Vulnerabilities > Samsung

DATE CVE VULNERABILITY TITLE RISK
2021-12-20 CVE-2021-42913 Insufficiently Protected Credentials vulnerability in Samsung Syncthru web Service
The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code.
network
low complexity
samsung CWE-522
7.5
2021-12-08 CVE-2021-25520 Cross-site Scripting vulnerability in Samsung Internet
Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet.
network
samsung CWE-79
4.3
2021-12-08 CVE-2021-25521 Files or Directories Accessible to External Parties vulnerability in Samsung Internet
Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet.
local
low complexity
samsung CWE-552
2.1
2021-12-08 CVE-2021-25522 Insecure Storage of Sensitive Information vulnerability in Samsung Smart Capture
Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 allows attacker to access victim's captured images without permission.
local
low complexity
samsung CWE-922
2.1
2021-12-08 CVE-2021-25523 Insecure Storage of Sensitive Information vulnerability in Samsung Dialer
Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID.
local
low complexity
samsung CWE-922
2.1
2021-12-08 CVE-2021-25524 Insecure Storage of Sensitive Information vulnerability in Samsung Contacts
Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID.
local
low complexity
samsung CWE-922
2.1
2021-12-08 CVE-2021-25525 Improper Check for Unusual or Exceptional Conditions vulnerability in Samsung PAY
Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition.
low complexity
samsung CWE-754
3.3
2021-12-08 CVE-2021-25526 Unspecified vulnerability in Samsung Blockchain Wallet
Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action.
local
low complexity
samsung
2.1
2021-12-08 CVE-2021-25527 Unspecified vulnerability in Samsung PAY
Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication.
local
low complexity
samsung
3.3
2021-11-16 CVE-2021-42114 Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability in their internal Target Row Refresh (TRR) mitigation against Rowhammer attacks. 7.9