Vulnerabilities > Samsung > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-09-16 | CVE-2022-40758 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0 A Buffer Access with Incorrect Length Value vulnerablity in the TEE_CipherUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_CipherUpdate with an excessive size value of srcLen. | 7.5 |
2022-09-16 | CVE-2022-40759 | NULL Pointer Dereference vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0 A NULL pointer dereference issue in the TEE_MACCompareFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACCompareFinal with a NULL pointer for the parameter operation. | 7.5 |
2022-09-16 | CVE-2022-40760 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0 A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACUpdate with an excessive size value of chunkSize. | 7.5 |
2022-09-16 | CVE-2022-40761 | Improper Validation of Specified Quantity in Input vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0 The function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_AllocateOperation with a disturbed heap layout, related to utee_cryp_obj_alloc. | 7.5 |
2022-09-16 | CVE-2022-40762 | Allocation of Resources Without Limits or Throttling vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0 A Memory Allocation with Excessive Size Value vulnerablity in the TEE_Realloc function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_Realloc with an excessive number for the parameter len. | 7.5 |
2022-09-09 | CVE-2022-36864 | Unspecified vulnerability in Samsung Email Improper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and execute privileged behavior. | 7.8 |
2022-09-09 | CVE-2022-39844 | Improper Validation of Integrity Check Value vulnerability in Samsung Smart Switch PC 4.2.220224 Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083 allows local attackers to delete arbitrary directory using directory junction. | 7.1 |
2022-09-09 | CVE-2022-39845 | Improper Validation of Integrity Check Value vulnerability in Samsung Kies Improper validation of integrity check vulnerability in Samsung Kies prior to version 2.6.4.22074 allows local attackers to delete arbitrary directory using directory junction. | 7.1 |
2022-09-09 | CVE-2022-39846 | Uncontrolled Search Path Element vulnerability in Samsung Smart Switch PC 4.2.220224/4.3.22083 DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22083_3 allows attacker to execute arbitrary code. | 7.8 |
2022-09-08 | CVE-2022-40280 | Missing Release of Resource after Effective Lifetime vulnerability in Samsung Tizenrt An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). | 7.5 |