Sensitive information exposure in Sign-out log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission.

Sensitive information exposure in Sign-in log in Samsung Account prior to version 13.2.00.6 allows attackers to get an user email or phone number without permission.

Exposure of Sensitive Information vulnerability in Samsung Account prior to version 13.2.00.6 allows attacker to access sensitive information via onActivityResult.

Improper access control vulnerability in My Files prior to version 13.1.00.193 allows attackers to access arbitrary private files in My Files application.

Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication.

Information exposure vulnerability in ScanPool prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.

Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space.

Implicit Intent hijacking vulnerability in Settings prior to SMR Jun-2022 Release 1 allows attackers to get Wi-Fi SSID and password via a malicious QR code scanner.

Unprotected component vulnerability in DeviceSearchTrampoline in SecSettingsIntelligence prior to SMR Jun-2022 Release 1 allows local attackers to launch activities of SecSettingsIntelligence.

Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionError function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.

Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in sendIntentSessionCompleted function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.

Broadcasting Intent including the BluetoothDevice object without proper restriction of receivers in activateVoiceRecognitionWithDevice function of Bluetooth prior to SMR Jun-2022 Release 1 leaks MAC address of the connected Bluetooth device.

Implicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of Samsung Account.

Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

Improper input validation check logic vulnerability in libsmkvextractor prior to SMR Jun-2022 Release 1 allows attackers to trigger crash.

Improper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink.

Unprotected broadcast in sendIntentForToastDumpLog in DisplayToast prior to SMR Jun-2022 Release 1 allows untrusted applications to access toast message information from device.

Improper access control vulnerability in DofViewer prior to SMR Jun-2022 Release 1 allows attackers to control floating system alert window.

Information exposure vulnerability in SemIWCMonitor prior to SMR Jun-2022 Release 1 allows local attackers to get MAC address information.