Improper authorization in SDP SDK prior to SMR JUN-2021 Release 1 allows access to internal storage.
Implicit Intent hijacking vulnerability in Samsung Cloud prior to version 5.2.0 allows attacker to get sensitive information.
Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted application to access internal files in Samsung Internet.
Information disclosure vulnerability in Edge Panel prior to Android S(12) allows physical attackers to access screenshot in clipboard via Edge Panel.
Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isolated data in sandbox.
Exposure of Sensitive Information to an Unauthorized Actor in Samsung Galaxy SmartTag2 prior to 0.20.04 allows attackes to potentially identify the tag's location by scanning the BLE adversting.
Improper privilege management vulnerability in PhoneStatusBarPolicy in System UI prior to SMR Mar-2023 Release 1 allows attacker to turn off Do not disturb via unprotected intent.
Improper access control vulnerability in Call application prior to SMR Mar-2023 Release 1 allows local attackers to access sensitive information without proper permission.
Improper Knox ID validation logic in notification framework prior to SMR Jun-2023 Release 1 allows local attackers to read work profile notifications without proper access permission.
Improper privilege management vulnerability in CC Mode prior to SMR Jun-2023 Release 1 allows physical attackers to manipulate device to operate in way that results in unexpected behavior in CC Mode under specific condition.
Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN.
Exposure of Sensitive Information vulnerability in Fingerprint TA prior to SMR Feb-2023 Release 1 allows attackers to access the memory address information via log.
An issue was discovered in Samsung Magician 8.0.0 on macOS. Because it is possible to tamper with the directory and executable files used during the installation process, an attacker can escalate privileges through arbitrary code execution. (The attacker must already have user privileges, and an administrator password must be entered during the program installation stage for privilege escalation.)
A vulnerability was discovered in Samsung Mobile Processors Exynos 1280, Exynos 2200, Exynos 1330, Exynos 1380, and Exynos 2400 where they do not properly check the length of the data, which can lead to a Information disclosure.
Exposure of Sensitive Information vulnerability in kernel prior to SMR Dec-2022 Release 1 allows attackers to access the kernel address information via log.
Implicit intent hijacking vulnerability in UPHelper library prior to version 3.0.12 allows attackers to access sensitive information via implicit intent.
Exposure of sensitive information in AT_Distributor prior to SMR Oct-2022 Release 1 allows local attacker to access SerialNo via log.
Exposure of Sensitive Information vulnerability in Samsung Settings prior to SMR Dec-2022 Release 1 allows local attackers to access the Network Access Identifier via log.
Exposure of Sensitive Information to an Unauthorized Actor in Persona Manager prior to Android T(13) allows local attacker to access user profiles information.
Improper access control vulnerability in imsservice application prior to SMR Oct-2022 Release 1 allows local attackers to access call information.
Custom permission misuse vulnerability in SystemUI prior to SMR Sep-2022 Release 1 allows attacker to use some protected functions with SystemUI privilege.
Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allows attackers to access arbitrary files.
Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interaction.
Exposure of sensitive information in Bluetooth prior to SMR Aug-2022 Release 1 allows local attackers to access connected BT macAddress via Settings.Gloabal.
Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.
Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.
Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log.
Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.
Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log.
Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log.
Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.
Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log.
Exposure of Sensitive Information in Samsung Dialer application?prior to SMR Aug-2022 Release 1 allows local attackers to access ICCID via log.
ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users to read KNOX clipboard data via a crafted application.
Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which makes it easier for local users to obtain sensitive information by leveraging knowledge of the TIMA key and a brute-force attack.
Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers.
Sensitive information exposure vulnerability in FmmExtraOperation of Find My Mobile prior to 7.2.24.12 allows local attackers with log access permissio to get sim card information through device log.
Improper privilege management vulnerability in Samsung Account prior to 13.2.00.6 allows attackers to get an user email or phone number with a normal level permission.
Samsung SBeam allows remote attackers to read arbitrary images by leveraging an NFC connection to access the HTTP server on port 15000.
The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a conversation. The Samsung ID is SVE-2016-6343.
An improper access control in ActivityManagerService prior to SMR APR-2021 Release 1 allows untrusted applications to access running processesdelete some local files.
Information exposure vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to access chat data.
Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment.
Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen in specific condition.
Information Exposure vulnerability in Samsung Account prior to version 12.1.1.3 allows physically proximate attackers to access user information via log.
Improper protection of backup path configuration in Samsung Dex prior to SMR MAY-2021 Release 1 allows local attackers to get sensitive information via changing the path.
Improper validation check vulnerability in PackageManager prior to SMR July-2021 Release 1 allows untrusted applications to get dangerous level permission without user confirmation in limited circumstances.
Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.
Intent redirection in Samsung Experience Service versions 10.8.0.4 in Android P(9.0) below, and 12.2.0.5 in Android Q(10.0) above allows attacker to execute privileged action.
Improper privilege management vulnerability in Bluetooth application prior to SMR July-2021 Release 1 allows untrusted application to access the Bluetooth information in Bluetooth application.