| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2022-30729 |
|
|
|
2022-06-07 |
2022-06-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner. |
|
2 |
CVE-2022-30728 |
668 |
|
|
2022-06-07 |
2022-06-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. |
|
3 |
CVE-2022-30727 |
755 |
|
|
2022-06-07 |
2022-06-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space. |
|
4 |
CVE-2022-30726 |
|
|
|
2022-06-07 |
2022-06-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence. |
|
5 |
CVE-2022-30725 |
755 |
|
|
2022-06-07 |
2022-06-11 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. |
|
6 |
CVE-2022-30724 |
755 |
|
|
2022-06-07 |
2022-06-11 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. |
|
7 |
CVE-2022-30723 |
755 |
|
|
2022-06-07 |
2022-06-11 |
3.3 |
None |
Local Network |
Low |
Not required |
Partial |
None |
None |
|
Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device. |
|
8 |
CVE-2022-30722 |
|
|
Bypass |
2022-06-07 |
2022-06-11 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account. |
|
9 |
CVE-2022-30721 |
20 |
|
|
2022-06-07 |
2022-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. |
|
10 |
CVE-2022-30720 |
20 |
|
|
2022-06-07 |
2022-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. |
|
11 |
CVE-2022-30719 |
20 |
|
|
2022-06-07 |
2022-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. |
|
12 |
CVE-2022-30716 |
755 |
|
|
2022-06-07 |
2022-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device. |
|
13 |
CVE-2022-30715 |
862 |
|
|
2022-06-07 |
2022-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window. |
|
14 |
CVE-2022-30714 |
668 |
|
|
2022-06-07 |
2022-06-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. |
|
15 |
CVE-2022-30713 |
20 |
|
|
2022-06-07 |
2022-06-11 |
9.4 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
None |
|
Improper validation vulnerability in LSOItemData prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. |
|
16 |
CVE-2022-30712 |
20 |
|
|
2022-06-07 |
2022-06-11 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
Improper validation vulnerability in KfaOptions prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. |
|
17 |
CVE-2022-30711 |
20 |
|
|
2022-06-07 |
2022-06-11 |
9.4 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
None |
|
Improper validation vulnerability in FeedsInfo prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. |
|
18 |
CVE-2022-30710 |
20 |
|
|
2022-06-07 |
2022-06-11 |
9.4 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
None |
|
Improper validation vulnerability in RemoteViews prior to SMR Jun-2022 Release 1 allows attackers to launch certain activities. |
|
19 |
CVE-2022-30709 |
20 |
|
|
2022-06-07 |
2022-06-11 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Improper input validation check logic vulnerability in SECRIL prior to SMR Jun-2022 Release 1 allows attackers to trigger crash. |
|
20 |
CVE-2022-28794 |
668 |
|
|
2022-06-07 |
2022-06-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information. |
|
21 |
CVE-2022-28788 |
125 |
|
DoS |
2022-05-03 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. |
|
22 |
CVE-2022-28787 |
125 |
|
DoS |
2022-05-03 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. |
|
23 |
CVE-2022-28786 |
125 |
|
DoS |
2022-05-03 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. |
|
24 |
CVE-2022-28785 |
125 |
|
DoS |
2022-05-03 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. |
|
25 |
CVE-2022-28784 |
22 |
|
Dir. Trav. |
2022-05-03 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic. |
|
26 |
CVE-2022-28783 |
20 |
|
|
2022-05-03 |
2022-05-11 |
3.6 |
None |
Local |
Low |
Not required |
None |
Partial |
Partial |
|
Improper validation of removing package name in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to uninstall arbitrary packages without permission. The patch adds proper validation logic for removing package name. |
|
27 |
CVE-2022-28782 |
863 |
|
|
2022-05-03 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability. |
|
28 |
CVE-2022-28781 |
20 |
|
|
2022-05-03 |
2022-05-11 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller. |
|
29 |
CVE-2022-28780 |
|
|
|
2022-05-03 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information. |
|
30 |
CVE-2022-27836 |
22 |
|
Dir. Trav. |
2022-04-11 |
2022-04-27 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Improper access control and path traversal vulnerability in Storage Manager and Storage Manager Service prior to SMR Apr-2022 Release 1 allow local attackers to access arbitrary system files without a proper permission. The patch adds proper validation logic to prevent arbitrary files access. |
|
31 |
CVE-2022-27835 |
119 |
|
Overflow |
2022-04-11 |
2022-04-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
|
Improper boundary check in UWB firmware prior to SMR Apr-2022 Release 1 allows arbitrary memory write. |
|
32 |
CVE-2022-27832 |
125 |
|
DoS |
2022-04-11 |
2022-04-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file. |
|
33 |
CVE-2022-27831 |
125 |
|
|
2022-04-11 |
2022-04-18 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
None |
Partial |
|
Improper boundary check in sflvd_rdbuf_bits of libsflvextractor prior to SMR Apr-2022 Release 1 allows attackers to read out of bounds memory. |
|
34 |
CVE-2022-27830 |
20 |
|
|
2022-04-11 |
2022-04-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Improper validation vulnerability in SemBlurInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. |
|
35 |
CVE-2022-27829 |
20 |
|
|
2022-04-11 |
2022-04-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Improper validation vulnerability in VerifyCredentialResponse prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. |
|
36 |
CVE-2022-27828 |
20 |
|
|
2022-04-11 |
2022-04-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Improper validation vulnerability in MediaMonitorEvent prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. |
|
37 |
CVE-2022-27827 |
20 |
|
|
2022-04-11 |
2022-04-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Improper validation vulnerability in MediaMonitorDimension prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. |
|
38 |
CVE-2022-27826 |
20 |
|
|
2022-04-11 |
2022-04-18 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Improper validation vulnerability in SemSuspendDialogInfo prior to SMR Apr-2022 Release 1 allows attackers to launch certain activities. |
|
39 |
CVE-2022-27825 |
125 |
|
|
2022-04-11 |
2022-04-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Improper size check in sapefd_parse_meta_HEADER function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. |
|
40 |
CVE-2022-27824 |
125 |
|
|
2022-04-11 |
2022-04-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Improper size check of in sapefd_parse_meta_DESCRIPTION function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file |
|
41 |
CVE-2022-27823 |
125 |
|
|
2022-04-11 |
2022-04-18 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
Improper size check in sapefd_parse_meta_HEADER_old function of libsapeextractor library prior to SMR Apr-2022 Release 1 allows out of bounds read via a crafted media file. |
|
42 |
CVE-2022-27822 |
668 |
|
|
2022-04-11 |
2022-04-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission. |
|
43 |
CVE-2022-27821 |
125 |
|
DoS |
2022-04-11 |
2022-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file. |
|
44 |
CVE-2022-27576 |
668 |
|
|
2022-04-11 |
2022-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Information exposure vulnerability in Samsung DeX Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission |
|
45 |
CVE-2022-27575 |
668 |
|
|
2022-04-11 |
2022-04-18 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
|
Information exposure vulnerability in One UI Home prior to SMR April-2022 Release 1 allows to access currently launched foreground app information without permission. |
|
46 |
CVE-2022-27574 |
787 |
|
|
2022-04-11 |
2022-04-18 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Improper input validation vulnerability in parser_iloc and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attacker. |
|
47 |
CVE-2022-27573 |
787 |
|
|
2022-04-11 |
2022-04-18 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
|
Improper input validation vulnerability in parser_infe and sheifd_find_itemIndexin fuctions of libsimba library prior to SMR Apr-2022 Release 1 allows out of bounds write by privileged attackers. |
|
48 |
CVE-2022-27572 |
787 |
|
Exec Code Overflow |
2022-04-11 |
2022-04-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow vulnerability in parser_ipma function of libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attackers. |
|
49 |
CVE-2022-27571 |
787 |
|
Exec Code Overflow |
2022-04-11 |
2022-04-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow vulnerability in sheifd_get_info_image function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. |
|
50 |
CVE-2022-27570 |
787 |
|
Exec Code Overflow |
2022-04-11 |
2022-04-18 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow vulnerability in parser_single_iref function in libsimba library prior to SMR Apr-2022 Release 1 allows code execution by remote attacker. |
