Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Internet
(Samsung)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 23 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2025-05-16 | CVE-2025-32407 | Samsung Internet for Galaxy Watch version 5.0.9, available up until Samsung Galaxy Watch 3, does not properly validate TLS certificates, allowing for an attacker to impersonate any and all websites visited by the user. This is a critical misconfiguration in the way the browser validates the identity of the server. It negates the use of HTTPS as a secure channel, allowing for Man-in-the-Middle attacks, stealing sensitive information or modifying incoming and outgoing traffic. NOTE: This... | Internet | N/A | ||
| 2024-03-05 | CVE-2024-20829 | Missing proper interaction for opening deeplink in Samsung Internet prior to version v24.0.0.0 allows remote attackers to open an application without proper interaction. | Internet | 5.3 | ||
| 2024-03-05 | CVE-2024-20837 | Improper handling of granting permission for Trusted Web Activities in Samsung Internet prior to version 24.0.0.41 allows local attackers to grant permission to their own TWA WebApps without user interaction. | Internet | 5.3 | ||
| 2024-03-05 | CVE-2024-20838 | Improper validation vulnerability in Samsung Internet prior to version 24.0.3.2 allows local attackers to execute arbitrary code. | Internet | 7.8 | ||
| 2021-03-04 | CVE-2021-25348 | Improper permission grant check in Samsung Internet prior to version 13.0.1.60 allows access to files in internal storage without authorized STORAGE permission. | Internet | 2.4 | ||
| 2021-03-25 | CVE-2021-25354 | Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink. | Internet | 5.3 | ||
| 2021-03-25 | CVE-2021-25366 | Improper access control in Samsung Internet prior to version 13.2.1.70 allows physically proximate attackers to bypass the secret mode's authentication. | Internet | 2.9 | ||
| 2021-06-11 | CVE-2021-25400 | Intent redirection vulnerability in Samsung Internet prior to version 14.0.1.20 allows attacker to execute privileged action. | Internet | 7.8 | ||
| 2021-06-11 | CVE-2021-25418 | Improper component protection vulnerability in Samsung Internet prior to version 14.0.1.62 allows untrusted applications to execute arbitrary activity in specific condition. | Internet | 7.8 | ||
| 2021-06-11 | CVE-2021-25419 | Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link. | Internet | 6.5 |