Samsung Security Vulnerabilities
Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate attackers to bypass the secret mode's authentication.
3.2CVSS
4.2AI Score
0.0004EPSS
Path Traversal vulnerability in Samsung Notes prior to version 4.2.00.22 allows attackers to access local files without permission.
5.4CVSS
5.4AI Score
0.001EPSS
Hijacking vulnerability in Samsung Cloud prior to version 4.7.0.3 allows attackers to intercept when the provider is executed.
7.5CVSS
7.4AI Score
0.002EPSS
Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
7.8CVSS
7.3AI Score
0.0004EPSS
An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account.
8.6CVSS
7.3AI Score
0.002EPSS
Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment.
6.5CVSS
6.5AI Score
0.001EPSS
An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed.
5.3CVSS
5.2AI Score
0.001EPSS
Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attacker to execute privileged action.
7.8CVSS
7.5AI Score
0.0004EPSS
Improper access control of certain port in SmartThings prior to version 1.7.63.6 allows remote temporary denial of service.
5.3CVSS
5.4AI Score
0.001EPSS
Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action.
4CVSS
4.3AI Score
0.0004EPSS
Improper handling of exceptional conditions in Bixby prior to version 3.0.53.02 allows attacker to execute the actions registered by the user.
7.3CVSS
7.2AI Score
0.001EPSS
Using unsafe PendingIntent in Samsung Account in versions 10.8.0.4 in Android P(9.0) and below, and 12.1.1.3 in Android Q(10.0) and above allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent.
7.8CVSS
7.2AI Score
0.0004EPSS
Intent redirection vulnerability in Bixby Voice prior to version 3.1.12 allows attacker to access contacts.
3.3CVSS
4.1AI Score
0.0004EPSS
Improper configuration in Smart Manager prior to version 11.0.05.0 allows attacker to access the file with system privilege.
7.1CVSS
6.8AI Score
0.0004EPSS
Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action.
7.8CVSS
7.6AI Score
0.0004EPSS
Intent redirection vulnerability in Samsung Health prior to version 6.16 allows attacker to execute privileged action.
7.8CVSS
7.6AI Score
0.0004EPSS
Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information.
3.3CVSS
4.1AI Score
0.0004EPSS
Intent redirection vulnerability in Samsung Account prior to version 10.8.0.4 in Android P(9.0) and below, and 12.2.0.9 in Android Q(10.0) and above allows attacker to access contacts and file provider using SettingWebView component.
3.3CVSS
4.1AI Score
0.0004EPSS
Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log.
3.3CVSS
4AI Score
0.0004EPSS
An improper access control vulnerability in ScreenOffActivity in Samsung Notes prior to version 4.2.04.27 allows untrusted applications to access local files.
5.5CVSS
5.4AI Score
0.0004EPSS
Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information.
6.5CVSS
6.3AI Score
0.001EPSS
Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition.
7.8CVSS
7.8AI Score
0.0004EPSS
Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link.
6.5CVSS
6.4AI Score
0.001EPSS
Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.
5.5CVSS
5.5AI Score
0.0004EPSS
Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.
5.5CVSS
5.5AI Score
0.0004EPSS
Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log.
5.5CVSS
5.4AI Score
0.0004EPSS
Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log.
5.5CVSS
5.5AI Score
0.0004EPSS
Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness.
8.8CVSS
8.6AI Score
0.001EPSS
Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component.
5.3CVSS
5.1AI Score
0.001EPSS
Improper access control vulnerability in Cameralyzer prior to versions 3.2.1041 in 3.2.x, 3.3.1040 in 3.3.x, and 3.4.4210 in 3.4.x allows untrusted applications to access some functions of Cameralyzer.
5.5CVSS
5.5AI Score
0.0004EPSS
Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data.
3.3CVSS
4.1AI Score
0.0004EPSS
Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview.
7.8CVSS
7.3AI Score
0.0004EPSS
Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview.
3.3CVSS
4.3AI Score
0.0004EPSS
Improper access control vulnerability in FactoryCameraFB prior to version 3.4.74 allows untrusted applications to access arbitrary files with an escalated privilege.
7.8CVSS
7.6AI Score
0.0004EPSS
Improper input validation vulnerability in AR Emoji Editor prior to version 4.4.03.5 in Android Q(10.0) and above allows untrusted applications to access arbitrary files with an escalated privilege.
7.8CVSS
7.4AI Score
0.0004EPSS
Improper MDM policy management vulnerability in KME module prior to KCS version 1.39 allows MDM users to bypass Knox Manage authentication.
7.5CVSS
7.4AI Score
0.001EPSS
Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted application to access internal files in Samsung Internet.
5.3CVSS
5.2AI Score
0.001EPSS
Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview.
5.3CVSS
5.4AI Score
0.001EPSS
Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview.
5.3CVSS
5.2AI Score
0.001EPSS
Improper access control vulnerability in Smart Touch Call prior to version 1.0.0.5 allows arbitrary webpage loading in webview.
5.3CVSS
5.3AI Score
0.001EPSS
Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview.
4CVSS
4.3AI Score
0.0004EPSS
An improper file management vulnerability in SamsungCapture prior to version 4.8.02 allows sensitive information leak.
5.5CVSS
5.3AI Score
0.0004EPSS
An improper scheme check vulnerability in Samsung Themes prior to version 5.2.01 allows attackers to perform Man-in-the-middle attack.
7CVSS
6.8AI Score
0.0004EPSS
Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token.
6.5CVSS
5.7AI Score
0.001EPSS
Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read.
7.3CVSS
6.9AI Score
0.0004EPSS
Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read
7.1CVSS
6.9AI Score
0.0004EPSS
A possible buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution.
7.8CVSS
8AI Score
0.0004EPSS
A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution.
7.8CVSS
8AI Score
0.0004EPSS
A possible buffer overflow vulnerability in maetd_dec_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution.
7.8CVSS
8AI Score
0.0004EPSS
A possible buffer overflow vulnerability in maetd_cpy_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution.
7.8CVSS
8AI Score
0.0004EPSS