Vulnerabilities > Samsung
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-16 | CVE-2022-40761 | Improper Validation of Specified Quantity in Input vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0 The function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_AllocateOperation with a disturbed heap layout, related to utee_cryp_obj_alloc. | 7.5 |
| 2022-09-16 | CVE-2022-40762 | Allocation of Resources Without Limits or Throttling vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0 A Memory Allocation with Excessive Size Value vulnerablity in the TEE_Realloc function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_Realloc with an excessive number for the parameter len. | 7.5 |
| 2022-09-09 | CVE-2022-36851 | Unspecified vulnerability in Samsung Pass 3.0.02.4/3.7.07.5 Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device. low complexity samsung | 4.6 |
| 2022-09-09 | CVE-2022-36857 | Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data. | 2.4 |
| 2022-09-09 | CVE-2022-36859 | Cross-site Scripting vulnerability in Samsung Smarttagplugin 1.2.156 Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6 allows privileged attackers to trigger a XSS on a victim's devices. | 4.8 |
| 2022-09-09 | CVE-2022-36864 | Unspecified vulnerability in Samsung Email Improper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and execute privileged behavior. | 7.8 |
| 2022-09-09 | CVE-2022-36865 | Unspecified vulnerability in Samsung Group Sharing 10.8.03.2 Improper access control in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to access device information. | 3.3 |
| 2022-09-09 | CVE-2022-36866 | Unspecified vulnerability in Samsung Group Sharing 10.8.03.2 Improper access control vulnerability in Broadcaster in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device. | 3.3 |
| 2022-09-09 | CVE-2022-36867 | Unspecified vulnerability in Samsung Editor Lite Improper access control vulnerability in Editor Lite prior to version 4.0.40.14 allows attackers to access sensitive information. | 5.5 |
| 2022-09-09 | CVE-2022-36869 | Unspecified vulnerability in Samsung Contacts Provider Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the file without permission. | 6.1 |