Vulnerabilities > Samsung > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-10-07 CVE-2022-39874 Information Exposure Through Log Files vulnerability in Samsung Account
Sensitive log information leakage vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.
local
low complexity
samsung CWE-532
5.5
2022-10-07 CVE-2022-39875 Unspecified vulnerability in Samsung Account
Improper component protection vulnerability in Samsung Account prior to version 13.5.0 allows attackers to unauthorized logout.
local
low complexity
samsung
4.4
2022-10-07 CVE-2022-39877 Unspecified vulnerability in Samsung Group Sharing 10.8.03.2
Improper access control vulnerability in ProfileSharingAccount in Group Sharing prior to versions 13.0.6.15 in Android S(12), 13.0.6.14 in Android R(11) and below allows attackers to identify the device.
network
low complexity
samsung
5.3
2022-10-07 CVE-2022-39878 Unspecified vulnerability in Samsung Checkout 5.0.53.1
Improper access control vulnerability in Samsung Checkout prior to version 5.0.55.3 allows attackers to access sensitive information via implicit intent broadcast.
local
low complexity
samsung
5.5
2022-09-09 CVE-2022-36851 Unspecified vulnerability in Samsung Pass 3.0.02.4/3.7.07.5
Improper access control vulnerability in Samsung pass prior to version 4.0.03.1 allow physical attackers to access data of Samsung pass on a certain state of an unlocked device.
low complexity
samsung
4.6
2022-09-09 CVE-2022-36859 Cross-site Scripting vulnerability in Samsung Smarttagplugin 1.2.156
Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6 allows privileged attackers to trigger a XSS on a victim's devices.
low complexity
samsung CWE-79
4.8
2022-09-09 CVE-2022-36867 Unspecified vulnerability in Samsung Editor Lite
Improper access control vulnerability in Editor Lite prior to version 4.0.40.14 allows attackers to access sensitive information.
local
low complexity
samsung
5.5
2022-09-09 CVE-2022-36869 Unspecified vulnerability in Samsung Contacts Provider
Improper access control vulnerability in ContactsDumpActivity of?Contacts Provider prior to version 12.7.59 allows attacker to access the file without permission.
local
low complexity
samsung
6.1
2022-09-09 CVE-2022-36870 Unspecified vulnerability in Samsung PAY and Samsung PAY KR
Pending Intent hijacking vulnerability in MTransferNotificationManager in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.
local
low complexity
samsung
6.5
2022-09-09 CVE-2022-36871 Unspecified vulnerability in Samsung PAY and Samsung PAY KR
Pending Intent hijacking vulnerability in NotiCenterUtils in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.
local
low complexity
samsung
6.5