Vulnerabilities > Samsung > High

DATE CVE VULNERABILITY TITLE RISK
2022-09-16 CVE-2022-40758 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0
A Buffer Access with Incorrect Length Value vulnerablity in the TEE_CipherUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_CipherUpdate with an excessive size value of srcLen.
network
low complexity
samsung CWE-119
7.5
2022-09-16 CVE-2022-40759 NULL Pointer Dereference vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0
A NULL pointer dereference issue in the TEE_MACCompareFinal function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACCompareFinal with a NULL pointer for the parameter operation.
network
low complexity
samsung CWE-476
7.5
2022-09-16 CVE-2022-40760 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0
A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACUpdate with an excessive size value of chunkSize.
network
low complexity
samsung CWE-119
7.5
2022-09-16 CVE-2022-40761 Improper Validation of Specified Quantity in Input vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0
The function tee_obj_free in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_AllocateOperation with a disturbed heap layout, related to utee_cryp_obj_alloc.
network
low complexity
samsung CWE-1284
7.5
2022-09-16 CVE-2022-40762 Allocation of Resources Without Limits or Throttling vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0
A Memory Allocation with Excessive Size Value vulnerablity in the TEE_Realloc function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_Realloc with an excessive number for the parameter len.
network
low complexity
samsung CWE-770
7.5
2022-09-09 CVE-2022-36864 Unspecified vulnerability in Samsung Email
Improper access control and intent redirection in Samsung Email prior to 6.1.70.20 allows attacker to access specific formatted file and execute privileged behavior.
local
low complexity
samsung
7.8
2022-09-09 CVE-2022-39844 Improper Validation of Integrity Check Value vulnerability in Samsung Smart Switch PC 4.2.220224
Improper validation of integrity check vulnerability in Smart Switch PC prior to version 4.3.22083 allows local attackers to delete arbitrary directory using directory junction.
local
low complexity
samsung CWE-354
7.1
2022-09-09 CVE-2022-39845 Improper Validation of Integrity Check Value vulnerability in Samsung Kies
Improper validation of integrity check vulnerability in Samsung Kies prior to version 2.6.4.22074 allows local attackers to delete arbitrary directory using directory junction.
local
low complexity
samsung CWE-354
7.1
2022-09-09 CVE-2022-39846 Uncontrolled Search Path Element vulnerability in Samsung Smart Switch PC 4.2.220224/4.3.22083
DLL hijacking vulnerability in Smart Switch PC prior to version 4.3.22083_3 allows attacker to execute arbitrary code.
local
low complexity
samsung CWE-427
7.8
2022-09-08 CVE-2022-40280 Missing Release of Resource after Effective Lifetime vulnerability in Samsung Tizenrt
An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE).
network
low complexity
samsung CWE-772
7.5