Security Vulnerabilities - CVEs Published In April 2022
Path traversal vulnerability in unzip method of InstallAgentCommonHelper in Galaxy store prior to version 4.5.40.5 allows attacker to access the file of Galaxy store.
CVSS Score
6.2
EPSS Score
0.003
Published
2022-04-11
Improper access control vulnerability in Samsung Flow prior to version 4.8.06.5 allows attacker to write the file without Samsung Flow permission.
CVSS Score
5.1
EPSS Score
0.001
Published
2022-04-11
Improper access control vulnerability in Galaxy Store prior to version 4.5.36.4 allows attacker to install applications from Galaxy Store without user interactions.
CVSS Score
5.9
EPSS Score
0.001
Published
2022-04-11
Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission.
CVSS Score
4.3
EPSS Score
0.001
Published
2022-04-11
Improper access control vulnerability in Samsung Security Supporter prior to version 1.2.40.0 allows attacker to set the arbitrary folder as Secret Folder without Samsung Security Supporter permission
CVSS Score
4.4
EPSS Score
0.001
Published
2022-04-11
Uncontrolled search path element vulnerability in Samsung Android USB Driver windows installer program prior to version 1.7.50 allows attacker to execute arbitrary code.
CVSS Score
5.3
EPSS Score
0.001
Published
2022-04-11
The vulnerability in the MSC800 in all versions before 4.15 allows for an attacker to predict the TCP initial sequence number. When the TCP sequence is predictable, an attacker can send packets that are forged to appear to come from a trusted computer. These forged packets could compromise services on the MSC800. SICK has released a new firmware version of the SICK MSC800 and recommends updating to the newest version.
CVSS Score
9.1
EPSS Score
0.005
Published
2022-04-11
An attacker can perform a privilege escalation through the SICK OEE if the application is installed in a directory where non authenticated or low privilege users can modify its content.
CVSS Score
7.8
EPSS Score
0.001
Published
2022-04-11
Improper boundary check in Quram Agif library prior to SMR Apr-2022 Release 1 allows attackers to cause denial of service via crafted image file.
CVSS Score
4.0
EPSS Score
0.001
Published
2022-04-11
Information exposure vulnerability in ril property setting prior to SMR April-2022 Release 1 allows access to EF_RUIMID value without permission.
CVSS Score
6.6
EPSS Score
0.0
Published
2022-04-11