Filtered by vendor Samsung
Subscribe
Total
1324 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-21518 | 1 Samsung | 1 Searchwidget | 2023-07-06 | N/A | 7.8 HIGH |
| Improper access control vulnerability in SearchWidget prior to version 3.3 in China models allows untrusted applications to start arbitrary activity. | |||||
| CVE-2021-25354 | 1 Samsung | 1 Internet | 2023-06-30 | 6.8 MEDIUM | 5.3 MEDIUM |
| Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink. | |||||
| CVE-2022-30746 | 1 Samsung | 1 Smartthings | 2023-06-29 | 5.0 MEDIUM | 7.5 HIGH |
| Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API. | |||||
| CVE-2022-30745 | 1 Samsung | 1 Quick Share | 2023-06-28 | 2.1 LOW | 5.5 MEDIUM |
| Improper access control vulnerability in Quick Share prior to version 13.1.2.4 allows attacker to access internal files in Quick Share. | |||||
| CVE-2022-30730 | 1 Samsung | 1 Samsung Pass | 2023-06-28 | 2.1 LOW | 4.6 MEDIUM |
| Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication. | |||||
| CVE-2022-30731 | 1 Samsung | 1 My Files | 2023-06-28 | 2.1 LOW | 5.5 MEDIUM |
| Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application. | |||||
| CVE-2022-28777 | 1 Samsung | 1 Members | 2023-06-28 | 2.1 LOW | 3.3 LOW |
| Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission. | |||||
| CVE-2022-28778 | 1 Samsung | 1 Samsung Security Supporter | 2023-06-28 | 2.1 LOW | 3.3 LOW |
| Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission | |||||
| CVE-2022-28775 | 1 Samsung | 1 Samsung Flow | 2023-06-28 | 2.1 LOW | 3.3 LOW |
| Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission. | |||||
| CVE-2022-28776 | 1 Samsung | 1 Galaxy Store | 2023-06-28 | 4.6 MEDIUM | 7.8 HIGH |
| Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions. | |||||
| CVE-2022-27838 | 1 Samsung | 1 Factorycamera | 2023-06-28 | 7.2 HIGH | 7.8 HIGH |
| Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege. | |||||
| CVE-2022-22288 | 1 Samsung | 1 Galaxy Store | 2023-06-27 | 5.0 MEDIUM | 7.5 HIGH |
| Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist. | |||||
| CVE-2022-23433 | 2 Google, Samsung | 2 Android, Reminder | 2023-06-27 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities remotely. | |||||
| CVE-2022-24932 | 2 Google, Samsung | 2 Android, Cloud | 2023-06-27 | 2.1 LOW | 4.6 MEDIUM |
| Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard. | |||||
| CVE-2022-36859 | 1 Samsung | 1 Smarttagplugin | 2023-06-27 | N/A | 4.8 MEDIUM |
| Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6 allows privileged attackers to trigger a XSS on a victim's devices. | |||||
| CVE-2022-36876 | 1 Samsung | 1 Samsung Pass | 2023-06-27 | N/A | 2.4 LOW |
| Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without authentication. | |||||
| CVE-2022-36857 | 2 Google, Samsung | 2 Android, Photo Editor | 2023-06-27 | N/A | 2.4 LOW |
| Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data. | |||||
| CVE-2022-36832 | 1 Samsung | 1 Cameralyzer | 2023-06-27 | N/A | 3.3 LOW |
| Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows attackers to access external storage as Cameralyzer privilege. | |||||
| CVE-2022-39902 | 1 Samsung | 2 Exynos, Exynos Firmware | 2023-06-27 | N/A | 7.5 HIGH |
| Improper authorization in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to get sensitive information including IMEI via emergency call. | |||||
| CVE-2022-39877 | 2 Google, Samsung | 2 Android, Group Sharing | 2023-06-27 | N/A | 5.3 MEDIUM |
| Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. | |||||