Vulnerabilities > Samsung
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-14 | CVE-2022-22290 | Improper Handling of Exceptional Conditions vulnerability in Samsung Internet Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page. | 6.5 |
| 2022-01-10 | CVE-2022-22283 | Insufficient Session Expiration vulnerability in Samsung Health 6.16/6.17/6.19.1.0001 Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging out from Samsung Health App. | 3.3 |
| 2022-01-10 | CVE-2022-22284 | Improper Authentication vulnerability in Samsung Internet Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication | 5.5 |
| 2022-01-10 | CVE-2022-22285 | Code Injection vulnerability in Samsung Reminder 11.6.08.6000/12.2.05.6000/12.3.01.3000 A vulnerability using PendingIntent in Reminder prior to version 12.2.05.0 in Android R(11.0) and 12.3.02.1000 in Android S(12.0) allows attackers to execute privileged action by hijacking and modifying the intent. | 7.1 |
| 2022-01-10 | CVE-2022-22286 | Code Injection vulnerability in Samsung Bixby Routines A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0) allows attackers to execute privileged action by hijacking and modifying the intent. | 7.1 |
| 2022-01-10 | CVE-2022-22287 | Information Exposure vulnerability in Samsung Email Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isolated data in sandbox. | 4.6 |
| 2022-01-10 | CVE-2022-22288 | Unspecified vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4 Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist. | 7.5 |
| 2022-01-10 | CVE-2022-22289 | Improper Authentication vulnerability in Samsung S Assistant Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotely get senstive information. | 5.3 |
| 2022-01-10 | CVE-2020-9061 | Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages. | 6.5 |
| 2021-12-20 | CVE-2021-42913 | Insufficiently Protected Credentials vulnerability in Samsung Syncthru web Service The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. | 7.5 |