Vulnerabilities > Samsung
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-10 | CVE-2022-22284 | Improper Authentication vulnerability in Samsung Internet Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication | 5.5 |
| 2022-01-10 | CVE-2022-22285 | Code Injection vulnerability in Samsung Reminder 11.6.08.6000/12.2.05.6000/12.3.01.3000 A vulnerability using PendingIntent in Reminder prior to version 12.2.05.0 in Android R(11.0) and 12.3.02.1000 in Android S(12.0) allows attackers to execute privileged action by hijacking and modifying the intent. | 7.1 |
| 2022-01-10 | CVE-2022-22286 | Code Injection vulnerability in Samsung Bixby Routines A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0) allows attackers to execute privileged action by hijacking and modifying the intent. | 7.1 |
| 2022-01-10 | CVE-2022-22287 | Information Exposure vulnerability in Samsung Email Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isolated data in sandbox. | 4.6 |
| 2022-01-10 | CVE-2022-22288 | Unspecified vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4 Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist. | 7.5 |
| 2022-01-10 | CVE-2022-22289 | Improper Authentication vulnerability in Samsung S Assistant Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotely get senstive information. | 5.3 |
| 2022-01-10 | CVE-2020-9061 | Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages. | 6.5 |
| 2021-12-20 | CVE-2021-42913 | Insufficiently Protected Credentials vulnerability in Samsung Syncthru web Service The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. | 7.5 |
| 2021-12-08 | CVE-2021-25520 | Cross-site Scripting vulnerability in Samsung Internet Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet. | 6.1 |
| 2021-12-08 | CVE-2021-25521 | Files or Directories Accessible to External Parties vulnerability in Samsung Internet Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet. | 3.3 |