Search

Find a vulnerability

Search criteria

    10 vulnerabilities found for Samsung Gallery by Samsung Mobile

    CVE-2025-20969 (GCVE-0-2025-20969)

    Vulnerability from nvd – Published: 2025-05-07 08:24 – Updated: 2025-05-07 15:51
    VLAI
    Summary
    Improper input validation in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows local attackers to access data within Samsung Gallery.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Gallery Unaffected: 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20969",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-07T15:49:24.426858Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T15:51:19.190Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Gallery",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper input validation in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows local attackers to access data within Samsung Gallery."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-07T08:24:24.722Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=05"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2025-20969",
        "datePublished": "2025-05-07T08:24:24.722Z",
        "dateReserved": "2024-11-06T02:30:14.867Z",
        "dateUpdated": "2025-05-07T15:51:19.190Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-20968 (GCVE-0-2025-20968)

    Vulnerability from nvd – Published: 2025-05-07 08:24 – Updated: 2025-05-07 16:12
    VLAI
    Summary
    Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Gallery Unaffected: 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20968",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-07T15:51:55.951288Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T16:12:06.660Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Gallery",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-07T08:24:23.488Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=05"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2025-20968",
        "datePublished": "2025-05-07T08:24:23.488Z",
        "dateReserved": "2024-11-06T02:30:14.866Z",
        "dateUpdated": "2025-05-07T16:12:06.660Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-20967 (GCVE-0-2025-20967)

    Vulnerability from nvd – Published: 2025-05-07 08:24 – Updated: 2025-05-07 16:13
    VLAI
    Summary
    Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read and write arbitrary file with the privilege of Samsung Gallery.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Gallery Unaffected: 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20967",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-07T16:12:45.650686Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T16:13:00.363Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Gallery",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read and write arbitrary file with the privilege of Samsung Gallery."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-07T08:24:22.166Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=05"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2025-20967",
        "datePublished": "2025-05-07T08:24:22.166Z",
        "dateReserved": "2024-11-06T02:30:14.866Z",
        "dateUpdated": "2025-05-07T16:13:00.363Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-20966 (GCVE-0-2025-20966)

    Vulnerability from nvd – Published: 2025-05-07 08:24 – Updated: 2025-05-07 16:16
    VLAI
    Summary
    Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across multiple user profiles.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Gallery Unaffected: 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20966",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-07T16:14:52.278383Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T16:16:19.184Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Gallery",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across multiple user profiles."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-07T08:24:20.945Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=05"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2025-20966",
        "datePublished": "2025-05-07T08:24:20.945Z",
        "dateReserved": "2024-11-06T02:30:14.866Z",
        "dateUpdated": "2025-05-07T16:16:19.184Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-33706 (GCVE-0-2022-33706)

    Vulnerability from nvd – Published: 2022-07-11 13:37 – Updated: 2024-08-03 08:09
    VLAI
    Summary
    Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - : Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Gallery Affected: unspecified , < 13.1.05.8 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:09:22.670Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022\u0026month=07"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Samsung Gallery",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "13.1.05.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "LOW",
                  "baseScore": 3.5,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 : Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-11T13:37:40.000Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "Samsung Mobile"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022\u0026month=07"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "mobile.security@samsung.com",
              "ID": "CVE-2022-33706",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Samsung Gallery",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "",
                                "version_value": "13.1.05.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Samsung Mobile"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 : Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022\u0026month=07",
                  "refsource": "MISC",
                  "url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022\u0026month=07"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "Samsung Mobile",
        "cveId": "CVE-2022-33706",
        "datePublished": "2022-07-11T13:37:40.000Z",
        "dateReserved": "2022-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T08:09:22.670Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-20969 (GCVE-0-2025-20969)

    Vulnerability from cvelistv5 – Published: 2025-05-07 08:24 – Updated: 2025-05-07 15:51
    VLAI
    Summary
    Improper input validation in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows local attackers to access data within Samsung Gallery.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-20 - Improper Input Validation
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Gallery Unaffected: 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20969",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-07T15:49:24.426858Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T15:51:19.190Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Gallery",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper input validation in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows local attackers to access data within Samsung Gallery."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.5,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "LOW",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-20: Improper Input Validation",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-07T08:24:24.722Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=05"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2025-20969",
        "datePublished": "2025-05-07T08:24:24.722Z",
        "dateReserved": "2024-11-06T02:30:14.867Z",
        "dateUpdated": "2025-05-07T15:51:19.190Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-20968 (GCVE-0-2025-20968)

    Vulnerability from cvelistv5 – Published: 2025-05-07 08:24 – Updated: 2025-05-07 16:12
    VLAI
    Summary
    Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Gallery Unaffected: 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20968",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-07T15:51:55.951288Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T16:12:06.660Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Gallery",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows remote attackers to access data and perform internal operations within Samsung Gallery."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-284 Improper Access Control",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-07T08:24:23.488Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=05"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2025-20968",
        "datePublished": "2025-05-07T08:24:23.488Z",
        "dateReserved": "2024-11-06T02:30:14.866Z",
        "dateUpdated": "2025-05-07T16:12:06.660Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-20967 (GCVE-0-2025-20967)

    Vulnerability from cvelistv5 – Published: 2025-05-07 08:24 – Updated: 2025-05-07 16:13
    VLAI
    Summary
    Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read and write arbitrary file with the privilege of Samsung Gallery.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Gallery Unaffected: 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20967",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-07T16:12:45.650686Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T16:13:00.363Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Gallery",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows attackers to read and write arbitrary file with the privilege of Samsung Gallery."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "LOCAL",
                "availabilityImpact": "NONE",
                "baseScore": 5.1,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "LOW",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-07T08:24:22.166Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=05"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2025-20967",
        "datePublished": "2025-05-07T08:24:22.166Z",
        "dateReserved": "2024-11-06T02:30:14.866Z",
        "dateUpdated": "2025-05-07T16:13:00.363Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-20966 (GCVE-0-2025-20966)

    Vulnerability from cvelistv5 – Published: 2025-05-07 08:24 – Updated: 2025-05-07 16:16
    VLAI
    Summary
    Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across multiple user profiles.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-284 - Improper Access Control
    Assigner
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Gallery Unaffected: 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-20966",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-07T16:14:52.278383Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-05-07T16:16:19.184Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "affected",
              "product": "Samsung Gallery",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "status": "unaffected",
                  "version": "14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control in Samsung Gallery prior to version 14.5.10.3 in Global Android 13, 14.5.09.3 in China Android 13, and 15.5.04.5 in Android 14 allows physical attackers to access data across multiple user profiles."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "NONE",
                "baseScore": 4.6,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-284: Improper Access Control",
                  "lang": "en"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-05-07T08:24:20.945Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "SamsungMobile"
          },
          "references": [
            {
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year=2025\u0026month=05"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "SamsungMobile",
        "cveId": "CVE-2025-20966",
        "datePublished": "2025-05-07T08:24:20.945Z",
        "dateReserved": "2024-11-06T02:30:14.866Z",
        "dateUpdated": "2025-05-07T16:16:19.184Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2022-33706 (GCVE-0-2022-33706)

    Vulnerability from cvelistv5 – Published: 2022-07-11 13:37 – Updated: 2024-08-03 08:09
    VLAI
    Summary
    Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture.
    Severity
    No CVSS data available.
    CWE
    • CWE-284 - : Improper Access Control
    Assigner
    References
    Impacted products
    Vendor Product Version
    Samsung Mobile Samsung Gallery Affected: unspecified , < 13.1.05.8 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-03T08:09:22.670Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022\u0026month=07"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "Samsung Gallery",
              "vendor": "Samsung Mobile",
              "versions": [
                {
                  "lessThan": "13.1.05.8",
                  "status": "affected",
                  "version": "unspecified",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture."
            }
          ],
          "metrics": [
            {
              "other": {
                "content": {
                  "attackComplexity": "LOW",
                  "attackVector": "PHYSICAL",
                  "availabilityImpact": "LOW",
                  "baseScore": 3.5,
                  "baseSeverity": "LOW",
                  "confidentialityImpact": "LOW",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"
                },
                "type": "unknown"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-284",
                  "description": "CWE-284 : Improper Access Control",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2022-07-11T13:37:40.000Z",
            "orgId": "3af57064-a867-422c-b2ad-40307b65c458",
            "shortName": "Samsung Mobile"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022\u0026month=07"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "mobile.security@samsung.com",
              "ID": "CVE-2022-33706",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "Samsung Gallery",
                          "version": {
                            "version_data": [
                              {
                                "version_affected": "\u003c",
                                "version_name": "",
                                "version_value": "13.1.05.8"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "Samsung Mobile"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Improper access control vulnerability in Samsung Gallery prior to version 13.1.05.8 allows physical attackers to access the pictures using S Pen air gesture."
                }
              ]
            },
            "impact": {
              "cvss": {
                "attackComplexity": "LOW",
                "attackVector": "PHYSICAL",
                "availabilityImpact": "LOW",
                "baseScore": 3.5,
                "baseSeverity": "LOW",
                "confidentialityImpact": "LOW",
                "integrityImpact": "NONE",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "CWE-284 : Improper Access Control"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022\u0026month=07",
                  "refsource": "MISC",
                  "url": "https://security.samsungmobile.com/serviceWeb.smsb?year==2022\u0026month=07"
                }
              ]
            },
            "source": {
              "discovery": "UNKNOWN"
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "3af57064-a867-422c-b2ad-40307b65c458",
        "assignerShortName": "Samsung Mobile",
        "cveId": "CVE-2022-33706",
        "datePublished": "2022-07-11T13:37:40.000Z",
        "dateReserved": "2022-06-15T00:00:00.000Z",
        "dateUpdated": "2024-08-03T08:09:22.670Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }