Filtered by vendor Samsung
Subscribe
Total
1008 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-40760 | 1 Samsung | 1 Mtower | 2022-09-21 | N/A | 7.5 HIGH |
| A Buffer Access with Incorrect Length Value vulnerablity in the TEE_MACUpdate function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_MACUpdate with an excessive size value of chunkSize. | |||||
| CVE-2022-40762 | 1 Samsung | 1 Mtower | 2022-09-21 | N/A | 7.5 HIGH |
| A Memory Allocation with Excessive Size Value vulnerablity in the TEE_Realloc function in Samsung mTower through 0.3.0 allows a trusted application to trigger a Denial of Service (DoS) by invoking the function TEE_Realloc with an excessive number for the parameter len. | |||||
| CVE-2022-36834 | 1 Samsung | 1 Game Launcher | 2022-09-20 | N/A | 5.0 MEDIUM |
| Exposure of Sensitive Information vulnerability in Game Launcher prior to version 6.0.07 allows local attacker to access app data with user interaction. | |||||
| CVE-2022-40281 | 1 Samsung | 1 Tizenrt | 2022-09-13 | N/A | 7.5 HIGH |
| An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). cyassl_connect_step2 in curl/vtls/cyassl.c has a missing X509_free after SSL_get_peer_certificate, leading to information disclosure. | |||||
| CVE-2022-40280 | 1 Samsung | 1 Tizenrt | 2022-09-13 | N/A | 7.5 HIGH |
| An issue was discovered in Samsung TizenRT through 3.0_GBM (and 3.1_PRE). createDB in security/provisioning/src/provisioningdatabasemanager.c has a missing sqlite3_close after sqlite3_open_v2, leading to a denial of service. | |||||
| CVE-2022-27837 | 2 Google, Samsung | 2 Android, Accessibility | 2022-09-09 | 9.3 HIGH | 7.8 HIGH |
| A vulnerability using PendingIntent in Accessibility prior to version 12.5.3.2 in Android R(11.0) and 13.0.1.1 in Android S(12.0) allows attacker to access the file with system privilege. | |||||
| CVE-2022-39828 | 1 Samsung | 1 Mtower | 2022-09-08 | N/A | 7.5 HIGH |
| sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_private_key, leading to a denial of service. | |||||
| CVE-2022-39830 | 1 Samsung | 1 Mtower | 2022-09-08 | N/A | 7.5 HIGH |
| sign_pFwInfo in Samsung mTower through 0.3.0 has a missing check on the return value of EC_KEY_set_public_key_affine_coordinates, leading to a denial of service. | |||||
| CVE-2022-39829 | 1 Samsung | 1 Mtower | 2022-09-08 | N/A | 7.5 HIGH |
| There is a NULL pointer dereference in aes256_encrypt in Samsung mTower through 0.3.0 due to a missing check on the return value of EVP_CIPHER_CTX_new. | |||||
| CVE-2022-36622 | 1 Samsung | 1 Mtower | 2022-09-07 | N/A | 7.5 HIGH |
| Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_GetObjectInfo1. | |||||
| CVE-2022-36621 | 1 Samsung | 1 Mtower | 2022-09-07 | N/A | 7.5 HIGH |
| Samsung Electronics mTower v0.3.0 and earlier was discovered to contain a NULL pointer dereference via the function TEE_AllocateTransientObject. | |||||
| CVE-2022-38155 | 1 Samsung | 1 Mtower | 2022-08-15 | N/A | 7.5 HIGH |
| TEE_Malloc in Samsung mTower through 0.3.0 allows a trusted application to achieve Excessive Memory Allocation via a large len value, as demonstrated by a Numaker-PFM-M2351 TEE kernel crash. | |||||
| CVE-2021-25349 | 2 Google, Samsung | 2 Android, Slow Motion Editor | 2022-08-12 | 4.6 MEDIUM | 7.8 HIGH |
| Using unsafe PendingIntent in Slow Motion Editor prior to version 3.5.18.5 allows local attackers unauthorized action without permission via hijacking the PendingIntent. | |||||
| CVE-2021-25352 | 1 Samsung | 1 Bixby Voice | 2022-08-12 | 4.6 MEDIUM | 7.8 HIGH |
| Using PendingIntent with implicit intent in Bixby Voice prior to version 3.0.52.14 allows attackers to execute privileged action by hijacking and modifying the intent. | |||||
| CVE-2021-25373 | 2 Google, Samsung | 2 Android, Customization Service | 2022-08-12 | 4.6 MEDIUM | 7.8 HIGH |
| Using unsafe PendingIntent in Customization Service prior to version 2.2.02.1 in Android O(8.x), 2.4.03.0 in Android P(9.0), 2.7.02.1 in Android Q(10.0) and 2.9.01.1 in Android R(11.0) allows local attackers to perform unauthorized action without permission via hijacking the PendingIntent. | |||||
| CVE-2022-35858 | 1 Samsung | 1 Mtower | 2022-08-10 | N/A | 7.8 HIGH |
| The TEE_PopulateTransientObject and __utee_from_attr functions in Samsung mTower 0.3.0 allow a trusted application to trigger a memory overwrite, denial of service, and information disclosure by invoking the function TEE_PopulateTransientObject with a large number in the parameter attrCount. | |||||
| CVE-2021-25500 | 2 Google, Samsung | 5 Android, Exynos 2100, Exynos 980 and 2 more | 2022-08-01 | 2.1 LOW | 4.4 MEDIUM |
| A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise. | |||||
| CVE-2021-25504 | 1 Samsung | 1 Group Sharing | 2022-08-01 | 2.1 LOW | 4.0 MEDIUM |
| Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 allows attacker to access contact information. | |||||
| CVE-2021-25526 | 1 Samsung | 1 Blockchain Wallet | 2022-08-01 | 2.1 LOW | 5.5 MEDIUM |
| Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action. | |||||
| CVE-2021-25468 | 2 Google, Samsung | 2 Android, Exynos | 2022-08-01 | 2.1 LOW | 4.4 MEDIUM |
| A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory address. | |||||