Vulnerabilities > Samsung > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-11 | CVE-2022-24003 | Unspecified vulnerability in Samsung Bixby Vision Exposure of Sensitive Information vulnerability in Bixby Vision prior to version 3.7.50.6 allows attackers to access internal data of Bixby Vision via unprotected intent. | 5.3 |
| 2022-02-11 | CVE-2022-24924 | Unspecified vulnerability in Samsung Livewallpaperservice An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission. | 5.3 |
| 2022-02-11 | CVE-2022-24926 | Cross-site Scripting vulnerability in Samsung Smarttagplugin Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.15-6 allows privileged attackers to trigger a XSS on a victim's devices. | 5.4 |
| 2022-01-14 | CVE-2022-22290 | Improper Handling of Exceptional Conditions vulnerability in Samsung Internet Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page. | 6.5 |
| 2022-01-10 | CVE-2022-22284 | Improper Authentication vulnerability in Samsung Internet Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication | 5.5 |
| 2022-01-10 | CVE-2022-22287 | Information Exposure vulnerability in Samsung Email Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isolated data in sandbox. | 4.6 |
| 2022-01-10 | CVE-2022-22289 | Improper Authentication vulnerability in Samsung S Assistant Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotely get senstive information. | 5.3 |
| 2022-01-10 | CVE-2020-9061 | Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages. | 6.5 |
| 2021-12-08 | CVE-2021-25520 | Cross-site Scripting vulnerability in Samsung Internet Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet. | 6.1 |
| 2021-12-08 | CVE-2021-25525 | Improper Check for Unusual or Exceptional Conditions vulnerability in Samsung PAY Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition. | 6.5 |