CVE-2022-22287
https://notcve.org/view.php?id=CVE-2022-22287
Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isolated data in sandbox. Una vulnerabilidad de acceso a archivos arbitrarios en Samsung Email versiones anteriores a 6.1.60.16, permite a un atacante leer datos aislados en el sandbox • https://security.samsungmobile.com/serviceWeb.smsb?year=2022&month=1 • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-25376
https://notcve.org/view.php?id=CVE-2021-25376
An improper synchronization logic in Samsung Email prior to version 6.1.41.0 can leak messages in certain mailbox in plain text when STARTTLS negotiation is failed. Una lógica de sincronización inapropiada en Samsung Email anterior a versión 6.1.41.0, puede filtrar mensajes en determinados buzones de correo en texto plano cuando se presenta un fallo en la negociación STARTTLS • https://security.samsungmobile.com https://security.samsungmobile.com/serviceWeb.smsb • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-662: Improper Synchronization •
CVE-2021-25375
https://notcve.org/view.php?id=CVE-2021-25375
Using predictable index for attachments in Samsung Email prior to version 6.1.41.0 allows remote attackers to get attachments of another emails when users open the malicious attachment. Un uso de índices predecibles para archivos adjuntos en Samsung Email anterior a versión 6.1.41.0, permite a atacantes remotos obtener archivos adjuntos de otros correos electrónicos cuando unos usuarios abren el archivo adjunto malicioso • https://security.samsungmobile.com https://security.samsungmobile.com/serviceWeb.smsb • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-330: Use of Insufficiently Random Values •
CVE-2018-10498 – Samsung Email Arbitrary File Read Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2018-10498
This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of file:/// URIs. The issue lies in the lack of proper validation of user-supplied data, which can allow for reading arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges. • https://zerodayinitiative.com/advisories/ZDI-18-557 • CWE-37: Path Traversal: '/absolute/pathname/here' CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2018-10497 – Samsung Email EML File Parsing Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2018-10497
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of EML files. The issue results from the lack of proper validation of user-supplied data, which can allow arbitrary JavaScript to execute. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. • https://zerodayinitiative.com/advisories/ZDI-18-556 • CWE-20: Improper Input Validation •