Filtered by vendor Samsung
Subscribe
Total
951 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-5859 | 1 Samsung | 1 Kies Air | 2017-08-29 | 5.0 MEDIUM | N/A |
| Samsung Kies Air 2.1.207051 and 2.1.210161 allows remote attackers to cause a denial of service (crash) via a crafted request to www/apps/KiesAir/jws/ssd.php. | |||||
| CVE-2012-5858 | 1 Samsung | 1 Kies Air | 2017-08-29 | 4.3 MEDIUM | N/A |
| Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address for authentication, which allows remote man-in-the-middle attackers to read arbitrary phone contents by spoofing or controlling the IP address. | |||||
| CVE-2012-4335 | 1 Samsung | 1 Net-i Viewer | 2017-08-29 | 7.8 HIGH | N/A |
| Samsung NET-i viewer 1.37.120316 allows remote attackers to cause a denial of service (infinite loop) via a negative size value in a TCP request to (1) NiwMasterService or (2) NiwStorageService. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-4334 | 1 Samsung | 1 Net-i Viewer | 2017-08-29 | 10.0 HIGH | N/A |
| The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i viewer 1.37.120316 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-4333 | 1 Samsung | 1 Net-i Viewer | 2017-08-29 | 10.0 HIGH | N/A |
| Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to execute arbitrary code via a long string in the fname parameter. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2012-4250 | 1 Samsung | 1 Net-i Viewer | 2017-08-29 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls31.dll in Samsung NET-i viewer 1.37 allows remote attackers to execute arbitrary code via a long string in the first argument. | |||||
| CVE-2012-4050 | 2 Google, Samsung | 5 Chrome Os, Cr-48 Chromebook, Chromebox 3 and 2 more | 2017-08-29 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google Chrome OS before 21.0.1180.50 on the Cr-48 and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, have unknown impact and attack vectors. | |||||
| CVE-2015-7894 | 1 Samsung | 2 Galaxy S6 Edge, Galaxy S6 Edge Firmware | 2017-08-24 | 6.8 MEDIUM | 8.8 HIGH |
| The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process crash) and execute arbitrary code via a crafted JPG. | |||||
| CVE-2015-7891 | 1 Samsung | 1 Samsung Mobile | 2017-08-04 | 4.4 MEDIUM | 7.0 HIGH |
| Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598. | |||||
| CVE-2015-7898 | 1 Samsung | 2 Galaxy S6, Samsung Mobile | 2017-07-03 | 2.1 LOW | 5.5 MEDIUM |
| Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). | |||||
| CVE-2015-7895 | 1 Samsung | 2 Galaxy S6, Samsung Mobile | 2017-07-03 | 2.1 LOW | 5.5 MEDIUM |
| Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). | |||||
| CVE-2015-7888 | 1 Samsung | 2 Galaxy S6 Edge, Galaxy S6 Edge Firmware | 2017-06-14 | 7.8 HIGH | 7.5 HIGH |
| Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download. | |||||
| CVE-2015-5473 | 1 Samsung | 1 Syncthru 6 | 2017-06-12 | 10.0 HIGH | 9.8 CRITICAL |
| Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver. | |||||
| CVE-2016-1350 | 6 Cisco, Lenovo, Samsung and 3 more | 6 Ios Xe, Thinkcentre E75s Firmware, X14j Firmware and 3 more | 2017-05-12 | 7.8 HIGH | 7.5 HIGH |
| Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293. | |||||
| CVE-2016-1344 | 7 Cisco, Lenovo, Netgear and 4 more | 7 Ios Xe, Thinkcentre E75s Firmware, Jr6150 Firmware and 4 more | 2017-05-12 | 7.1 HIGH | 5.9 MEDIUM |
| The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417. | |||||
| CVE-2016-4032 | 1 Samsung | 10 Galaxy Note 3, Galaxy Note 3 Firmware, Galaxy S4 and 7 more | 2017-04-25 | 2.1 LOW | 4.6 MEDIUM |
| Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301. | |||||
| CVE-2016-4030 | 1 Samsung | 10 Galaxy Note 3, Galaxy Note 3 Firmware, Galaxy S4 and 7 more | 2017-04-25 | 4.6 MEDIUM | 6.8 MEDIUM |
| Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the modem in USB configuration number 2 within the secure lockscreen state, allowing an attacker to make phone calls, send text messages, or issue commands, aka SVE-2016-5301. | |||||
| CVE-2016-4031 | 1 Samsung | 10 Galaxy Note 3, Galaxy Note 3 Firmware, Galaxy S4 and 7 more | 2017-04-25 | 4.6 MEDIUM | 6.8 MEDIUM |
| Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices allow attackers to send AT commands by plugging the device into a Linux host, aka SVE-2016-5301. | |||||
| CVE-2016-2567 | 1 Samsung | 4 Galaxy Note 3, Galaxy Note 3 Firmware, Galaxy S6 and 1 more | 2017-04-25 | 2.1 LOW | 3.3 LOW |
| secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by the http://should-have-been-filtered.example.com/?http://google.com URL. | |||||
| CVE-2016-2036 | 1 Samsung | 4 Galaxy Note 3, Galaxy Note 3 Firmware, Galaxy S6 and 1 more | 2017-04-25 | 2.1 LOW | 5.5 MEDIUM |
| The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a "GET HTTP/1.1" request, aka SVE-2016-5036. | |||||