Vulnerabilities > Samsung > High

DATE CVE VULNERABILITY TITLE RISK
2022-07-12 CVE-2022-33708 Improper Privilege Management vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4
Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.
local
low complexity
samsung CWE-269
7.8
2022-07-12 CVE-2022-33709 Improper Privilege Management vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4
Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.
local
low complexity
samsung CWE-269
7.8
2022-07-12 CVE-2022-33710 Improper Privilege Management vulnerability in Samsung Galaxy Store 4.5.32.4/4.5.36.4
Improper input validation vulnerability in BillingPackageInsraller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.
local
low complexity
samsung CWE-269
7.8
2022-07-12 CVE-2022-33713 Unspecified vulnerability in Samsung Cloud 4.7.0.3/5.1.0.8
Implicit Intent hijacking vulnerability in Samsung Cloud prior to version 5.2.0 allows attacker to get sensitive information.
network
low complexity
samsung
7.5
2022-06-07 CVE-2022-30732 Exposure of Resource to Wrong Sphere vulnerability in Samsung Account
Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via onActivityResult.
network
low complexity
samsung CWE-668
7.5
2022-06-07 CVE-2022-30735 Improper Privilege Management vulnerability in Samsung Account
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get the access_token without permission.
network
low complexity
samsung CWE-269
7.5
2022-06-07 CVE-2022-30744 Uncontrolled Search Path Element vulnerability in Samsung Kies
DLL hijacking vulnerability in KiesWrapper in Samsung Kies prior to version 2.6.4.22043_1 allows attacker to execute arbitrary code.
local
low complexity
samsung CWE-427
7.8
2022-06-07 CVE-2022-30746 Missing Authorization vulnerability in Samsung Smartthings 1.7.73.22
Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API.
network
low complexity
samsung CWE-862
7.5
2022-06-07 CVE-2022-30749 Improper Authentication vulnerability in Samsung Smartthings 1.7.73.22/1.7.85.12
Improper access control vulnerability in Smart Things prior to 1.7.85.25 allows local attackers to add arbitrary smart devices by bypassing login activity.
local
low complexity
samsung CWE-287
7.8
2022-05-03 CVE-2022-28792 Uncontrolled Search Path Element vulnerability in Samsung Gear Iconx PC Manager
DLL hijacking vulnerability in Gear IconX PC Manager prior to version 2.1.220405.51 allows attacker to execute arbitrary code.
local
low complexity
samsung CWE-427
7.8