Vulnerabilities > Samsung

DATE CVE VULNERABILITY TITLE RISK
2022-05-03 CVE-2022-28789 Missing Authorization vulnerability in Samsung Voice Note
Unprotected activities in Voice Note prior to version 21.3.51.11 allows attackers to record voice without user interaction.
local
low complexity
samsung CWE-862
2.1
2022-05-03 CVE-2022-28790 Improper Authentication vulnerability in Samsung Link to Windows Service
Improper authentication in Link to Windows Service prior to version 2.3.04.1 allows attacker to lock the device.
local
low complexity
samsung CWE-287
2.1
2022-05-03 CVE-2022-28791 Improper Input Validation vulnerability in Samsung Galaxy Store 4.5.32.4
Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path.
local
low complexity
samsung CWE-20
2.1
2022-05-03 CVE-2022-28792 Uncontrolled Search Path Element vulnerability in Samsung Gear Iconx PC Manager
DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code.
4.4
2022-05-03 CVE-2022-28793 Improper Check for Unusual or Exceptional Conditions vulnerability in Samsung Galaxy S22 Firmware
Given the TEE is compromised and controlled by the attacker, improper state maintenance in StrongBox allows attackers to change Android ROT during device boot cycle after compromising TEE.
local
low complexity
samsung CWE-754
2.1
2022-04-11 CVE-2022-27838 Incorrect Authorization vulnerability in Samsung Factorycamera
Improper access control vulnerability in FactoryCamera prior to version 2.1.96 allows attacker to access the file with system privilege.
local
low complexity
samsung CWE-863
7.2
2022-04-11 CVE-2022-27839 Improper Authentication vulnerability in Samsung Internet
Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials.
network
samsung CWE-287
4.3
2022-04-11 CVE-2022-27840 Incorrect Default Permissions vulnerability in Samsung Recovery
Improper access control vulnerability in SamsungRecovery prior to version 8.1.43.0 allows local attckers to delete arbitrary files as SamsungRecovery permission.
local
low complexity
samsung CWE-276
3.6
2022-04-11 CVE-2022-27841 Improper Handling of Exceptional Conditions vulnerability in Samsung Pass 3.0.02.4
Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication
1.9
2022-04-11 CVE-2022-27842 Uncontrolled Search Path Element vulnerability in Samsung Smart Switch PC
DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code.
4.4