VYPR

Vendor CVEs

Samsung Pay

All CVEs

30 total · sorted by risk
  • CVE-2022-30710HigJun 7, 2022
    risk 0.55cvss 8.5epss 0.00

    Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.

  • CVE-2022-27836HigApr 11, 2022
    risk 0.55cvss 8.4epss 0.00

    Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. The patch adds proper validation logic to prevent arbitrary…

  • CVE-2022-27827HigApr 11, 2022
    risk 0.55cvss 8.5epss 0.00

    Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.

  • CVE-2022-23428HigFeb 11, 2022
    risk 0.55cvss 8.4epss 0.00

    An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.

  • CVE-2022-27822MedApr 11, 2022
    risk 0.43cvss 6.6epss 0.00

    Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission.

  • CVE-2022-23432MedFeb 11, 2022
    risk 0.42cvss 6.4epss 0.00

    An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.

  • CVE-2022-33718MedAug 5, 2022
    risk 0.40cvss 6.2epss 0.00

    An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data.

  • CVE-2022-33714MedAug 5, 2022
    risk 0.40cvss 6.2epss 0.00

    Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot.

  • CVE-2022-26094MedApr 11, 2022
    risk 0.38cvss 5.9epss 0.01

    Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.

  • CVE-2022-25815MedMar 10, 2022
    risk 0.36cvss 5.5epss 0.00

    PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.

  • CVE-2022-25819MedMar 10, 2022
    risk 0.34cvss 5.3epss 0.00

    OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory.

  • CVE-2022-36872MedSep 9, 2022
    risk 0.33cvss 5.0epss 0.00

    Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.

  • CVE-2022-30731MedJun 7, 2022
    risk 0.33cvss 5.1epss 0.00

    Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application.

  • CVE-2022-36847MedSep 9, 2022
    risk 0.32cvss 4.9epss 0.00

    Use after free vulnerability in mtp_send_signal function of MTP driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions.

  • CVE-2022-30730MedJun 7, 2022
    risk 0.30cvss 4.6epss 0.00

    Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication.

  • CVE-2022-33717MedAug 5, 2022
    risk 0.29cvss 4.4epss 0.00

    A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory.

  • CVE-2022-22286MedJan 10, 2022
    risk 0.29cvss 4.4epss 0.00

    A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0) allows attackers to execute privileged action by hijacking and modifying the intent.

  • CVE-2022-27841MedApr 11, 2022
    risk 0.28cvss 4.3epss 0.00

    Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication

  • CVE-2022-25820MedMar 10, 2022
    risk 0.27cvss 4.2epss 0.00

    A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password.

  • CVE-2022-36854MedSep 9, 2022
    risk 0.26cvss 4.0epss 0.00

    Out of bound read in libapexjni.media.samsung.so prior to SMR Sep-2022 Release 1 allows attacker access unauthorized information.

  • CVE-2022-33722MedAug 5, 2022
    risk 0.26cvss 4.0epss 0.00

    Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address.

  • CVE-2022-30716MedJun 7, 2022
    risk 0.26cvss 4.0epss 0.00

    Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device.

  • CVE-2022-27832MedApr 11, 2022
    risk 0.26cvss 4.0epss 0.00

    Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file.

  • CVE-2022-25822MedMar 10, 2022
    risk 0.26cvss 4.0epss 0.00

    An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash.

  • CVE-2022-22272MedJan 10, 2022
    risk 0.26cvss 4.0epss 0.00

    Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission

  • CVE-2022-36851LowSep 9, 2022
    risk 0.25cvss 3.9epss 0.00

    Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device.

  • CVE-2022-24000LowFeb 11, 2022
    risk 0.25cvss 3.9epss 0.00

    PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent.

  • CVE-2022-36834LowAug 5, 2022
    risk 0.21cvss 3.3epss 0.00

    Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interaction.

  • CVE-2022-30753LowJul 12, 2022
    risk 0.21cvss 3.3epss 0.00

    Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission.

  • CVE-2022-24924LowFeb 11, 2022
    risk 0.14cvss 2.2epss 0.01

    An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission.