Filtered by vendor Samsung
Subscribe
Total
656 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-21424 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 3.3 LOW |
Improper Handling of Insufficient Permissions or Privileges vulnerability in SemChameleonHelper prior to SMR Jan-2023 Release 1 allows attacker to modify network related values, network code, carrier id and operator brand. | |||||
CVE-2023-21423 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 5.5 MEDIUM |
Improper authorization vulnerability in ChnFileShareKit prior to SMR Jan-2023 Release 1 allows attacker to control BLE advertising without permission using unprotected action. | |||||
CVE-2023-21422 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 5.5 MEDIUM |
Improper authorization vulnerability in semAddPublicDnsAddr in WifiSevice prior to SMR Jan-2023 Release 1 allows attackers to set custom DNS server without permission via binding WifiService. | |||||
CVE-2023-21421 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 7.8 HIGH |
Improper Handling of Insufficient Permissions or Privileges vulnerability in KnoxCustomManagerService prior to SMR Jan-2023 Release 1 allows attacker to access device SIM PIN. | |||||
CVE-2023-21442 | 1 Samsung | 1 Android | 2023-02-21 | N/A | 5.5 MEDIUM |
Improper access control vulnerability in Runestone application prior to version 2.9.09.003 in Android R(11) and 3.2.01.007 in Android S(12) allows local attackers to get device location information. | |||||
CVE-2023-21432 | 1 Samsung | 1 Smart Things | 2023-02-21 | N/A | 7.8 HIGH |
Improper access control vulnerabilities in Smart Things prior to 1.7.93 allows to attacker to invite others without authorization of the owner. | |||||
CVE-2023-21445 | 1 Samsung | 1 Android | 2023-02-17 | N/A | 7.8 HIGH |
Improper access control vulnerability in MyFiles prior to versions 12.2.09 in Android R(11), 13.1.03.501 in Android S(12) and 14.1.00.422 in Android T(13) allows local attacker to write file with MyFiles privilege via implicit intent. | |||||
CVE-2023-21446 | 1 Samsung | 1 Android | 2023-02-17 | N/A | 5.5 MEDIUM |
Improper input validation in MyFiles prior to version 12.2.09 in Android R(11), 13.1.03.501 in Android S( 12) and 14.1.00.422 in Android T(13) allows local attacker to access data of MyFiles. | |||||
CVE-2023-21420 | 1 Samsung | 1 Android | 2023-02-17 | N/A | 7.8 HIGH |
Use of Externally-Controlled Format String vulnerabilities in STST TA prior to SMR Jan-2023 Release 1 allows arbitrary code execution. | |||||
CVE-2023-21451 | 1 Samsung | 1 Android | 2023-02-17 | N/A | 7.8 HIGH |
A Stack-based overflow vulnerability in IpcRxEmbmsSessionList in SECRIL prior to Android S(12) allows attacker to cause memory corruptions. | |||||
CVE-2023-21450 | 1 Samsung | 1 One Hand Operation \+ | 2023-02-17 | N/A | 2.1 LOW |
Missing Authorization vulnerability in One Hand Operation + prior to version 6.1.21 allows multi-users to access owner's widget without authorization via gesture setting. | |||||
CVE-2023-21448 | 1 Samsung | 1 Cloud | 2023-02-17 | N/A | 3.3 LOW |
Path traversal vulnerability in Samsung Cloud prior to version 5.3.0.32 allows attacker to access specific png file. | |||||
CVE-2023-21447 | 1 Samsung | 1 Cloud | 2023-02-17 | N/A | 3.3 LOW |
Improper access control vulnerabilities in Samsung Cloud prior to version 5.3.0.32 allows local attackers to access information with Samsung Cloud's privilege via implicit intent. | |||||
CVE-2023-21444 | 1 Samsung | 1 Flow | 2023-02-17 | N/A | 8.8 HIGH |
Improper cryptographic implementation in Samsung Flow for PC 4.9.14.0 allows adjacent attackers to decrypt encrypted messages or inject commands. | |||||
CVE-2023-21443 | 1 Samsung | 1 Flow | 2023-02-17 | N/A | 8.8 HIGH |
Improper cryptographic implementation in Samsung Flow for Android prior to version 4.9.04 allows adjacent attackers to decrypt encrypted messages or inject commands. | |||||
CVE-2023-21433 | 1 Samsung | 1 Galaxy Store | 2023-02-17 | N/A | 7.8 HIGH |
Improper access control vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to install applications from Galaxy Store. | |||||
CVE-2023-21431 | 1 Samsung | 1 Bixby Vision | 2023-02-17 | N/A | 3.3 LOW |
Improper input validation in Bixby Vision prior to version 3.7.70.17 allows attacker to access data of Bixby Vision. | |||||
CVE-2023-21434 | 1 Samsung | 1 Galaxy Store | 2023-02-17 | N/A | 6.1 MEDIUM |
Improper input validation vulnerability in Galaxy Store prior to version 4.5.49.8 allows local attackers to execute JavaScript by launching a web page. | |||||
CVE-2018-3912 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2023-02-16 | 6.9 MEDIUM | 7.8 HIGH |
On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. The strcpy call overflows the destination buffer, which has a size of 128 bytes. An attacker can send an arbitrarily long "secretKey" value in order to exploit this vulnerability. | |||||
CVE-2018-21054 | 5 Google, Mediatek, Qualcomm and 2 more | 14 Android, M6737t, Msm8909 and 11 more | 2023-02-11 | 7.5 HIGH | 9.8 CRITICAL |
An issue was discovered on Samsung mobile devices with M(6.0), N(7.x) and O(8.x) except exynos9610/9820 in all Platforms, M(6.0) except MSM8909 SC77xx/9830 exynos3470/5420, N(7.0) except MSM8939, N(7.1) except MSM8996 SDM6xx/M6737T software. There is an integer underflow with a resultant buffer overflow in eCryptFS. The Samsung ID is SVE-2017-11857 (September 2018). |