Filtered by vendor Samsung
Subscribe
Total
656 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2018-10498 | 1 Samsung | 1 Samsung Email | 2019-10-09 | 2.1 LOW | 5.5 MEDIUM |
This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of file:/// URIs. The issue lies in the lack of proper validation of user-supplied data, which can allow for reading arbitrary files. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges. Was ZDI-CAN-5329. | |||||
CVE-2018-10497 | 1 Samsung | 1 Samsung Email | 2019-10-09 | 4.6 MEDIUM | 7.8 HIGH |
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of EML files. The issue results from the lack of proper validation of user-supplied data, which can allow arbitrary JavaScript to execute. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the application. Was ZDI-CAN-5328. | |||||
CVE-2018-10496 | 1 Samsung | 1 Samsung Internet Browser | 2019-10-09 | 6.8 MEDIUM | 8.8 HIGH |
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Internet Browser Fixed in version 6.4.0.15. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TypedArray objects. The issue results from the lack of validating the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5326. | |||||
CVE-2017-3218 | 1 Samsung | 1 Magician | 2019-10-09 | 8.3 HIGH | 8.8 HIGH |
Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates. | |||||
CVE-2017-15361 | 35 Acer, Aopen, Asi and 32 more | 126 C720 Chromebook, Chromebase, Chromebase 24 and 123 more | 2019-10-02 | 4.3 MEDIUM | 5.9 MEDIUM |
The Infineon RSA library 1.02.013 in Infineon Trusted Platform Module (TPM) firmware, such as versions before 0000000000000422 - 4.34, before 000000000000062b - 6.43, and before 0000000000008521 - 133.33, mishandles RSA key generation, which makes it easier for attackers to defeat various cryptographic protection mechanisms via targeted attacks, aka ROCA. Examples of affected technologies include BitLocker with TPM 1.2, YubiKey 4 (before 4.3.5) PGP key generation, and the Cached User Data encryption feature in Chrome OS. | |||||
CVE-2017-5350 | 1 Samsung | 1 Samsung Mobile | 2019-10-02 | 5.0 MEDIUM | 7.5 HIGH |
Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allow attackers to crash systemUI by leveraging incomplete exception handling. The Samsung ID is SVE-2016-7122. | |||||
CVE-2018-12037 | 2 Micron, Samsung | 14 Crucial Mx100, Crucial Mx100 Firmware, Crucial Mx200 and 11 more | 2019-10-02 | 1.9 LOW | 4.0 MEDIUM |
An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. Absence of a cryptographic link between the password and the Disk Encryption Key allows attackers with privileged access to SSD firmware full access to encrypted data. | |||||
CVE-2018-17969 | 1 Samsung | 2 Scx-6545x, Scx-6545x Firmware | 2019-10-02 | 5.0 MEDIUM | 9.8 CRITICAL |
Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote attackers to discover cleartext credentials via iso.3.6.1.4.1.236.11.5.11.81.10.1.5.0 and iso.3.6.1.4.1.236.11.5.11.81.10.1.6.0 SNMP requests. | |||||
CVE-2018-6019 | 1 Samsung | 1 Display Solutions | 2019-10-02 | 4.3 MEDIUM | 5.9 MEDIUM |
Samsung Display Solutions App before 3.02 for Android allows man-in-the-middle attackers to spoof B2B content by leveraging failure to use encryption during information transmission. | |||||
CVE-2017-14262 | 1 Samsung | 8 Srn 1000, Srn 1000 Firmware, Srn 1670d and 5 more | 2019-10-02 | 9.3 HIGH | 8.1 HIGH |
On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter. | |||||
CVE-2015-4033 | 1 Samsung | 1 S-beam | 2019-07-03 | 3.3 LOW | N/A |
Samsung SBeam allows remote attackers to read arbitrary images by leveraging an NFC connection to access the HTTP server on port 15000. | |||||
CVE-2018-20135 | 1 Samsung | 1 Galaxy Apps | 2019-06-11 | 6.8 MEDIUM | 8.1 HIGH |
Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostname used for load balancing on installations of applications through a man-in-the-middle attack. An attacker may trick Galaxy Apps into using an arbitrary hostname for which the attacker can provide a valid SSL certificate, and emulate the API of the app store to modify existing apps at installation time. The specific flaw involves an HTTP method to obtain the load-balanced hostname that enforces SSL only after obtaining a hostname from the load balancer, and a missing app signature validation in the application XML. An attacker can exploit this vulnerability to achieve Remote Code Execution on the device. The Samsung ID is SVE-2018-12071. | |||||
CVE-2019-12315 | 1 Samsung | 2 Scx-824, Scx-824 Firmware | 2019-05-28 | 4.3 MEDIUM | 6.1 MEDIUM |
Samsung SCX-824 printers allow a reflected Cross-Site-Scripting (XSS) vulnerability that can be triggered by using the "print from file" feature, as demonstrated by the sws/swsAlert.sws?popupid=successMsg msg parameter. | |||||
CVE-2019-12087 | 1 Samsung | 6 S10, S10 Firmware, S9\+ and 3 more | 2019-05-16 | 4.9 MEDIUM | 5.5 MEDIUM |
** DISPUTED ** Samsung S9+, S10, and XCover 4 P(9.0) devices can become temporarily inoperable because of an unprotected intent in the ContainerAgent application. For example, the victim becomes stuck in a launcher with their Secure Folder locked. NOTE: the researcher mentions "the Samsung Security Team considered this issue as no/little security impact." | |||||
CVE-2018-14745 | 1 Samsung | 2 Galaxy S6, Galaxy S6 Firmware | 2019-04-01 | 5.8 MEDIUM | 8.8 HIGH |
Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to overwrite kernel memory due to improper validation of the ring buffer read pointer. The Samsung ID is SVE-2018-12029. | |||||
CVE-2019-7421 | 1 Samsung | 3 Syncthru Web Service, X7400gx, X7400gx Firmware | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple parameters: contextpath and basedURL. | |||||
CVE-2019-7418 | 1 Samsung | 3 Syncthru Web Service, X7400gx, X7400gx Firmware | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc. | |||||
CVE-2019-7419 | 1 Samsung | 3 Syncthru Web Service, X7400gx, X7400gx Firmware | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title. | |||||
CVE-2019-7420 | 1 Samsung | 3 Syncthru Web Service, X7400gx, X7400gx Firmware | 2019-03-25 | 4.3 MEDIUM | 6.1 MEDIUM |
XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.application/information/networkinformationView.sws" in the tabName parameter. | |||||
CVE-2018-14852 | 1 Samsung | 2 Galaxy S6, Galaxy S6 Firmware | 2019-01-08 | 5.8 MEDIUM | 6.3 MEDIUM |
Out-of-bounds array access in dhd_rx_frame in drivers/net/wireless/bcmdhd4358/dhd_linux.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to cause invalid accesses to operating system memory due to improper validation of the network interface index provided by the Wi-Fi chip's firmware. |