Filtered by vendor Samsung
Subscribe
Total
1324 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-8280 | 1 Samsung | 1 Web Viewer | 2016-01-21 | 5.0 MEDIUM | 7.5 HIGH |
| Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to discover credentials by reading detailed error messages. | |||||
| CVE-2015-8281 | 1 Samsung | 1 Web Viewer | 2016-01-20 | 7.8 HIGH | 7.5 HIGH |
| Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows attackers to bypass filesystem encryption via XOR calculations. | |||||
| CVE-2015-8279 | 1 Samsung | 1 Web Viewer | 2016-01-20 | 5.0 MEDIUM | 8.6 HIGH |
| Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script. | |||||
| CVE-2015-7897 | 1 Samsung | 1 Galaxy S6 | 2015-11-17 | 7.5 HIGH | N/A |
| The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial of service (memory corruption) via a crafted BMP image file. | |||||
| CVE-2012-6334 | 1 Samsung | 4 Galaxy Note 2, Galaxy S, Galaxy S2 and 1 more | 2015-11-10 | 2.9 LOW | N/A |
| The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer." | |||||
| CVE-2014-9266 | 1 Samsung | 1 Smart Viewer | 2014-12-23 | 6.8 MEDIUM | N/A |
| The STWConfig ActiveX control in Samsung SmartViewer does not properly initialize a variable, which allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-9265 | 1 Samsung | 1 Smartviewer | 2014-12-09 | 6.8 MEDIUM | N/A |
| Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors. | |||||
| CVE-2014-8346 | 1 Samsung | 2 Findmymobile, Mobile | 2014-10-24 | 7.8 HIGH | N/A |
| The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic. | |||||
| CVE-2014-3911 | 1 Samsung | 1 Ipolis Device Manager | 2014-06-12 | 9.3 HIGH | N/A |
| Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control. | |||||
| CVE-2014-3912 | 1 Samsung | 1 Ipolis Device Manager | 2014-06-06 | 9.3 HIGH | N/A |
| Stack-based buffer overflow in the FindConfigChildeKeyList method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control in Samsung iPOLiS Device Manager before 1.8.7 allows remote attackers to execute arbitrary code via a long value. | |||||
| CVE-2013-3585 | 1 Samsung | 2 Dvr, Smart Viewer | 2013-10-07 | 5.0 MEDIUM | N/A |
| Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file or (2) the user-setup web page. | |||||
| CVE-2013-3964 | 1 Samsung | 2 Shr-5082, Shr-5162 | 2013-10-02 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in Samsung SHR-5162, SHR-5082, and possibly other models, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | |||||
| CVE-2013-3586 | 1 Samsung | 2 Dvr, Smart Viewer | 2013-08-29 | 7.6 HIGH | N/A |
| Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie. | |||||
| CVE-2013-4890 | 1 Samsung | 2 Ps50c7700 Television, Ps50c7700 Television Firmware | 2013-07-23 | 7.8 HIGH | N/A |
| The DMCRUIS/0.1 web server on the Samsung PS50C7700 TV allows remote attackers to cause a denial of service (daemon crash) via a long URI to TCP port 5600. | |||||
| CVE-2012-6337 | 1 Samsung | 4 Galaxy Note 2, Galaxy S, Galaxy S2 and 1 more | 2012-12-31 | 3.3 LOW | N/A |
| The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data. | |||||
| CVE-2012-6422 | 2 Meizu, Samsung | 3 Mx, Galaxy Note 2, Galaxy S2 | 2012-12-21 | 9.3 HIGH | N/A |
| The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse. | |||||
| CVE-2012-4964 | 1 Samsung | 1 Printer Firmware | 2012-11-28 | 7.5 HIGH | N/A |
| The Samsung printer firmware before 20121031 has a hardcoded read-write SNMP community, which makes it easier for remote attackers to obtain administrative access via an SNMP request. | |||||
| CVE-2012-2990 | 1 Samsung | 1 Kies | 2012-08-29 | 9.3 HIGH | N/A |
| The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller.dll in MarkAny ContentSAFER, as distributed in Samsung KIES before 2.3.2.12074_13_13, does not properly implement unspecified methods, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted HTML document. | |||||
| CVE-2012-2980 | 5 Att, Htc, Samsung and 2 more | 9 Status, Chacha, Desire and 6 more | 2012-08-21 | 7.1 HIGH | N/A |
| The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages. | |||||
| CVE-2012-3290 | 3 Acer, Google, Samsung | 6 Ac700 Chromebook, Chrome Os, Cr-48 Chromebook and 3 more | 2012-06-12 | 10.0 HIGH | N/A |
| Multiple unspecified vulnerabilities in Google Chrome before 20.0.1132.22 on the Acer AC700; Samsung Series 5, 5 550, and Chromebox 3; and Cr-48 Chromebook platforms have unknown impact and attack vectors. | |||||