VYPR

Vendor CVEs

Samsung Mobile

All CVEs

2,204 total · sorted by risk
  • CVE-2022-30752Jul 11, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action.

  • CVE-2022-30751Jul 11, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action.

  • CVE-2022-30750Jul 11, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected.

  • CVE-2022-30749Jun 7, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity.

  • CVE-2022-30748Jun 7, 2022
    risk 0.00cvss epss 0.00

    Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity.

  • CVE-2022-30747Jun 7, 2022
    risk 0.00cvss epss 0.00

    PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent.

  • CVE-2022-30746Jun 7, 2022
    risk 0.00cvss epss 0.01

    Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API.

  • CVE-2022-30744Jun 7, 2022
    risk 0.00cvss epss 0.00

    DLL hijacking vulnerability in KiesWrapper in Samsung Kies prior to version 2.6.4.22043_1 allows attacker to execute arbitrary code.

  • CVE-2022-30743Jun 7, 2022
    risk 0.00cvss epss 0.00

    Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission.

  • CVE-2022-30742Jun 7, 2022
    risk 0.00cvss epss 0.00

    Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permissio to get sim card information through device log.

  • CVE-2022-30741Jun 7, 2022
    risk 0.00cvss epss 0.00

    Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log.

  • CVE-2022-30740Jun 7, 2022
    risk 0.00cvss epss 0.00

    Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers.

  • CVE-2022-30739Jun 7, 2022
    risk 0.00cvss epss 0.00

    Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get an user email or phone number with a normal level permission.

  • CVE-2022-30738Jun 7, 2022
    risk 0.00cvss epss 0.01

    Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script.

  • CVE-2022-30737Jun 7, 2022
    risk 0.00cvss epss 0.01

    Implicit Intent hijacking vulnerability in Samsung Account prior to version 13.2.00.6 allows attackers to get email ID.

  • CVE-2022-30736Jun 7, 2022
    risk 0.00cvss epss 0.00

    Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission.

  • CVE-2022-30735Jun 7, 2022
    risk 0.00cvss epss 0.00

    Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the access_token without permission.

  • CVE-2022-30734Jun 7, 2022
    risk 0.00cvss epss 0.01

    Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission.

  • CVE-2022-30733Jun 7, 2022
    risk 0.00cvss epss 0.01

    Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission.

  • CVE-2022-30732Jun 7, 2022
    risk 0.00cvss epss 0.01

    Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via onActivityResult.

  • CVE-2022-30731Jun 7, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application.

  • CVE-2022-30730Jun 7, 2022
    risk 0.00cvss epss 0.00

    Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication.

  • CVE-2022-30728Jun 7, 2022
    risk 0.00cvss epss 0.00

    Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.

  • CVE-2022-30727Jun 7, 2022
    risk 0.00cvss epss 0.00

    Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space.

  • CVE-2022-30726Jun 7, 2022
    risk 0.00cvss epss 0.00

    Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence.

  • CVE-2022-30725Jun 7, 2022
    risk 0.00cvss epss 0.00

    Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.

  • CVE-2022-30724Jun 7, 2022
    risk 0.00cvss epss 0.00

    Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.

  • CVE-2022-30723Jun 7, 2022
    risk 0.00cvss epss 0.00

    Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.

  • CVE-2022-30722Jun 7, 2022
    risk 0.00cvss epss 0.00

    Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account.

  • CVE-2022-30729Jun 7, 2022
    risk 0.00cvss epss 0.00

    Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner.

  • CVE-2022-30721Jun 7, 2022
    risk 0.00cvss epss 0.00

    Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

  • CVE-2022-30720Jun 7, 2022
    risk 0.00cvss epss 0.00

    Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

  • CVE-2022-30719Jun 7, 2022
    risk 0.00cvss epss 0.00

    Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

  • CVE-2022-30717Jun 7, 2022
    risk 0.00cvss epss 0.00

    Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink.

  • CVE-2022-30716Jun 7, 2022
    risk 0.00cvss epss 0.00

    Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device.

  • CVE-2022-30715Jun 7, 2022
    risk 0.00cvss epss 0.00

    Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window.

  • CVE-2022-30714Jun 7, 2022
    risk 0.00cvss epss 0.00

    Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.

  • CVE-2022-30713Jun 7, 2022
    risk 0.00cvss epss 0.00

    Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.

  • CVE-2022-30712Jun 7, 2022
    risk 0.00cvss epss 0.00

    Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.

  • CVE-2022-30711Jun 7, 2022
    risk 0.00cvss epss 0.00

    Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.

  • CVE-2022-30710Jun 7, 2022
    risk 0.00cvss epss 0.00

    Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.

  • CVE-2022-30709Jun 7, 2022
    risk 0.00cvss epss 0.00

    Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

  • CVE-2022-28794Jun 7, 2022
    risk 0.00cvss epss 0.00

    Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information.

  • CVE-2022-28793May 3, 2022
    risk 0.00cvss epss 0.00

    Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first…

  • CVE-2022-28792May 3, 2022
    risk 0.00cvss epss 0.00

    DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking.

  • CVE-2022-28791May 3, 2022
    risk 0.00cvss epss 0.00

    Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files.

  • CVE-2022-28790May 3, 2022
    risk 0.00cvss epss 0.00

    Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic.

  • CVE-2022-28789May 3, 2022
    risk 0.00cvss epss 0.00

    Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities.

  • CVE-2022-28788May 3, 2022
    risk 0.00cvss epss 0.00

    Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.

  • CVE-2022-28787May 3, 2022
    risk 0.00cvss epss 0.00

    Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.

Page 30 of 45