJudgeModel::Construct() in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

  • CVE-2022-36846Sep 9, 2022
    risk 0.00cvss epss 0.00

    A heap-based overflow vulnerability in ConstructDictionary function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

  • CVE-2022-36845Sep 9, 2022
    risk 0.00cvss epss 0.00

    A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

  • CVE-2022-36859Sep 9, 2022
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6 allows privileged attackers to trigger a XSS on a victim's devices.

  • CVE-2022-36847Sep 9, 2022
    risk 0.00cvss epss 0.00

    Use after free vulnerability in mtp_send_signal function of MTP driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions.

  • CVE-2022-36876Sep 9, 2022
    risk 0.00cvss epss 0.00

    Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication.

  • CVE-2022-36849Sep 9, 2022
    risk 0.00cvss epss 0.00

    Use after free vulnerability in sdp_mm_set_process_sensitive function of sdpmm driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions.

  • CVE-2022-36841Sep 9, 2022
    risk 0.00cvss epss 0.00

    A heap-based overflow vulnerability in PrepareRecogLibrary_Part function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.

  • CVE-2022-39844Sep 9, 2022
    risk 0.00cvss epss 0.00

    Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083 allows local attackers to delete arbitrary directory using directory junction.

  • CVE-2022-39846Sep 9, 2022
    risk 0.00cvss epss 0.00

    DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22083_3 allows attacker to execute arbitrary code.

  • CVE-2022-36877Sep 9, 2022
    risk 0.00cvss epss 0.00

    Exposure of Sensitive Information in FaqSymptomCardViewModel in Samsung Members prior to versions 4.3.00.11 in Global and 14.0.02.4 in China allows local attackers to access device identification via log.

  • CVE-2022-36878Sep 9, 2022
    risk 0.00cvss epss 0.00

    Exposure of Sensitive Information in Find My Mobile prior to version 7.2.25.14 allows local attacker to access IMEI via log.

  • CVE-2022-39845Sep 9, 2022
    risk 0.00cvss epss 0.00

    Improper validation of integrity check vulnerability in Samsung Kies prior to version 2.6.4.22074 allows local attackers to delete arbitrary directory using directory junction.

  • CVE-2022-40280Sep 8, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_close after sqlite3_open_v2, leading to a denial of service.

  • CVE-2022-40278Sep 8, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_free after sqlite3_exec, leading to a denial of service.

  • CVE-2022-40279Sep 8, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). l2_packet_receive_timeout in wpa_supplicant/src/l2_packet/l2_packet_pcap.c has a missing check on the return value of pcap_dispatch, leading to a denial of service (malfunction).

  • CVE-2022-40281Sep 8, 2022
    risk 0.00cvss epss 0.01

    An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). cyassl_connect_step2 in curl/vtls/cyassl.c has a missing X509_free after SSL_get_peer_certificate, leading to information disclosure.

  • CVE-2022-39828Sep 5, 2022
    risk 0.00cvss epss 0.01

    sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service.

  • CVE-2022-39829Sep 5, 2022
    risk 0.00cvss epss 0.01

    There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new.

  • CVE-2022-39830Sep 5, 2022
    risk 0.00cvss epss 0.01

    sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service.

  • CVE-2022-36622Sep 1, 2022
    risk 0.00cvss epss 0.01

    Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1.

  • CVE-2022-36621Sep 1, 2022
    risk 0.00cvss epss 0.01

    Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject.

  • CVE-2022-34302Aug 26, 2022
    risk 0.00cvss epss 0.01

    A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed…

  • CVE-2022-34303Aug 26, 2022
    risk 0.00cvss epss 0.01

    A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader…

  • CVE-2022-20321Aug 11, 2022
    risk 0.00cvss epss 0.00

    In Settings, there is a possible way for an application without permissions to read content of WiFi QR codes due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for…

  • CVE-2022-20297Aug 11, 2022
    risk 0.00cvss epss 0.00

    In Settings, there is a possible way to bypass factory reset protections due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:…

  • CVE-2022-38155Aug 11, 2022
    risk 0.00cvss epss 0.01

    TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash.

  • CVE-2022-33720Aug 5, 2022
    risk 0.00cvss epss 0.00

    Improper authentication vulnerability in AppLock prior to SMR Aug-2022 Release 1 allows physical attacker to access Chrome locked by AppLock via new tap shortcut.

  • CVE-2022-33730Aug 5, 2022
    risk 0.00cvss epss 0.00

    Heap-based buffer overflow vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows arbitrary code execution by physical attackers.

  • CVE-2022-33719Aug 5, 2022
    risk 0.00cvss epss 0.00

    Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow.

  • CVE-2022-33724Aug 5, 2022
    risk 0.00cvss epss 0.00

    Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log.

  • CVE-2022-36833Aug 5, 2022
    risk 0.00cvss epss 0.00

    Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in Android 10, and 3.5.04.8 in Android 11 and above allows local attacker to execute hidden function for developer by changing package name.

  • CVE-2022-33726Aug 5, 2022
    risk 0.00cvss epss 0.00

    Unprotected dynamic receiver in Samsung Galaxy Friends prior to SMR Aug-2022 Release 1 allows attacker to launch activity.

  • CVE-2022-33722Aug 5, 2022
    risk 0.00cvss epss 0.00

    Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address.

  • CVE-2022-36839Aug 5, 2022
    risk 0.00cvss epss 0.00

    SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information.

  • CVE-2022-33721Aug 5, 2022
    risk 0.00cvss epss 0.00

    A vulnerability using PendingIntent in DeX for PC prior to SMR Aug-2022 Release 1 allows attackers to access files with system privilege.

  • CVE-2022-33732Aug 5, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Samsung Dex for PC prior to SMR Aug-2022 Release 1 allows local attackers to scan and connect to PC by unprotected binder call.

  • CVE-2022-36832Aug 5, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows attackers to access external storage as Cameralyzer privilege.

  • CVE-2022-33731Aug 5, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in DesktopSystemUI prior to SMR Aug-2022 Release 1 allows attackers to enable and disable arbitrary components.

  • CVE-2022-36840Aug 5, 2022
    risk 0.00cvss epss 0.00

    DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code.

Page 28 of 45