Vendor CVEs
Samsung Pay
All CVEs
30 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-30710 | Hig | 0.55 | 8.5 | 0.00 | Jun 7, 2022 | Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. | ||
| CVE-2022-27836 | Hig | 0.55 | 8.4 | 0.00 | Apr 11, 2022 | Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. The patch adds proper validation logic to prevent arbitrary… | ||
| CVE-2022-27827 | Hig | 0.55 | 8.5 | 0.00 | Apr 11, 2022 | Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. | ||
| CVE-2022-23428 | Hig | 0.55 | 8.4 | 0.00 | Feb 11, 2022 | An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. | ||
| CVE-2022-27822 | Med | 0.43 | 6.6 | 0.00 | Apr 11, 2022 | Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission. | ||
| CVE-2022-23432 | Med | 0.42 | 6.4 | 0.00 | Feb 11, 2022 | An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. | ||
| CVE-2022-33718 | Med | 0.40 | 6.2 | 0.00 | Aug 5, 2022 | An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data. | ||
| CVE-2022-33714 | Med | 0.40 | 6.2 | 0.00 | Aug 5, 2022 | Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot. | ||
| CVE-2022-26094 | Med | 0.38 | 5.9 | 0.01 | Apr 11, 2022 | Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker. | ||
| CVE-2022-25815 | Med | 0.36 | 5.5 | 0.00 | Mar 10, 2022 | PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | ||
| CVE-2022-25819 | Med | 0.34 | 5.3 | 0.00 | Mar 10, 2022 | OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory. | ||
| CVE-2022-36872 | Med | 0.33 | 5.0 | 0.00 | Sep 9, 2022 | Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent. | ||
| CVE-2022-30731 | Med | 0.33 | 5.1 | 0.00 | Jun 7, 2022 | Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application. | ||
| CVE-2022-36847 | Med | 0.32 | 4.9 | 0.00 | Sep 9, 2022 | Use after free vulnerability in mtp_send_signal function of MTP driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions. | ||
| CVE-2022-30730 | Med | 0.30 | 4.6 | 0.00 | Jun 7, 2022 | Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication. | ||
| CVE-2022-33717 | Med | 0.29 | 4.4 | 0.00 | Aug 5, 2022 | A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory. | ||
| CVE-2022-22286 | Med | 0.29 | 4.4 | 0.00 | Jan 10, 2022 | A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0) allows attackers to execute privileged action by hijacking and modifying the intent. | ||
| CVE-2022-27841 | Med | 0.28 | 4.3 | 0.00 | Apr 11, 2022 | Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication | ||
| CVE-2022-25820 | Med | 0.27 | 4.2 | 0.00 | Mar 10, 2022 | A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password. | ||
| CVE-2022-36854 | Med | 0.26 | 4.0 | 0.00 | Sep 9, 2022 | Out of bound read in libapexjni.media.samsung.so prior to SMR Sep-2022 Release 1 allows attacker access unauthorized information. | ||
| CVE-2022-33722 | Med | 0.26 | 4.0 | 0.00 | Aug 5, 2022 | Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address. | ||
| CVE-2022-30716 | Med | 0.26 | 4.0 | 0.00 | Jun 7, 2022 | Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device. | ||
| CVE-2022-27832 | Med | 0.26 | 4.0 | 0.00 | Apr 11, 2022 | Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file. | ||
| CVE-2022-25822 | Med | 0.26 | 4.0 | 0.00 | Mar 10, 2022 | An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash. | ||
| CVE-2022-22272 | Med | 0.26 | 4.0 | 0.00 | Jan 10, 2022 | Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission | ||
| CVE-2022-36851 | Low | 0.25 | 3.9 | 0.00 | Sep 9, 2022 | Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device. | ||
| CVE-2022-24000 | Low | 0.25 | 3.9 | 0.00 | Feb 11, 2022 | PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. | ||
| CVE-2022-36834 | Low | 0.21 | 3.3 | 0.00 | Aug 5, 2022 | Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interaction. | ||
| CVE-2022-30753 | Low | 0.21 | 3.3 | 0.00 | Jul 12, 2022 | Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission. | ||
| CVE-2022-24924 | Low | 0.14 | 2.2 | 0.01 | Feb 11, 2022 | An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission. |
- risk 0.55cvss 8.5epss 0.00
Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.
- risk 0.55cvss 8.4epss 0.00
Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. The patch adds proper validation logic to prevent arbitrary…
- risk 0.55cvss 8.5epss 0.00
Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.
- risk 0.55cvss 8.4epss 0.00
An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.
- risk 0.43cvss 6.6epss 0.00
Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission.
- risk 0.42cvss 6.4epss 0.00
An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution.
- risk 0.40cvss 6.2epss 0.00
An improper access control vulnerability in Wi-Fi Service prior to SMR AUG-2022 Release 1 allows untrusted applications to manipulate the list of apps that can use mobile data.
- risk 0.40cvss 6.2epss 0.00
Improper access control vulnerability in SemWifiApBroadcastReceiver prior to SMR Aug-2022 Release 1 allows attacker to reset a setting value related to mobile hotspot.
- risk 0.38cvss 5.9epss 0.01
Null pointer dereference vulnerability in parser_auxC function in libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by remote attacker.
- risk 0.36cvss 5.5epss 0.00
PendingIntent hijacking vulnerability in Weather application prior to SMR Mar-2022 Release 1 allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
- risk 0.34cvss 5.3epss 0.00
OOB read vulnerability in hdcp2 device node prior to SMR Mar-2022 Release 1 allow an attacker to view Kernel stack memory.
- risk 0.33cvss 5.0epss 0.00
Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.
- risk 0.33cvss 5.1epss 0.00
Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application.
- risk 0.32cvss 4.9epss 0.00
Use after free vulnerability in mtp_send_signal function of MTP driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions.
- risk 0.30cvss 4.6epss 0.00
Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication.
- risk 0.29cvss 4.4epss 0.00
A missing input validation before memory read in SEM TA prior to SMR Aug-2022 Release 1 allows local attackers to read out of bound memory.
- risk 0.29cvss 4.4epss 0.00
A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0) allows attackers to execute privileged action by hijacking and modifying the intent.
- risk 0.28cvss 4.3epss 0.00
Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication
- risk 0.27cvss 4.2epss 0.00
A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password.
- risk 0.26cvss 4.0epss 0.00
Out of bound read in libapexjni.media.samsung.so prior to SMR Sep-2022 Release 1 allows attacker access unauthorized information.
- risk 0.26cvss 4.0epss 0.00
Implicit Intent hijacking vulnerability in Smart View prior to SMR Aug-2022 Release 1 allows attacker to access connected device MAC address.
- risk 0.26cvss 4.0epss 0.00
Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device.
- risk 0.26cvss 4.0epss 0.00
Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file.
- risk 0.26cvss 4.0epss 0.00
An use after free vulnerability in sdp driver prior to SMR Mar-2022 Release 1 allows kernel crash.
- risk 0.26cvss 4.0epss 0.00
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission
- risk 0.25cvss 3.9epss 0.00
Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device.
- risk 0.25cvss 3.9epss 0.00
PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent.
- risk 0.21cvss 3.3epss 0.00
Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interaction.
- risk 0.21cvss 3.3epss 0.00
Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission.
- risk 0.14cvss 2.2epss 0.01
An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission.