Filtered by vendor Samsung
Subscribe
Total
656 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-4034 | 1 Samsung | 1 Galaxy S5 | 2016-12-05 | 7.9 HIGH | N/A |
| The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a serialized MethodSpec object. | |||||
| CVE-2015-3435 | 1 Samsung | 1 Samsung Security Manager | 2016-12-05 | 10.0 HIGH | N/A |
| Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request. | |||||
| CVE-2016-7990 | 2 Google, Samsung | 6 Android, Galaxy S4, Galaxy S4 Mini and 3 more | 2016-12-02 | 10.0 HIGH | 9.8 CRITICAL |
| On Samsung Galaxy S4 through S7 devices, an integer overflow condition exists within libomacp.so when parsing OMACP messages (within WAP Push SMS messages) leading to a heap corruption that can result in Denial of Service and potentially remote code execution, a subset of SVE-2016-6542. | |||||
| CVE-2016-7991 | 2 Google, Samsung | 6 Android, Galaxy S4, Galaxy S4 Mini and 3 more | 2016-12-02 | 7.8 HIGH | 7.5 HIGH |
| On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset of SVE-2016-6542. | |||||
| CVE-2016-7988 | 2 Google, Samsung | 6 Android, Galaxy S4, Galaxy S4 Mini and 3 more | 2016-12-02 | 7.8 HIGH | 7.5 HIGH |
| On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework, a subset of SVE-2016-6542. | |||||
| CVE-2016-7989 | 2 Google, Samsung | 6 Android, Galaxy S4, Galaxy S4 Mini and 3 more | 2016-12-02 | 7.8 HIGH | 7.5 HIGH |
| On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the WifiServiceImpl class within wifi-service.jar. This causes the Android runtime to continually crash, rendering the device unusable until a factory reset is performed, a subset of SVE-2016-6542. | |||||
| CVE-2016-9277 | 1 Samsung | 1 Samsung Mobile | 2016-11-29 | 7.8 HIGH | 7.5 HIGH |
| Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note devices allows attackers to cause a denial of service (UI restart) via vectors involving APIs and an activity that computes an out-of-bounds array index, aka SVE-2016-6906. | |||||
| CVE-2016-9567 | 1 Samsung | 1 Samsung Mobile | 2016-11-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a conversation. The Samsung ID is SVE-2016-6343. | |||||
| CVE-2016-7160 | 1 Samsung | 1 Samsung Mobile | 2016-11-28 | 7.8 HIGH | 7.5 HIGH |
| A vulnerability on Samsung Mobile M(6.0) devices exists because external access to SystemUI activities is not properly restricted, leading to a SystemUI crash and device restart, aka SVE-2016-6248. | |||||
| CVE-2015-8040 | 1 Samsung | 1 Smartviewer | 2016-11-28 | 6.8 MEDIUM | N/A |
| The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung SmartViewer allows remote attackers to execute arbitrary code via an index value. | |||||
| CVE-2015-0555 | 1 Samsung | 1 Ipolis Device Manager | 2016-03-31 | 6.8 MEDIUM | N/A |
| Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code via a long string in the first argument to the (1) ReadConfigValue or (2) WriteConfigValue function. | |||||
| CVE-2015-8280 | 1 Samsung | 1 Web Viewer | 2016-01-21 | 5.0 MEDIUM | 7.5 HIGH |
| Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to discover credentials by reading detailed error messages. | |||||
| CVE-2015-8281 | 1 Samsung | 1 Web Viewer | 2016-01-20 | 7.8 HIGH | 7.5 HIGH |
| Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows attackers to bypass filesystem encryption via XOR calculations. | |||||
| CVE-2015-8279 | 1 Samsung | 1 Web Viewer | 2016-01-20 | 5.0 MEDIUM | 8.6 HIGH |
| Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script. | |||||
| CVE-2015-7897 | 1 Samsung | 1 Galaxy S6 | 2015-11-17 | 7.5 HIGH | N/A |
| The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial of service (memory corruption) via a crafted BMP image file. | |||||
| CVE-2012-6334 | 1 Samsung | 4 Galaxy Note 2, Galaxy S, Galaxy S2 and 1 more | 2015-11-10 | 2.9 LOW | N/A |
| The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer." | |||||
| CVE-2014-9266 | 1 Samsung | 1 Smart Viewer | 2014-12-23 | 6.8 MEDIUM | N/A |
| The STWConfig ActiveX control in Samsung SmartViewer does not properly initialize a variable, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-9265 | 1 Samsung | 1 Smartviewer | 2014-12-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-8346 | 1 Samsung | 2 Findmymobile, Mobile | 2014-10-24 | 7.8 HIGH | N/A |
| The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic. | |||||
| CVE-2014-3911 | 1 Samsung | 1 Ipolis Device Manager | 2014-06-12 | 9.3 HIGH | N/A |
| Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control. | |||||