Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-39863

Summary
Assigner-Samsung Mobile
Assigner Org ID-3af57064-a867-422c-b2ad-40307b65c458
Published At-07 Oct, 2022 | 00:00
Updated At-03 Aug, 2024 | 12:07
Rejected At-
Credits

Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
ā–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Samsung Mobile
Assigner Org ID:3af57064-a867-422c-b2ad-40307b65c458
Published At:07 Oct, 2022 | 00:00
Updated At:03 Aug, 2024 | 12:07
Rejected At:
ā–¼CVE Numbering Authority (CNA)

Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission.

Affected Products
Vendor
Samsung ElectronicsSamsung Mobile
Product
Samsung Account
Versions
Affected
  • From unspecified before 13.5.01.3 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-20CWE-20: Improper Input Validation
Type: CWE
CWE ID: CWE-20
Description: CWE-20: Improper Input Validation
Metrics
VersionBase scoreBase severityVector
3.13.6LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Version: 3.1
Base score: 3.6
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10
N/A
Hyperlink: https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10
Resource: N/A
ā–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10
x_transferred
Hyperlink: https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10
Resource:
x_transferred
Information is not available yet
ā–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:mobile.security@samsung.com
Published At:07 Oct, 2022 | 15:15
Updated At:11 Oct, 2022 | 22:59

Intent redirection vulnerability in Samsung Account prior to version 13.5.01.3 allows attackers to access content providers without permission.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.7MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Secondary3.13.6LOW
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Type: Primary
Version: 3.1
Base score: 4.7
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Type: Secondary
Version: 3.1
Base score: 3.6
Base severity: LOW
Vector:
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
CPE Matches

Samsung
samsung
>>account>>Versions before 13.5.01.3(exclusive)
cpe:2.3:a:samsung:account:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-20Secondarymobile.security@samsung.com
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
CWE ID: CWE-20
Type: Secondary
Source: mobile.security@samsung.com
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10mobile.security@samsung.com
Vendor Advisory
Hyperlink: https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=10
Source: mobile.security@samsung.com
Resource:
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

165Records found

CVE-2022-39892
Matching Score-8
Assigner-Samsung Mobile
ShareView Details
Matching Score-8
Assigner-Samsung Mobile
CVSS Score-3.6||LOW
EPSS-0.40% / 31.53%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-01 May, 2025 | 19:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in Samsung Pass prior to version 4.0.05.1 allows attackers to unauthenticated access via keep open feature.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-passSamsung Pass
CWE ID-CWE-287
Improper Authentication
CVE-2025-26780
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 26.26%
||
7 Day CHG-0.00%
Published-07 Jul, 2025 | 00:00
Updated-27 Oct, 2025 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in L2 in Samsung Mobile Processor and Modem Exynos 2400 and Modem 5400. The lack of a length check leads to a Denial of Service via a malformed PDCP packet.

Action-Not Available
Vendor-n/aSamsung
Product-exynos_2400_firmwaremodem_5400_firmwareexynos_2400modem_5400n/a
CWE ID-CWE-20
Improper Input Validation
CVE-2022-39880
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7.1||HIGH
EPSS-0.09% / 0.77%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-01 May, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in DualOutFocusViewer prior to SMR Nov-2022 Release 1 allows local attacker to perform an arbitrary code execution.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-39881
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.83% / 53.16%
||
7 Day CHG~0.00%
Published-09 Nov, 2022 | 00:00
Updated-01 May, 2025 | 19:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability for processing SIB12 PDU in Exynos modems prior to SMR Sep-2022 Release allows remote attacker to read out of bounds memory.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-exynosexynos_firmwareSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-125
Out-of-bounds Read
CVE-2022-28783
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.10% / 0.94%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 19:40
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logic for removing package name.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-36850
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.10% / 1.19%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 14:40
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-36853
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-3.3||LOW
EPSS-0.19% / 8.80%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 14:40
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Intent redirection in Photo Editor prior to SMR Sep-2022 Release 1 allows attacker to get sensitive information.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-36859
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.7||MEDIUM
EPSS-0.36% / 28.20%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 14:39
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6 allows privileged attackers to trigger a XSS on a victim's devices.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smarttagpluginSmartTagPlugin
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-36868
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.9||MEDIUM
EPSS-0.12% / 1.90%
||
7 Day CHG~0.00%
Published-07 Oct, 2022 | 00:00
Updated-03 Aug, 2024 | 10:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper restriction of broadcasting Intent in MouseNKeyHidDevice prior to SMR Oct-2022 Release 1 leaks MAC address of the connected Bluetooth device.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-33690
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4||MEDIUM
EPSS-0.11% / 1.69%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:33
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-33709
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7.8||HIGH
EPSS-0.21% / 10.77%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:36
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in ApexPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_storeGalaxy Store
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-33704
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.10% / 1.13%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:36
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation vulnerability in ucmRetParcelable of KnoxSDK prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-33715
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 0.95%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 15:17
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-33729
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.9||MEDIUM
EPSS-0.09% / 0.60%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 15:14
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper restriction of broadcasting Intent in ConfirmConnectActivity of?NFC prior to SMR Aug-2022 Release 1 leaks MAC address of the connected Bluetooth device.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-33703
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.08% / 0.25%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:36
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation vulnerability in CACertificateInfo prior to SMR Jul-2022 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-33719
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-8.6||HIGH
EPSS-0.31% / 22.55%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 15:20
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in baseband prior to SMR Aug-2022 Release 1 allows attackers to cause integer overflow to heap overflow.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-33708
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7.8||HIGH
EPSS-0.21% / 10.77%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:36
Updated-03 Aug, 2024 | 08:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in AppsPackageInstaller in Galaxy Store prior to version 4.5.41.8 allows local attackers to launch activities as Galaxy Store privilege.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_storeGalaxy Store
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-269
Improper Privilege Management
CVE-2022-30756
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.13% / 2.93%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:32
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of Finder.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-30712
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.24% / 14.88%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 17:54
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-30754
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.13% / 2.89%
||
7 Day CHG~0.00%
Published-11 Jul, 2022 | 13:32
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Implicit Intent hijacking vulnerability in AppLinker prior to SMR Jul-2022 Release 1 allow allows attackers to launch certain activities with privilege of AppLinker.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-30719
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-2.5||LOW
EPSS-0.20% / 10.06%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 17:58
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-30726
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.10% / 0.79%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 18:03
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-30744
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.23% / 14.21%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 18:19
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DLL hijacking vulnerability in KiesWrapper in Samsung Kies prior to version 2.6.4.22043_1 allows attacker to execute arbitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-kiesSamsung Kies
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-30709
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-2.5||LOW
EPSS-0.21% / 10.56%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 17:52
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-30721
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-2.5||LOW
EPSS-0.20% / 10.06%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 17:58
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-30711
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.26% / 17.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 17:53
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-30710
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.26% / 17.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 17:52
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-28781
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7.7||HIGH
EPSS-0.14% / 3.48%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 19:39
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-28791
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.21% / 11.26%
||
7 Day CHG~0.00%
Published-03 May, 2022 | 19:43
Updated-03 Aug, 2024 | 06:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in InstallAgent in Galaxy Store prior to version 4.5.41.8 allows attacker to overwrite files stored in a specific path. The patch adds proper protection to prevent overwrite to existing files.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-galaxy_storeGalaxy Store
CWE ID-CWE-20
Improper Input Validation
CVE-2022-27828
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.14% / 3.43%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-27573
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.35% / 27.03%
||
7 Day CHG+0.01%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-27833
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.10% / 1.25%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in DSP driver prior to SMR Apr-2022 Release 1 allows out-of-bounds write by integer overflow.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidexynos_9830exynos_980exynos_2100Samsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2022-27827
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.14% / 3.43%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-27826
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.15% / 5.09%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-27830
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.13% / 3.23%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-27835
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-7.6||HIGH
EPSS-0.30% / 22.29%
||
7 Day CHG+0.01%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-27574
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.38% / 29.87%
||
7 Day CHG+0.01%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-787
Out-of-bounds Write
CVE-2022-27829
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-8.5||HIGH
EPSS-0.13% / 3.23%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-24926
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-5.7||MEDIUM
EPSS-0.49% / 38.49%
||
7 Day CHG+0.01%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.15-6 allows privileged attackers to trigger a XSS on a victim's devices.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smarttagpluginSmartTagPlugin
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-25818
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.5||MEDIUM
EPSS-0.40% / 32.46%
||
7 Day CHG~0.00%
Published-08 Mar, 2022 | 13:47
Updated-03 Aug, 2024 | 04:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper boundary check in UWB stack prior to SMR Mar-2022 Release 1 allows arbitrary code execution.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer
CVE-2022-24925
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-4.4||MEDIUM
EPSS-0.25% / 16.32%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation vulnerability in SettingsProvider prior to Android S(12) allows privileged attackers to trigger a permanent denial of service attack on a victim's devices.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-23999
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-3.9||LOW
EPSS-0.12% / 1.90%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-23998
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.59% / 43.74%
||
7 Day CHG+0.01%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control vulnerability in Camera prior to versions 11.1.02.16 in Android R(11), 10.5.03.77 in Android Q(10) and 9.0.6.68 in Android P(9) allows untrusted applications to take a picture in screenlock status.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-cameraandroidSamsung Camera
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-24000
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-3.9||LOW
EPSS-0.12% / 1.90%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-23425
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-8.6||HIGH
EPSS-0.41% / 32.82%
||
7 Day CHG+0.01%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station.

Action-Not Available
Vendor-Google LLCSamsungSamsung Electronics
Product-androidexynosSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-23427
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-3.9||LOW
EPSS-0.10% / 1.03%
||
7 Day CHG~0.00%
Published-11 Feb, 2022 | 17:40
Updated-03 Aug, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PendingIntent hijacking vulnerability in KnoxPrivacyNoticeReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission via implicit Intent.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-30720
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-2.5||LOW
EPSS-0.20% / 10.06%
||
7 Day CHG~0.00%
Published-07 Jun, 2022 | 17:58
Updated-03 Aug, 2024 | 06:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

Action-Not Available
Vendor-Google LLCSamsung Electronics
Product-androidSamsung Mobile Devices
CWE ID-CWE-20
Improper Input Validation
CVE-2022-27843
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.23% / 13.50%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 allows attacker to execute abitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-kiesKies
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2022-27842
Matching Score-6
Assigner-Samsung Mobile
ShareView Details
Matching Score-6
Assigner-Samsung Mobile
CVSS Score-6.2||MEDIUM
EPSS-0.23% / 13.50%
||
7 Day CHG~0.00%
Published-11 Apr, 2022 | 19:37
Updated-03 Aug, 2024 | 05:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code.

Action-Not Available
Vendor-SamsungSamsung Electronics
Product-smart_switch_pcSmart Switch PC
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-427
Uncontrolled Search Path Element
CVE-2008-4380
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.8||HIGH
EPSS-3.73% / 88.50%
||
7 Day CHG~0.00%
Published-01 Oct, 2008 | 15:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The web interface in Samsung DVR SHR2040 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, related to the filter for configuration properties and "/x" characters.

Action-Not Available
Vendor-n/aSamsung
Product-dvr_shr2040n/a
CWE ID-CWE-20
Improper Input Validation
  • Previous
  • 1
  • 2
  • 3
  • 4
  • Next
Details not found