Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Samsung Subscribe
Total 656 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-17859 1 Samsung 1 Internet Browser 2018-01-16 4.3 MEDIUM 6.1 MEDIUM
Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML file does not have a document.domain value corresponding to the domain that is hosting the MHTML file, but instead has a document.domain value corresponding to an arbitrary URL within the content of the MHTML file.
CVE-2017-17692 1 Samsung 1 Internet Browser 2018-01-09 5.0 MEDIUM 7.5 HIGH
Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property.
CVE-2015-7268 2 Samsung, Seagate 8 850 Pro, 850 Pro Firmware, Pm851 and 5 more 2017-12-20 1.9 LOW 4.2 MEDIUM
Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or ThinkPad W541 laptops with BIOS 2.21, or in Opal or eDrive mode on Dell Latitude E6410 laptops with BIOS A16 or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by triggering a soft reset and booting from an alternative OS, aka a "Forced Restart Attack."
CVE-2015-7267 2 Samsung, Seagate 8 850 Pro, 850 Pro Firmware, Pm851 and 5 more 2017-12-20 1.9 LOW 4.2 MEDIUM
Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a "Hot Plug attack."
CVE-2017-16524 2 Hanwhasecurity, Samsung 2 Web Viewer, Srn-1670d 2017-11-29 6.5 MEDIUM 8.8 HIGH
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing Local File Read Vulnerability referenced as CVE-2015-8279, which allows remote attackers to read the web-interface credentials via a request for the cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI.
CVE-2001-1177 1 Samsung 2 Ml-85g Gdi Printer Driver, Ml-85p Printer Driver 2017-10-09 6.2 MEDIUM N/A
ml85p in Samsung ML-85G GDI printer driver before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
CVE-2015-7896 1 Samsung 2 Galaxy S6, Samsung Mobile 2017-10-02 4.3 MEDIUM 6.5 MEDIUM
LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file.
CVE-2008-4380 1 Samsung 1 Dvr Shr2040 2017-09-28 7.8 HIGH N/A
The web interface in Samsung DVR SHR2040 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, related to the filter for configuration properties and "/x" characters.
CVE-2012-0695 3 Acer, Google, Samsung 4 Ac700 Chromebook, Chrome Os, Cr-48 Chromebook and 1 more 2017-09-18 10.0 HIGH N/A
Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
CVE-2011-4548 3 Acer, Google, Samsung 4 Ac700 Chromebook, Chrome Os, Cr-48 Chromebook and 1 more 2017-09-18 10.0 HIGH N/A
Multiple unspecified vulnerabilities in Google Chrome before 16.0.912.44 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
CVE-2011-3421 3 Acer, Google, Samsung 4 Ac700 Chromebook, Chrome Os, Cr-48 Chromebook and 1 more 2017-09-18 10.0 HIGH N/A
Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.125 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
CVE-2011-3420 3 Acer, Google, Samsung 4 Ac700 Chromebook, Chrome Os, Cr-48 Chromebook and 1 more 2017-09-18 10.0 HIGH N/A
Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.157 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors.
CVE-2015-1499 1 Samsung 1 Samsung Security Manager 2017-09-07 8.5 HIGH N/A
The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete arbitrary files, and consequently cause a denial of service, via a DELETE request.
CVE-2015-1801 1 Samsung 2 Galaxy S4, Galaxy S4 Firmware 2017-08-29 10.0 HIGH 9.8 CRITICAL
The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to cause a denial of service (memory corruption) or gain privileges.
CVE-2015-1800 1 Samsung 2 Galaxy S4, Galaxy S4 Firmware 2017-08-29 5.0 MEDIUM 7.5 HIGH
The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to potentially obtain sensitive information.
CVE-2012-4333 1 Samsung 1 Net-i Viewer 2017-08-28 10.0 HIGH N/A
Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to execute arbitrary code via a long string in the fname parameter. NOTE: some of these details are obtained from third party information.
CVE-2012-4250 1 Samsung 1 Net-i Viewer 2017-08-28 9.3 HIGH N/A
Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls31.dll in Samsung NET-i viewer 1.37 allows remote attackers to execute arbitrary code via a long string in the first argument.
CVE-2012-4335 1 Samsung 1 Net-i Viewer 2017-08-28 7.8 HIGH N/A
Samsung NET-i viewer 1.37.120316 allows remote attackers to cause a denial of service (infinite loop) via a negative size value in a TCP request to (1) NiwMasterService or (2) NiwStorageService. NOTE: some of these details are obtained from third party information.
CVE-2012-4050 2 Google, Samsung 5 Chrome Os, Cr-48 Chromebook, Chromebox 3 and 2 more 2017-08-28 10.0 HIGH N/A
Multiple unspecified vulnerabilities in Google Chrome OS before 21.0.1180.50 on the Cr-48 and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, have unknown impact and attack vectors.
CVE-2012-4334 1 Samsung 1 Net-i Viewer 2017-08-28 10.0 HIGH N/A
The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i viewer 1.37.120316 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.