CVE-2022-36859
Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.21-6 allows privileged attackers to trigger a XSS on a victim's devices.
Source: CVE-2022-36859
[월:] 2022년 09월
CVE-2022-36873
CVE-2022-36873
Improper restriction of broadcasting Intent in GalaxyStoreBridgePageLinker of?Waterplugin prior to version 2.2.11.22081151 leaks MAC address of the connected Bluetooth device.
Source: CVE-2022-36873
CVE-2022-36872
CVE-2022-36872
Pending Intent hijacking vulnerability in SpayNotification in Samsung Pay prior to version 5.0.63 for KR and 5.1.47 for Global allows attackers to access files without permission via implicit Intent.
Source: CVE-2022-36872
CVE-2022-36843
CVE-2022-36843
A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
Source: CVE-2022-36843
CVE-2022-36845
CVE-2022-36845
A heap-based overflow vulnerability in MHW_RECOG_LIB_INFO function in libSDKRecognitionText.spensdk.samsung.so library prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
Source: CVE-2022-36845
CVE-2022-36855
CVE-2022-36855
A use after free vulnerability in iva_ctl driver prior to SMR Sep-2022 Release 1 allows attacker to cause memory access fault.
Source: CVE-2022-36855
CVE-2022-36857
CVE-2022-36857
Improper Authorization vulnerability in Photo Editor prior to SMR Sep-2022 Release 1 allows physical attackers to read internal application data.
Source: CVE-2022-36857
CVE-2022-36856
CVE-2022-36856
Improper access control vulnerability in Telecom application prior to SMR Sep-2022 Release 1 allows attacker to start emergency calls via undefined permission.
Source: CVE-2022-36856
CVE-2022-36849
CVE-2022-36849
Use after free vulnerability in sdp_mm_set_process_sensitive function of sdpmm driver prior to SMR Sep-2022 Release 1 allows attackers to perform malicious actions.
Source: CVE-2022-36849
CVE-2022-36850
CVE-2022-36850
Path traversal vulnerability in CallBGProvider prior to SMR Sep-2022 Release 1 allows attacker to overwrite arbitrary file with phone uid.
Source: CVE-2022-36850