Vulnerabilities > Samsung > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-05 | CVE-2022-39828 | Unspecified vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0 sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service. | 7.5 |
| 2022-09-05 | CVE-2022-39829 | NULL Pointer Dereference vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0 There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new. | 7.5 |
| 2022-09-05 | CVE-2022-39830 | Unspecified vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0 sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service. | 7.5 |
| 2022-09-01 | CVE-2022-36621 | NULL Pointer Dereference vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0 Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject. | 7.5 |
| 2022-09-01 | CVE-2022-36622 | NULL Pointer Dereference vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0 Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1. | 7.5 |
| 2022-08-11 | CVE-2022-38155 | Allocation of Resources Without Limits or Throttling vulnerability in Samsung Mtower 0.1.0/0.2.0/0.3.0 TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash. | 7.5 |
| 2022-08-05 | CVE-2022-36833 | Improper Privilege Management vulnerability in Samsung Gameoptimizingservice Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in Android 10, and 3.5.04.8 in Android 11 and above allows local attacker to execute hidden function for developer by changing package name. | 7.8 |
| 2022-08-05 | CVE-2022-36840 | Uncontrolled Search Path Element vulnerability in Samsung Update DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code. | 7.8 |
| 2022-08-04 | CVE-2022-35858 | Memory Leak vulnerability in Samsung Mtower 0.3.0 The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by invoking the function TEE_PopulateTransientObject with a large number in the parameter attrCount. | 7.8 |
| 2022-07-12 | CVE-2022-33708 | Improper Privilege Management vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4 Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege. | 7.8 |