Total
23 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-32407 | 1 Samsung | 1 Internet | 2025-06-12 | N/A | 5.9 MEDIUM |
| Samsung Internet for Galaxy Watch version 5.0.9, available up until Samsung Galaxy Watch 3, does not properly validate TLS certificates, allowing for an attacker to impersonate any and all websites visited by the user. This is a critical misconfiguration in the way the browser validates the identity of the server. It negates the use of HTTPS as a secure channel, allowing for Man-in-the-Middle attacks, stealing sensitive information or modifying incoming and outgoing traffic. NOTE: This vulnerability is in an end-of-life product that is no longer maintained by the vendor. | |||||
| CVE-2024-20829 | 1 Samsung | 1 Internet | 2025-02-14 | N/A | 5.4 MEDIUM |
| Missing proper interaction for opening deeplink in Samsung Internet prior to version v24.0.0.0 allows remote attackers to open an application without proper interaction. | |||||
| CVE-2024-20838 | 1 Samsung | 1 Internet | 2024-12-23 | N/A | 6.8 MEDIUM |
| Improper validation vulnerability in Samsung Internet prior to version 24.0.3.2 allows local attackers to execute arbitrary code. | |||||
| CVE-2024-20837 | 1 Samsung | 1 Internet | 2024-12-23 | N/A | 5.3 MEDIUM |
| Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction. | |||||
| CVE-2024-20828 | 1 Samsung | 1 Internet | 2024-11-21 | N/A | 2.4 LOW |
| Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication. | |||||
| CVE-2023-30704 | 1 Samsung | 1 Internet | 2024-11-21 | N/A | 3.8 LOW |
| Improper Authorization vulnerability in Samsung Internet prior to version 22.0.0.35 allows physical attacker access downloaded files in Secret Mode without user authentication. | |||||
| CVE-2023-30674 | 1 Samsung | 1 Internet | 2024-11-21 | N/A | 6.5 MEDIUM |
| Improper configuration in Samsung Internet prior to version 21.0.0.41 allows attacker to bypass SameSite Cookie. | |||||
| CVE-2022-39873 | 1 Samsung | 1 Internet | 2024-11-21 | N/A | 4.3 MEDIUM |
| Improper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret mode without user authentication. | |||||
| CVE-2022-30740 | 1 Samsung | 1 Internet | 2024-11-21 | 2.1 LOW | 4.1 MEDIUM |
| Improper auto-fill algorithm in Samsung Internet prior to version 17.0.1.69 allows physical attackers to guess stored credit card numbers. | |||||
| CVE-2022-30738 | 1 Samsung | 1 Internet | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Improper check in Loader in Samsung Internet prior to 17.0.1.69 allows attackers to spoof address bar via executing script. | |||||
| CVE-2022-27839 | 1 Samsung | 1 Internet | 2024-11-21 | 4.3 MEDIUM | 3.3 LOW |
| Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials. | |||||
| CVE-2022-22290 | 1 Samsung | 1 Internet | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2022-22284 | 1 Samsung | 1 Internet | 2024-11-21 | 2.1 LOW | 5.7 MEDIUM |
| Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication | |||||
| CVE-2021-25521 | 1 Samsung | 1 Internet | 2024-11-21 | 2.1 LOW | 4.0 MEDIUM |
| Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet. | |||||
| CVE-2021-25520 | 1 Samsung | 1 Internet | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
| Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet. | |||||
| CVE-2021-25466 | 1 Samsung | 1 Internet | 2024-11-21 | 5.0 MEDIUM | 6.5 MEDIUM |
| Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token. | |||||
| CVE-2021-25445 | 1 Samsung | 1 Internet | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted application to access internal files in Samsung Internet. | |||||
| CVE-2021-25419 | 1 Samsung | 1 Internet | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link. | |||||
| CVE-2021-25418 | 1 Samsung | 1 Internet | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition. | |||||
| CVE-2021-25400 | 1 Samsung | 1 Internet | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action. | |||||