Filtered by vendor Samsung Subscriptions
Filtered by product Members Subscriptions
Total 8 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-30703 1 Samsung 1 Members 2024-11-21 3.3 Low
Improper URL validation vulnerability in Samsung Members prior to version 14.0.07.1 allows attackers to access sensitive information.
CVE-2022-30748 1 Samsung 1 Members 2024-11-21 4 Medium
Unprotected dynamic receiver in Samsung Members prior to version 4.2.005 allows attacker to launch arbitrary activity.
CVE-2022-28777 1 Samsung 1 Members 2024-11-21 4.3 Medium
Improper access control vulnerability in Samsung Members prior to version 13.6.08.5 allows local attacker to execute call function without CALL_PHONE permission.
CVE-2021-25439 2 Google, Samsung 2 Android, Members 2024-11-21 3.3 Low
Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause arbitrary webpage loading in webview.
CVE-2021-25438 2 Google, Samsung 2 Android, Members 2024-11-21 7.8 High
Improper access control vulnerability in Samsung Members prior to versions 2.4.85.11 in Android O(8.1) and below, and 3.9.10.11 in Android P(9.0) and above allows untrusted applications to cause local file inclusion in webview.
CVE-2021-25374 2 Google, Samsung 2 Android, Members 2024-11-21 8.6 High
An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account.
CVE-2021-25343 2 Google, Samsung 2 Android, Members 2024-11-21 4 Medium
Calling of non-existent provider in Samsung Members prior to version 2.4.81.13 (in Android O(8.1) and below) and 3.8.00.13 (in Android P(9.0) and above) allows unauthorized actions including denial of service attack by hijacking the provider.
CVE-2021-25342 2 Google, Samsung 2 Android, Members 2024-11-21 4 Medium
Calling of non-existent provider in SMP sdk prior to version 3.0.9 allows unauthorized actions including denial of service attack by hijacking the provider.