Vendor CVEs
Samsung Mobile
All CVEs
2,204 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-30752 | 0.00 | — | 0.00 | Jul 11, 2022 | Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action. | |||
| CVE-2022-30751 | 0.00 | — | 0.00 | Jul 11, 2022 | Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action. | |||
| CVE-2022-30750 | 0.00 | — | 0.00 | Jul 11, 2022 | Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected. | |||
| CVE-2022-30749 | 0.00 | — | 0.00 | Jun 7, 2022 | Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity. | |||
| CVE-2022-30748 | 0.00 | — | 0.00 | Jun 7, 2022 | Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity. | |||
| CVE-2022-30747 | 0.00 | — | 0.00 | Jun 7, 2022 | PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent. | |||
| CVE-2022-30746 | 0.00 | — | 0.01 | Jun 7, 2022 | Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API. | |||
| CVE-2022-30744 | 0.00 | — | 0.00 | Jun 7, 2022 | DLL hijacking vulnerability in KiesWrapper in Samsung Kies prior to version 2.6.4.22043_1 allows attacker to execute arbitrary code. | |||
| CVE-2022-30743 | 0.00 | — | 0.00 | Jun 7, 2022 | Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission. | |||
| CVE-2022-30742 | 0.00 | — | 0.00 | Jun 7, 2022 | Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permissio to get sim card information through device log. | |||
| CVE-2022-30741 | 0.00 | — | 0.00 | Jun 7, 2022 | Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log. | |||
| CVE-2022-30740 | 0.00 | — | 0.00 | Jun 7, 2022 | Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers. | |||
| CVE-2022-30739 | 0.00 | — | 0.00 | Jun 7, 2022 | Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get an user email or phone number with a normal level permission. | |||
| CVE-2022-30738 | 0.00 | — | 0.01 | Jun 7, 2022 | Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script. | |||
| CVE-2022-30737 | 0.00 | — | 0.01 | Jun 7, 2022 | Implicit Intent hijacking vulnerability in Samsung Account prior to version 13.2.00.6 allows attackers to get email ID. | |||
| CVE-2022-30736 | 0.00 | — | 0.00 | Jun 7, 2022 | Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission. | |||
| CVE-2022-30735 | 0.00 | — | 0.00 | Jun 7, 2022 | Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the access_token without permission. | |||
| CVE-2022-30734 | 0.00 | — | 0.01 | Jun 7, 2022 | Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. | |||
| CVE-2022-30733 | 0.00 | — | 0.01 | Jun 7, 2022 | Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission. | |||
| CVE-2022-30732 | 0.00 | — | 0.01 | Jun 7, 2022 | Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via onActivityResult. | |||
| CVE-2022-30731 | 0.00 | — | 0.00 | Jun 7, 2022 | Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application. | |||
| CVE-2022-30730 | 0.00 | — | 0.00 | Jun 7, 2022 | Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication. | |||
| CVE-2022-30728 | 0.00 | — | 0.00 | Jun 7, 2022 | Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. | |||
| CVE-2022-30727 | 0.00 | — | 0.00 | Jun 7, 2022 | Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space. | |||
| CVE-2022-30726 | 0.00 | — | 0.00 | Jun 7, 2022 | Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence. | |||
| CVE-2022-30725 | 0.00 | — | 0.00 | Jun 7, 2022 | Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. | |||
| CVE-2022-30724 | 0.00 | — | 0.00 | Jun 7, 2022 | Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. | |||
| CVE-2022-30723 | 0.00 | — | 0.00 | Jun 7, 2022 | Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. | |||
| CVE-2022-30722 | 0.00 | — | 0.00 | Jun 7, 2022 | Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account. | |||
| CVE-2022-30729 | 0.00 | — | 0.00 | Jun 7, 2022 | Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner. | |||
| CVE-2022-30721 | 0.00 | — | 0.00 | Jun 7, 2022 | Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. | |||
| CVE-2022-30720 | 0.00 | — | 0.00 | Jun 7, 2022 | Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. | |||
| CVE-2022-30719 | 0.00 | — | 0.00 | Jun 7, 2022 | Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. | |||
| CVE-2022-30717 | 0.00 | — | 0.00 | Jun 7, 2022 | Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink. | |||
| CVE-2022-30716 | 0.00 | — | 0.00 | Jun 7, 2022 | Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device. | |||
| CVE-2022-30715 | 0.00 | — | 0.00 | Jun 7, 2022 | Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window. | |||
| CVE-2022-30714 | 0.00 | — | 0.00 | Jun 7, 2022 | Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. | |||
| CVE-2022-30713 | 0.00 | — | 0.00 | Jun 7, 2022 | Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | |||
| CVE-2022-30712 | 0.00 | — | 0.00 | Jun 7, 2022 | Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | |||
| CVE-2022-30711 | 0.00 | — | 0.00 | Jun 7, 2022 | Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | |||
| CVE-2022-30710 | 0.00 | — | 0.00 | Jun 7, 2022 | Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | |||
| CVE-2022-30709 | 0.00 | — | 0.00 | Jun 7, 2022 | Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. | |||
| CVE-2022-28794 | 0.00 | — | 0.00 | Jun 7, 2022 | Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information. | |||
| CVE-2022-28793 | 0.00 | — | 0.00 | May 3, 2022 | Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first… | |||
| CVE-2022-28792 | 0.00 | — | 0.00 | May 3, 2022 | DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking. | |||
| CVE-2022-28791 | 0.00 | — | 0.00 | May 3, 2022 | Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files. | |||
| CVE-2022-28790 | 0.00 | — | 0.00 | May 3, 2022 | Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic. | |||
| CVE-2022-28789 | 0.00 | — | 0.00 | May 3, 2022 | Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities. | |||
| CVE-2022-28788 | 0.00 | — | 0.00 | May 3, 2022 | Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. | |||
| CVE-2022-28787 | 0.00 | — | 0.00 | May 3, 2022 | Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. |
- CVE-2022-30752Jul 11, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action.
- CVE-2022-30751Jul 11, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action.
- CVE-2022-30750Jul 11, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected.
- CVE-2022-30749Jun 7, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity.
- CVE-2022-30748Jun 7, 2022risk 0.00cvss —epss 0.00
Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity.
- CVE-2022-30747Jun 7, 2022risk 0.00cvss —epss 0.00
PendingIntent hijacking vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to access files without permission via implicit Intent.
- CVE-2022-30746Jun 7, 2022risk 0.00cvss —epss 0.01
Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API.
- CVE-2022-30744Jun 7, 2022risk 0.00cvss —epss 0.00
DLL hijacking vulnerability in KiesWrapper in Samsung Kies prior to version 2.6.4.22043_1 allows attacker to execute arbitrary code.
- CVE-2022-30743Jun 7, 2022risk 0.00cvss —epss 0.00
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission.
- CVE-2022-30742Jun 7, 2022risk 0.00cvss —epss 0.00
Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permissio to get sim card information through device log.
- CVE-2022-30741Jun 7, 2022risk 0.00cvss —epss 0.00
Sensitive information exposure vulnerability in SimChangeAlertManger of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permission to get sim card information through device log.
- CVE-2022-30740Jun 7, 2022risk 0.00cvss —epss 0.00
Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers.
- CVE-2022-30739Jun 7, 2022risk 0.00cvss —epss 0.00
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get an user email or phone number with a normal level permission.
- CVE-2022-30738Jun 7, 2022risk 0.00cvss —epss 0.01
Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script.
- CVE-2022-30737Jun 7, 2022risk 0.00cvss —epss 0.01
Implicit Intent hijacking vulnerability in Samsung Account prior to version 13.2.00.6 allows attackers to get email ID.
- CVE-2022-30736Jun 7, 2022risk 0.00cvss —epss 0.00
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the data of contact and gallery without permission.
- CVE-2022-30735Jun 7, 2022risk 0.00cvss —epss 0.00
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the access_token without permission.
- CVE-2022-30734Jun 7, 2022risk 0.00cvss —epss 0.01
Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission.
- CVE-2022-30733Jun 7, 2022risk 0.00cvss —epss 0.01
Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission.
- CVE-2022-30732Jun 7, 2022risk 0.00cvss —epss 0.01
Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via onActivityResult.
- CVE-2022-30731Jun 7, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application.
- CVE-2022-30730Jun 7, 2022risk 0.00cvss —epss 0.00
Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication.
- CVE-2022-30728Jun 7, 2022risk 0.00cvss —epss 0.00
Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.
- CVE-2022-30727Jun 7, 2022risk 0.00cvss —epss 0.00
Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space.
- CVE-2022-30726Jun 7, 2022risk 0.00cvss —epss 0.00
Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence.
- CVE-2022-30725Jun 7, 2022risk 0.00cvss —epss 0.00
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
- CVE-2022-30724Jun 7, 2022risk 0.00cvss —epss 0.00
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
- CVE-2022-30723Jun 7, 2022risk 0.00cvss —epss 0.00
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.
- CVE-2022-30722Jun 7, 2022risk 0.00cvss —epss 0.00
Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account.
- CVE-2022-30729Jun 7, 2022risk 0.00cvss —epss 0.00
Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner.
- CVE-2022-30721Jun 7, 2022risk 0.00cvss —epss 0.00
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
- CVE-2022-30720Jun 7, 2022risk 0.00cvss —epss 0.00
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
- CVE-2022-30719Jun 7, 2022risk 0.00cvss —epss 0.00
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
- CVE-2022-30717Jun 7, 2022risk 0.00cvss —epss 0.00
Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink.
- CVE-2022-30716Jun 7, 2022risk 0.00cvss —epss 0.00
Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device.
- CVE-2022-30715Jun 7, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window.
- CVE-2022-30714Jun 7, 2022risk 0.00cvss —epss 0.00
Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.
- CVE-2022-30713Jun 7, 2022risk 0.00cvss —epss 0.00
Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.
- CVE-2022-30712Jun 7, 2022risk 0.00cvss —epss 0.00
Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.
- CVE-2022-30711Jun 7, 2022risk 0.00cvss —epss 0.00
Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.
- CVE-2022-30710Jun 7, 2022risk 0.00cvss —epss 0.00
Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.
- CVE-2022-30709Jun 7, 2022risk 0.00cvss —epss 0.00
Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.
- CVE-2022-28794Jun 7, 2022risk 0.00cvss —epss 0.00
Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information.
- CVE-2022-28793May 3, 2022risk 0.00cvss —epss 0.00
Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE. The patch is applied in Galaxy S22 to prevent change of Android ROT after first…
- CVE-2022-28792May 3, 2022risk 0.00cvss —epss 0.00
DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code. The patch adds proper absolute path to prevent dll hijacking.
- CVE-2022-28791May 3, 2022risk 0.00cvss —epss 0.00
Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files.
- CVE-2022-28790May 3, 2022risk 0.00cvss —epss 0.00
Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device. The patch adds proper caller signature check logic.
- CVE-2022-28789May 3, 2022risk 0.00cvss —epss 0.00
Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction. The patch adds proper permission for vulnerable activities.
- CVE-2022-28788May 3, 2022risk 0.00cvss —epss 0.00
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
- CVE-2022-28787May 3, 2022risk 0.00cvss —epss 0.00
Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
Page 30 of 45