Samsung Mobile Security Vulnerabilities
An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code...
6.7CVSS
6.8AI Score
0.0004EPSS
Information Exposure vulnerability in Galaxy S3 Plugin prior to version 2.2.03.22012751 allows attacker to access password information of connected WiFiAp in the...
3.3CVSS
4.1AI Score
0.0004EPSS
Information Exposure vulnerability in Watch Active Plugin prior to version 2.2.07.22012751 allows attacker to access password information of connected WiFiAp in the...
3.3CVSS
4.1AI Score
0.0004EPSS
Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.22012751 allows attacker to access password information of connected WiFiAp in the...
3.3CVSS
4.1AI Score
0.0004EPSS
Information Exposure vulnerability in Galaxy Watch3 Plugin prior to version 2.2.09.22012751 allows attacker to access password information of connected WiFiAp in the...
3.3CVSS
4.1AI Score
0.0004EPSS
Information Exposure vulnerability in Galaxy Watch Plugin prior to version 2.2.05.220126741 allows attackers to access user information in...
3.3CVSS
3.9AI Score
0.0004EPSS
Information Exposure vulnerability in Watch Active2 Plugin prior to version 2.2.08.22012751 allows attacker to access password information of connected WiFiAp in the...
3.3CVSS
4.1AI Score
0.0004EPSS
Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access...
3.3CVSS
3.9AI Score
0.0004EPSS
Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary...
9.8CVSS
9.6AI Score
0.002EPSS
Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific...
6.8CVSS
6.4AI Score
0.001EPSS
Improper access control vulnerability in SearchWidget prior to version 3.3 in China models allows untrusted applications to start arbitrary...
7.8CVSS
7.6AI Score
0.0004EPSS
Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious...
5.3CVSS
5.3AI Score
0.001EPSS
Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface...
7.5CVSS
7.3AI Score
0.001EPSS
Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One...
5.5CVSS
5.4AI Score
0.0004EPSS
Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory...
6.2CVSS
5.3AI Score
0.0004EPSS
Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attackers to change preferred network type by unprotected binder...
6.2CVSS
4AI Score
0.0004EPSS
Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter...
4.4CVSS
4.2AI Score
0.0004EPSS
Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user...
7.8CVSS
7.5AI Score
0.0004EPSS
Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE...
4.3CVSS
4.2AI Score
0.0004EPSS
Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without...
4.6CVSS
4.5AI Score
0.001EPSS
Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files...
5.5CVSS
5.5AI Score
0.0004EPSS
Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow...
5.1CVSS
4.1AI Score
0.0004EPSS
Improper access control vulnerability in Quick Share prior to version 13.1.2.4 allows attacker to access internal files in Quick...
5.5CVSS
5.4AI Score
0.0004EPSS
Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system...
7.8CVSS
7.5AI Score
0.0004EPSS
Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert...
5.3CVSS
5.2AI Score
0.001EPSS
Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the...
4.6CVSS
4.5AI Score
0.0005EPSS
Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup...
4.6CVSS
4.5AI Score
0.0004EPSS
Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory...
7.8CVSS
7.5AI Score
0.0005EPSS
Improper access control vulnerability in GedSamsungAccount.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit...
7.5CVSS
7.3AI Score
0.001EPSS
Improper access control vulnerability in ContentsSharingActivity.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit...
7.5CVSS
7.3AI Score
0.001EPSS
Improper access control vulnerability in CameraTestActivity in FactoryCameraFB prior to version 3.5.51 allows attackers to access broadcasting Intent as system uid...
7.3CVSS
5.5AI Score
0.0004EPSS
Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the...
7.5CVSS
7.5AI Score
0.001EPSS
Improper access control vulnerability in WebApp in Cameralyzer prior to versions 3.2.22, 3.3.22, 3.4.22 and 3.5.51 allows attackers to access external storage as Cameralyzer...
4CVSS
4.2AI Score
0.0004EPSS
Improper authorization in UPI payment in Samsung Pass prior to version 4.0.04.10 allows physical attackers to access account list without...
2.4CVSS
3.9AI Score
0.0005EPSS
Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6 allows privileged attackers to trigger a XSS on a victim's...
5.7CVSS
4.8AI Score
0.0004EPSS
Improper access control vulnerability in RegisteredEventMediator.kt SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via implicit...
7.5CVSS
7.3AI Score
0.001EPSS
Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit...
4.4CVSS
4AI Score
0.0005EPSS
Improper access control vulnerability in WifiSetupLaunchHelper in SmartThings prior to version 1.7.89.25 allows attackers to access sensitive information via implicit...
7.5CVSS
7.3AI Score
0.001EPSS
Improper authorization in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to get sensitive information including IMEI via emergency...
7.5CVSS
7.3AI Score
0.001EPSS
Improper access control vulnerability in cloudNotificationManager.java SmartThings prior to version 1.7.89.0 allows attackers to access sensitive information via SHOW_PERSISTENT_BANNER...
7.5CVSS
7.3AI Score
0.001EPSS
Improper authorization in Dynamic Lockscreen prior to SMR Sep-2022 Release 1 in Android R(11) and 3.3.03.66 in Android S(12) allows unauthorized use of javascript interface...
9.8CVSS
9AI Score
0.001EPSS
An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code...
Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities...
5.3CVSS
5.3AI Score
0.001EPSS
Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application...
2.4CVSS
3.7AI Score
0.0004EPSS
Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the...
5.3CVSS
5.1AI Score
0.001EPSS
Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without...
5.3CVSS
3.9AI Score
0.0004EPSS
Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user...
4CVSS
4.2AI Score
0.0004EPSS
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE...
4CVSS
4.1AI Score
0.0004EPSS
Improper Authorization vulnerability in Video Editor prior to SMR Sep-2022 Release 1 allows local attacker to access internal application...
3.3CVSS
3.9AI Score
0.0004EPSS
Improper Authorization vulnerability in setDualDARPolicyCmd prior to SMR Sep-2022 Release 1 allows local attackers to cause local permanent denial of...
5.5CVSS
5.3AI Score
0.0004EPSS