# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2022-33702 |
863 |
|
Bypass |
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Improper authorization vulnerability in Knoxguard prior to SMR Jul-2022 Release 1 allows local attacker to disable keyguard and bypass Knoxguard lock by factory reset. |
2 |
CVE-2022-33701 |
829 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Improper access control vulnerability in KnoxCustomManagerService prior to SMR Jul-2022 Release 1 allows attacker to call PowerManaer.goToSleep method which is protected by system permission by sending braodcast intent. |
3 |
CVE-2022-33700 |
668 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Exposure of Sensitive Information in putDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log. |
4 |
CVE-2022-33699 |
668 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Exposure of Sensitive Information in getDsaSimImsi in TelephonyUI prior to SMR Jul-2022 Release 1 allows local attacker to access imsi via log. |
5 |
CVE-2022-33698 |
668 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Exposure of Sensitive Information in Telecom application prior to SMR Jul-2022 Release 1 allows local attackers to access ICCID via log. |
6 |
CVE-2022-33697 |
532 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Sensitive information exposure vulnerability in ImsServiceSwitchBase in ImsCore prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log. |
7 |
CVE-2022-33696 |
668 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Exposure of Sensitive Information in Telephony service prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log. |
8 |
CVE-2022-33694 |
668 |
|
|
2022-07-12 |
2022-07-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Exposure of Sensitive Information in CSC application prior to SMR Jul-2022 Release 1 allows local attacker to access wifi information via unprotected intent broadcasting. |
9 |
CVE-2022-33693 |
532 |
|
|
2022-07-12 |
2022-07-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Exposure of Sensitive Information in CID Manager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. |
10 |
CVE-2022-33692 |
668 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Exposure of Sensitive Information in Messaging application prior to SMR Jul-2022 Release 1 allows local attacker to access imsi and iccid via log. |
11 |
CVE-2022-33690 |
22 |
|
Dir. Trav. |
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Improper input validation in Contacts Storage prior to SMR Jul-2022 Release 1 allows attacker to access arbitrary file. |
12 |
CVE-2022-33689 |
732 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Improper access control vulnerability in TelephonyUI prior to SMR Jul-2022 Release 1 allows attackers to change preferred network type by unprotected binder call. |
13 |
CVE-2022-33688 |
532 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Sensitive information exposure vulnerability in EventType in SecTelephonyProvider prior to SMR Jul-2022 Release 1 allows local attackers with log access permission to get IMSI through device log. |
14 |
CVE-2022-33687 |
532 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Exposure of Sensitive Information in telephony-common.jar prior to SMR Jul-2022 Release 1 allows local attackers to access IMSI via log. |
15 |
CVE-2022-33686 |
552 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Exposure of Sensitive Information in GsmAlarmManager prior to SMR Jul-2022 Release 1 allows local attacker to access iccid via log. |
16 |
CVE-2022-33685 |
|
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Unprotected dynamic receiver in Wearable Manager Service prior to SMR Jul-2022 Release 1 allows attacker to launch arbitray activity and access senstive information. |
17 |
CVE-2022-30758 |
276 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Implicit Intent hijacking vulnerability in Finder prior to SMR Jul-2022 Release 1 allow allows attackers to access some protected information with privilege of Finder. |
18 |
CVE-2022-30757 |
863 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Improper authorization in isemtelephony prior to SMR Jul-2022 Release 1 allows attacker to obtain CID without ACCESS_FINE_LOCATION permission. |
19 |
CVE-2022-30753 |
276 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Improper use of a unique device ID in unprotected SecSoterService prior to SMR Jul-2022 Release 1 allows local attackers to get the device ID without permission. |
20 |
CVE-2022-30752 |
668 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_STATE_CHANGED action. |
21 |
CVE-2022-30751 |
668 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Improper access control vulnerability in sendDHCPACKBroadcast function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected by using WIFI_AP_STA_DHCPACK_EVENT action. |
22 |
CVE-2022-30750 |
668 |
|
|
2022-07-12 |
2022-07-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Improper access control vulnerability in updateLastConnectedClientInfo function of SemWifiApClient prior to SMR Jul-2022 Release 1 allows attacker to access wifi ap client mac address that connected. |
23 |
CVE-2022-30729 |
|
|
|
2022-06-07 |
2022-06-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner. |
24 |
CVE-2022-30728 |
668 |
|
|
2022-06-07 |
2022-06-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. |
25 |
CVE-2022-30727 |
755 |
|
|
2022-06-07 |
2022-06-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space. |
26 |
CVE-2022-30714 |
668 |
|
|
2022-06-07 |
2022-06-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information. |
27 |
CVE-2022-28794 |
668 |
|
|
2022-06-07 |
2022-06-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Sensitive information exposure in low-battery dumpstate log prior to SMR Jun-2022 Release 1 allows local attackers to get SIM card information. |
28 |
CVE-2022-28788 |
125 |
|
DoS |
2022-05-03 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. |
29 |
CVE-2022-28787 |
125 |
|
DoS |
2022-05-03 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Improper buffer size check logic in wmfextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. |
30 |
CVE-2022-28786 |
125 |
|
DoS |
2022-05-03 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. |
31 |
CVE-2022-28785 |
125 |
|
DoS |
2022-05-03 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Improper buffer size check logic in aviextractor library prior to SMR May-2022 Release 1 allows out of bounds read leading to possible temporary denial of service. The patch adds buffer size check logic. |
32 |
CVE-2022-28784 |
22 |
|
Dir. Trav. |
2022-05-03 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Path traversal vulnerability in Galaxy Themes prior to SMR May-2022 Release 1 allows attackers to list file names in arbitrary directory as system user. The patch addresses incorrect implementation of file path validation check logic. |
33 |
CVE-2022-28782 |
863 |
|
|
2022-05-03 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Improper access control vulnerability in Contents To Window prior to SMR May-2022 Release 1 allows physical attacker to install package before completion of Setup wizard. The patch blocks entry point of the vulnerability. |
34 |
CVE-2022-28780 |
|
|
|
2022-05-03 |
2022-05-11 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Improper access control vulnerability in Weather prior to SMR May-2022 Release 1 allows that attackers can access location information that set in Weather without permission. The patch adds proper protection to prevent access to location information. |
35 |
CVE-2022-27832 |
125 |
|
DoS |
2022-04-11 |
2022-04-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
Improper boundary check in media.extractor library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via a crafted media file. |
36 |
CVE-2022-27822 |
668 |
|
|
2022-04-11 |
2022-04-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission. |
37 |
CVE-2022-26090 |
668 |
|
|
2022-04-11 |
2022-04-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Improper access control vulnerability in SamsungContacts prior to SMR Apr-2022 Release 1 allows that attackers can access contact information without permission. |
38 |
CVE-2022-25833 |
287 |
|
|
2022-04-11 |
2022-04-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Improper authentication in ImsService prior to SMR Apr-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission. |
39 |
CVE-2022-25820 |
307 |
|
|
2022-03-10 |
2022-03-16 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A vulnerable design in fingerprint matching algorithm prior to SMR Mar-2022 Release 1 allows physical attackers to perform brute force attack on screen lock password. |
40 |
CVE-2022-25817 |
287 |
|
|
2022-03-10 |
2022-03-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Improper authentication in One UI Home prior to SMR Mar-2022 Release 1 allows attacker to generate pinned-shortcut without user consent. |
41 |
CVE-2022-25816 |
287 |
|
|
2022-03-10 |
2022-03-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Improper authentication in Samsung Lock and mask apps setting prior to SMR Mar-2022 Release 1 allows attacker to change enable/disable without authentication |
42 |
CVE-2022-24932 |
425 |
|
|
2022-03-10 |
2022-03-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Improper Protection of Alternate Path vulnerability in Setup wizard process prior to SMR Mar-2022 Release 1 allows physical attacker package installation before finishing Setup wizard. |
43 |
CVE-2022-24929 |
|
|
|
2022-03-10 |
2022-03-16 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication. |
44 |
CVE-2022-24001 |
|
|
|
2022-02-11 |
2022-02-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Information disclosure vulnerability in Edge Panel prior to Android S(12) allows physical attackers to access screenshot in clipboard via Edge Panel. |
45 |
CVE-2022-24000 |
|
|
|
2022-02-11 |
2022-02-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
PendingIntent hijacking vulnerability in DataUsageReminderReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. |
46 |
CVE-2022-23999 |
|
|
|
2022-02-11 |
2022-02-22 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
PendingIntent hijacking vulnerability in CpaReceiver prior to SMR Feb-2022 Release 1 allows local attackers to access media files without permission in KnoxPrivacyNoticeReceiver via implicit Intent. |
47 |
CVE-2022-22291 |
|
|
|
2022-02-11 |
2022-02-18 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Logging of excessive data vulnerability in telephony prior to SMR Feb-2022 Release 1 allows privileged attackers to get Cell Location Information through log of user device. |
48 |
CVE-2022-22272 |
863 |
|
|
2022-01-10 |
2022-01-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Improper authorization in TelephonyManager prior to SMR Jan-2022 Release 1 allows attackers to get IMSI without READ_PRIVILEGED_PHONE_STATE permission |
49 |
CVE-2022-22271 |
20 |
|
|
2022-01-10 |
2022-01-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
A missing input validation before memory copy in TIMA trustlet prior to SMR Jan-2022 Release 1 allows attackers to copy data from arbitrary memory. |
50 |
CVE-2022-22269 |
552 |
|
|
2022-01-10 |
2022-01-15 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Keeping sensitive data in unprotected BluetoothSettingsProvider prior to SMR Jan-2022 Release 1 allows untrusted applications to get a local Bluetooth MAC address. |