Security Vulnerabilities - CVEs Published In April 2022
Improper authentication vulnerability in SecretMode in Samsung Internet prior to version 16.2.1 allows attackers to access bookmark tab without proper credentials.
CVSS Score
3.3
EPSS Score
0.002
Published
2022-04-11
Improper access control vulnerability in SamsungRecovery prior to version 8.1.43.0 allows local attckers to delete arbitrary files as SamsungRecovery permission.
CVSS Score
4.4
EPSS Score
0.0
Published
2022-04-11
Improper exception handling in Samsung Pass prior to version 3.7.07.5 allows physical attacker to view the screen that is previously running without authentication
CVSS Score
4.3
EPSS Score
0.001
Published
2022-04-11
DLL hijacking vulnerability in Smart Switch PC prior to version 4.2.22022_4 allows attacker to execute abitrary code.
CVSS Score
6.2
EPSS Score
0.001
Published
2022-04-11
DLL hijacking vulnerability in Kies prior to version 2.6.4.22014_2 allows attacker to execute abitrary code.
CVSS Score
6.2
EPSS Score
0.001
Published
2022-04-11
Arbitrary File Read vulnerability in WPvivid Team Migration, Backup, Staging – WPvivid (WordPress plugin) versions <= 0.9.70
CVSS Score
2.7
EPSS Score
0.008
Published
2022-04-11
Authenticated (admin or higher user role) Stored Cross-Site Scripting (XSS) in PlausibleHQ Plausible Analytics (WordPress plugin) <= 1.2.2
CVSS Score
4.8
EPSS Score
0.005
Published
2022-04-11
Uncontrolled search path element vulnerability in Samsung Update prior to version 3.0.77.0 allows attackers to execute arbitrary code as Samsung Update permission.
CVSS Score
5.9
EPSS Score
0.002
Published
2022-04-11
Improper sanitization of incoming intent in Galaxy Store prior to version 4.5.40.5 allows local attackers to access privileged content providers as Galaxy Store permission.
CVSS Score
6.8
EPSS Score
0.001
Published
2022-04-11
Path traversal vulnerability in Samsung Flow prior to version 4.8.07.4 allows local attackers to read arbitrary files as Samsung Flow permission.
CVSS Score
4.0
EPSS Score
0.0
Published
2022-04-11