Vulnerabilities > Samsung > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-09-09 CVE-2022-36872 Unspecified vulnerability in Samsung PAY and Samsung PAY KR
Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.
local
low complexity
samsung
6.5
2022-09-09 CVE-2022-36873 Unspecified vulnerability in Samsung Galaxy Watch Plugin 2.2.05.21033151/2.2.05.220126741/2.2.05.22012751
Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLinker of?Waterplugin prior to version 2.2.11.22081151 leaks MAC address of the connected Bluetooth device.
low complexity
samsung
6.5
2022-09-09 CVE-2022-36874 Improper Handling of Exceptional Conditions vulnerability in Samsung Galaxy Watch Plugin 2.2.05.21033151/2.2.05.220126741/2.2.05.22012751
Improper Handling of Insufficient Permissions or Privileges vulnerability in Waterplugin prior to 2.2.11.22040751 allows attacker to access device IMEI and Serial number.
local
low complexity
samsung CWE-755
6.2
2022-09-09 CVE-2022-36875 Unspecified vulnerability in Samsung Galaxy Watch Plugin 2.2.05.21033151/2.2.05.220126741/2.2.05.22012751
Improper restriction of broadcasting Intent in SaWebViewRelayActivity of?Waterplugin prior to version 2.2.11.22081151 allows attacker to access the file without permission.
local
low complexity
samsung
5.5
2022-08-05 CVE-2022-33734 Unspecified vulnerability in Samsung Charm
Sensitive information exposure in onCharacteristicChanged in Charm by Samsung prior to version 1.2.3 allows attacker to get bluetooth connection information without permission.
local
low complexity
samsung
5.5
2022-08-05 CVE-2022-36829 Unspecified vulnerability in Samsung Charm Firmware
PendingIntent hijacking vulnerability in releaseAlarm in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent.
local
low complexity
samsung
5.5
2022-08-05 CVE-2022-36830 Unspecified vulnerability in Samsung Charm Firmware
PendingIntent hijacking vulnerability in cancelAlarmManager in Charm by Samsung prior to version 1.2.3 allows local attackers to access files without permission via implicit intent.
local
low complexity
samsung
5.5
2022-08-05 CVE-2022-36831 Path Traversal vulnerability in Samsung Notes
Path traversal vulnerability in UriFileUtils of Samsung Notes prior to version 4.3.14.39 allows attacker to access some file as Samsung Notes permission.
local
low complexity
samsung CWE-22
5.5
2022-08-05 CVE-2022-36834 Information Exposure vulnerability in Samsung Game Launcher
Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interaction.
local
low complexity
samsung CWE-200
5.0
2022-08-05 CVE-2022-36836 Missing Authorization vulnerability in Samsung Charm Firmware
Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to read connection state without permission.
local
low complexity
samsung CWE-862
5.5