Vendor CVEs
Samsung Mobile
All CVEs
2,204 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-28786 | 0.00 | — | 0.00 | May 3, 2022 | Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. | |||
| CVE-2022-28785 | 0.00 | — | 0.00 | May 3, 2022 | Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. | |||
| CVE-2022-28784 | 0.00 | — | 0.00 | May 3, 2022 | Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic. | |||
| CVE-2022-28783 | 0.00 | — | 0.00 | May 3, 2022 | Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logic for removing package name. | |||
| CVE-2022-28782 | 0.00 | — | 0.00 | May 3, 2022 | Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability. | |||
| CVE-2022-28781 | 0.00 | — | 0.00 | May 3, 2022 | Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller. | |||
| CVE-2022-28780 | 0.00 | — | 0.00 | May 3, 2022 | Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information. | |||
| CVE-2022-28779 | 0.00 | — | 0.00 | Apr 11, 2022 | Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary code. | |||
| CVE-2022-28778 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission | |||
| CVE-2022-28777 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission. | |||
| CVE-2022-28776 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions. | |||
| CVE-2022-28775 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission. | |||
| CVE-2022-28544 | 0.00 | — | 0.01 | Apr 11, 2022 | Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy store. | |||
| CVE-2022-28542 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission. | |||
| CVE-2022-28543 | 0.00 | — | 0.00 | Apr 11, 2022 | Path traversal vulnerability in Samsung Flow prior to version 4.8.07.4 allows local attackers to read arbitrary files as Samsung Flow permission. | |||
| CVE-2022-28541 | 0.00 | — | 0.00 | Apr 11, 2022 | Uncontrolled search path element vulnerability in Samsung Update prior to version 3.0.77.0 allows attackers to execute arbitrary code as Samsung Update permission. | |||
| CVE-2022-27843 | 0.00 | — | 0.00 | Apr 11, 2022 | DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 allows attacker to execute abitrary code. | |||
| CVE-2022-27842 | 0.00 | — | 0.00 | Apr 11, 2022 | DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code. | |||
| CVE-2022-27841 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication | |||
| CVE-2022-27840 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper access control vulnerability in SamsungRecovery prior to version 8.1.43.0 allows local attckers to delete arbitrary files as SamsungRecovery permission. | |||
| CVE-2022-27839 | 0.00 | — | 0.01 | Apr 11, 2022 | Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials. | |||
| CVE-2022-27838 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege. | |||
| CVE-2022-27837 | 0.00 | — | 0.01 | Apr 11, 2022 | A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0) allows attacker to access the file with system privilege. | |||
| CVE-2022-27836 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. The patch adds proper validation logic to prevent arbitrary… | |||
| CVE-2022-27835 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write. | |||
| CVE-2022-27834 | 0.00 | — | 0.00 | Apr 11, 2022 | Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions. | |||
| CVE-2022-27832 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file. | |||
| CVE-2022-27833 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow. | |||
| CVE-2022-27831 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior to SMR Apr-2022 Release 1 allows attackers to read out of bounds memory. | |||
| CVE-2022-27830 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | |||
| CVE-2022-27829 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | |||
| CVE-2022-27828 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | |||
| CVE-2022-27827 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | |||
| CVE-2022-27826 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | |||
| CVE-2022-27825 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. | |||
| CVE-2022-27824 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file | |||
| CVE-2022-27822 | 0.00 | — | 0.00 | Apr 11, 2022 | Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission. | |||
| CVE-2022-27823 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. | |||
| CVE-2022-27821 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file. | |||
| CVE-2022-27576 | 0.00 | — | 0.00 | Apr 11, 2022 | Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission | |||
| CVE-2022-27575 | 0.00 | — | 0.00 | Apr 11, 2022 | Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission. | |||
| CVE-2022-27573 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers. | |||
| CVE-2022-27574 | 0.00 | — | 0.00 | Apr 11, 2022 | Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker. | |||
| CVE-2022-27572 | 0.00 | — | 0.01 | Apr 11, 2022 | Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers. | |||
| CVE-2022-27571 | 0.00 | — | 0.01 | Apr 11, 2022 | Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | |||
| CVE-2022-27570 | 0.00 | — | 0.01 | Apr 11, 2022 | Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | |||
| CVE-2022-27568 | 0.00 | — | 0.01 | Apr 11, 2022 | Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | |||
| CVE-2022-27569 | 0.00 | — | 0.01 | Apr 11, 2022 | Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. | |||
| CVE-2022-27567 | 0.00 | — | 0.01 | Apr 11, 2022 | Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers. | |||
| CVE-2022-26099 | 0.00 | — | 0.01 | Apr 11, 2022 | Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds read by remote attackers. |
- CVE-2022-28786May 3, 2022risk 0.00cvss —epss 0.00
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
- CVE-2022-28785May 3, 2022risk 0.00cvss —epss 0.00
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic.
- CVE-2022-28784May 3, 2022risk 0.00cvss —epss 0.00
Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic.
- CVE-2022-28783May 3, 2022risk 0.00cvss —epss 0.00
Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logic for removing package name.
- CVE-2022-28782May 3, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability.
- CVE-2022-28781May 3, 2022risk 0.00cvss —epss 0.00
Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller.
- CVE-2022-28780May 3, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information.
- CVE-2022-28779Apr 11, 2022risk 0.00cvss —epss 0.00
Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary code.
- CVE-2022-28778Apr 11, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission
- CVE-2022-28777Apr 11, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission.
- CVE-2022-28776Apr 11, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions.
- CVE-2022-28775Apr 11, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission.
- CVE-2022-28544Apr 11, 2022risk 0.00cvss —epss 0.01
Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy store.
- CVE-2022-28542Apr 11, 2022risk 0.00cvss —epss 0.00
Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission.
- CVE-2022-28543Apr 11, 2022risk 0.00cvss —epss 0.00
Path traversal vulnerability in Samsung Flow prior to version 4.8.07.4 allows local attackers to read arbitrary files as Samsung Flow permission.
- CVE-2022-28541Apr 11, 2022risk 0.00cvss —epss 0.00
Uncontrolled search path element vulnerability in Samsung Update prior to version 3.0.77.0 allows attackers to execute arbitrary code as Samsung Update permission.
- CVE-2022-27843Apr 11, 2022risk 0.00cvss —epss 0.00
DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 allows attacker to execute abitrary code.
- CVE-2022-27842Apr 11, 2022risk 0.00cvss —epss 0.00
DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code.
- CVE-2022-27841Apr 11, 2022risk 0.00cvss —epss 0.00
Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication
- CVE-2022-27840Apr 11, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in SamsungRecovery prior to version 8.1.43.0 allows local attckers to delete arbitrary files as SamsungRecovery permission.
- CVE-2022-27839Apr 11, 2022risk 0.00cvss —epss 0.01
Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials.
- CVE-2022-27838Apr 11, 2022risk 0.00cvss —epss 0.00
Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege.
- CVE-2022-27837Apr 11, 2022risk 0.00cvss —epss 0.01
A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0) allows attacker to access the file with system privilege.
- CVE-2022-27836Apr 11, 2022risk 0.00cvss —epss 0.00
Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. The patch adds proper validation logic to prevent arbitrary…
- CVE-2022-27835Apr 11, 2022risk 0.00cvss —epss 0.00
Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write.
- CVE-2022-27834Apr 11, 2022risk 0.00cvss —epss 0.00
Use after free vulnerability in dsp_context_unload_graph function of DSP driver prior to SMR Apr-2022 Release 1 allows attackers to perform malicious actions.
- CVE-2022-27832Apr 11, 2022risk 0.00cvss —epss 0.00
Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file.
- CVE-2022-27833Apr 11, 2022risk 0.00cvss —epss 0.00
Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow.
- CVE-2022-27831Apr 11, 2022risk 0.00cvss —epss 0.00
Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior to SMR Apr-2022 Release 1 allows attackers to read out of bounds memory.
- CVE-2022-27830Apr 11, 2022risk 0.00cvss —epss 0.00
Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
- CVE-2022-27829Apr 11, 2022risk 0.00cvss —epss 0.00
Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
- CVE-2022-27828Apr 11, 2022risk 0.00cvss —epss 0.00
Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
- CVE-2022-27827Apr 11, 2022risk 0.00cvss —epss 0.00
Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
- CVE-2022-27826Apr 11, 2022risk 0.00cvss —epss 0.00
Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
- CVE-2022-27825Apr 11, 2022risk 0.00cvss —epss 0.00
Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file.
- CVE-2022-27824Apr 11, 2022risk 0.00cvss —epss 0.00
Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file
- CVE-2022-27822Apr 11, 2022risk 0.00cvss —epss 0.00
Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission.
- CVE-2022-27823Apr 11, 2022risk 0.00cvss —epss 0.00
Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file.
- CVE-2022-27821Apr 11, 2022risk 0.00cvss —epss 0.00
Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file.
- CVE-2022-27576Apr 11, 2022risk 0.00cvss —epss 0.00
Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission
- CVE-2022-27575Apr 11, 2022risk 0.00cvss —epss 0.00
Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission.
- CVE-2022-27573Apr 11, 2022risk 0.00cvss —epss 0.00
Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers.
- CVE-2022-27574Apr 11, 2022risk 0.00cvss —epss 0.00
Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker.
- CVE-2022-27572Apr 11, 2022risk 0.00cvss —epss 0.01
Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers.
- CVE-2022-27571Apr 11, 2022risk 0.00cvss —epss 0.01
Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.
- CVE-2022-27570Apr 11, 2022risk 0.00cvss —epss 0.01
Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.
- CVE-2022-27568Apr 11, 2022risk 0.00cvss —epss 0.01
Heap-based buffer overflow vulnerability in parser_iloc function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.
- CVE-2022-27569Apr 11, 2022risk 0.00cvss —epss 0.01
Heap-based buffer overflow vulnerability in parser_infe function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker.
- CVE-2022-27567Apr 11, 2022risk 0.00cvss —epss 0.01
Null pointer dereference vulnerability in parser_hvcC function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attackers.
- CVE-2022-26099Apr 11, 2022risk 0.00cvss —epss 0.01
Null pointer dereference vulnerability in parser_infe function of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds read by remote attackers.
Page 31 of 45