Filtered by vendor Samsung
Subscribe
Total
1539 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-10963 | 1 Samsung | 2 Knox Enterprise Mobility Management, Knox Identity Access Management | 2024-11-21 | 4.3 MEDIUM | 5.9 MEDIUM |
|
In Knox SDS IAM (Identity Access Management) and EMM (Enterprise Mobility Management) 16.11 on Samsung mobile devices, a man-in-the-middle attacker can install any application into the Knox container (without the user's knowledge) by inspecting network traffic from a Samsung server and injecting content at a certain point in the update sequence. This installed application can further leak information stored inside the Knox container to the outside world.
|
|||||
| CVE-2016-11050 | 1 Samsung | 10 Note2, Note2 Firmware, Note3 and 7 more | 2024-11-21 | 2.1 LOW | 4.3 MEDIUM |
|
An issue was discovered on Samsung mobile devices with S3(KK), Note2(KK), S4(L), Note3(L), and S5(L) software. An attacker can rewrite the IMEI by flashing crafted firmware. The Samsung ID is SVE-2016-5562 (March 2016).
|
|||||
| CVE-2016-11038 | 2 Google, Samsung | 7 Android, Galaxy Note 3, Galaxy Note 4 and 4 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with software through 2016-04-05 (incorporating the Samsung Professional Audio SDK). The Jack audio service doesn't implement access control for shared memory, leading to arbitrary code execution or privilege escalation. The Samsung ID is SVE-2016-5953 (July 2016).
|
|||||
| CVE-2016-11028 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a stack-based buffer overflow in the OTP TrustZone trustlet. The Samsung IDs are SVE-2016-7173 and SVE-2016-7174 (December 2016).
|
|||||
| CVE-2015-8546 | 2 Google, Samsung | 5 Android, Galaxy Note5, Galaxy S6 and 2 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
An issue was discovered on Samsung mobile devices with software through 2015-11-12, affecting the Galaxy S6/S6 Edge, Galaxy S6 Edge+, and Galaxy Note5 with the Shannon333 chipset. There is a stack-based buffer overflow in the baseband process that is exploitable for remote code execution via a fake base station. The Samsung ID is SVE-2015-5123 (December 2015).
|
|||||
| CVE-2015-7892 | 1 Samsung | 1 M2m1shot Driver | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
|
Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in the Samsung m2m1shot driver framework, as used in Samsung S6 Edge, allows local users to have unspecified impact via a large data.buf_out.num_planes value in an ioctl call.
|
|||||
| CVE-2015-7890 | 1 Samsung | 2 Galaxy S6 Edge, Galaxy S6 Edge Firmware | 2024-11-21 | 4.9 MEDIUM | 5.5 MEDIUM |
|
Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter.
|
|||||
| CVE-2013-4764 | 1 Samsung | 4 Galaxy S3, Galaxy S3 Firmware, Galaxy S4 and 1 more | 2024-11-21 | 2.1 LOW | 4.3 MEDIUM |
|
Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission.
|
|||||
| CVE-2013-4763 | 1 Samsung | 4 Galaxy S3, Galaxy S3 Firmware, Galaxy S4 and 1 more | 2024-11-21 | 2.1 LOW | 4.6 MEDIUM |
|
Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission.
|
|||||
| CVE-2012-3810 | 1 Samsung | 1 Kies | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Samsung Kies before 2.5.0.12094_27_11 has registry modification.
|
|||||
| CVE-2012-3809 | 1 Samsung | 1 Kies | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modification.
|
|||||
| CVE-2012-3808 | 1 Samsung | 1 Kies | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification.
|
|||||
| CVE-2012-3807 | 1 Samsung | 1 Kies | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
|
Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution.
|
|||||
| CVE-2012-3806 | 1 Samsung | 1 Kies | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
|
Samsung Kies before 2.5.0.12094_27_11 contains a NULL pointer dereference vulnerability which could allow remote attackers to perform a denial of service.
|
|||||
| CVE-2024-34662 | 1 Samsung | 1 Android | 2024-11-15 | N/A | 7.8 HIGH |
|
Improper access control in ActivityManager prior to SMR Oct-2024 Release 1 in select Android 12, 13 and SMR Sep-2024 Release 1 in select Android 14 allows local attackers to execute privileged behaviors.
|
|||||
| CVE-2024-34673 | 1 Samsung | 1 Android | 2024-11-13 | N/A | 5.5 MEDIUM |
|
Improper Input Validation in IpcProtocol in Modem prior to SMR Nov-2024 Release 1 allows local attackers to cause Denial-of-Service.
|
|||||
| CVE-2024-34682 | 1 Samsung | 1 Android | 2024-11-13 | N/A | 2.4 LOW |
|
Improper authorization in Settings prior to SMR Nov-2024 Release 1 allows physical attackers to access stored WiFi password in Maintenance Mode.
|
|||||
| CVE-2024-49403 | 1 Samsung | 1 Voice Recorder | 2024-11-13 | N/A | 4.6 MEDIUM |
|
Improper access control in Samsung Voice Recorder prior to version 21.5.40.37 allows physical attackers to access recording files on the lock screen.
|
|||||
| CVE-2024-49404 | 1 Samsung | 2 Android, Video Player | 2024-11-13 | N/A | 4.6 MEDIUM |
|
Improper Access Control in Samsung Video Player prior to versions 7.3.29.1 in Android 12, 7.3.36.1 in Android 13, and 7.3.41.230 in Android 14 allows physical attackers to access video file of other users.
|
|||||
| CVE-2024-49405 | 1 Samsung | 1 Pass | 2024-11-13 | N/A | 4.6 MEDIUM |
|
Improper authentication in Private Info in Samsung Pass in prior to version 4.4.04.7 allows physical attackers to access sensitive information in a specific scenario.
|
|||||
| CVE-2024-49406 | 1 Samsung | 1 Blockchain Keystore | 2024-11-13 | N/A | 4.4 MEDIUM |
|
Improper validation of integrity check value in Blockchain Keystore prior to version 1.3.16 allows local attackers to modify transaction. Root privilege is required for triggering this vulnerability.
|
|||||
| CVE-2024-49407 | 1 Samsung | 1 Flow | 2024-11-13 | N/A | 4.6 MEDIUM |
|
Improper access control in Samsung Flow prior to version 4.9.15.7 allows physical attackers to access data across multiple user profiles.
|
|||||
| CVE-2024-49408 | 1 Samsung | 2 Galaxy S24, Galaxy S24 Firmware | 2024-11-13 | N/A | 6.7 MEDIUM |
|
Out-of-bounds write in usb driver prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.
|
|||||
| CVE-2024-49409 | 1 Samsung | 2 Galaxy S24, Galaxy S24 Firmware | 2024-11-13 | N/A | 6.7 MEDIUM |
|
Out-of-bounds write in Battery Full Capacity node prior to Firmware update Sep-2024 Release on Galaxy S24 allows local attackers to write out-of-bounds memory. System privilege is required for triggering this vulnerability.
|
|||||
| CVE-2024-49401 | 1 Samsung | 1 Android | 2024-11-12 | N/A | 7.1 HIGH |
|
Improper input validation in Settings Suggestions prior to SMR Nov-2024 Release 1 allows local attackers to launch privileged activities.
|
|||||
| CVE-2024-34679 | 1 Samsung | 1 Android | 2024-11-12 | N/A | 7.1 HIGH |
|
Incorrect default permissions in Crane prior to SMR Nov-2024 Release 1 allows local attackers to access files with phone privilege.
|
|||||
| CVE-2024-34674 | 1 Samsung | 1 Android | 2024-11-12 | N/A | 4.6 MEDIUM |
|
Improper access control in Contacts prior to SMR Nov-2024 Release 1 allows physical attackers to access data across multiple user profiles.
|
|||||
| CVE-2024-34675 | 1 Samsung | 1 Android | 2024-11-12 | N/A | 4.6 MEDIUM |
|
Improper access control in Dex Mode prior to SMR Nov-2024 Release 1 allows physical attackers to temporarily access to unlocked screen.
|
|||||
| CVE-2024-34677 | 1 Samsung | 1 Android | 2024-11-12 | N/A | 3.3 LOW |
|
Exposure of sensitive information in System UI prior to SMR Nov-2024 Release 1 allow local attackers to make malicious apps appear as legitimate.
|
|||||
| CVE-2024-34680 | 1 Samsung | 1 Android | 2024-11-12 | N/A | 5.5 MEDIUM |
|
Use of implicit intent for sensitive communication in WlanTest prior to SMR Nov-2024 Release 1 allows local attackers to get sensitive information.
|
|||||
| CVE-2024-34676 | 1 Samsung | 1 Android | 2024-11-12 | N/A | 7.3 HIGH |
|
Out-of-bounds write in parsing subtitle file in libsubextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2024-34678 | 1 Samsung | 1 Android | 2024-11-12 | N/A | 7.8 HIGH |
|
Out-of-bounds write in libsapeextractor.so prior to SMR Nov-2024 Release 1 allows local attackers to cause memory corruption.
|
|||||
| CVE-2024-49402 | 1 Samsung | 1 Android | 2024-11-12 | N/A | 4.6 MEDIUM |
|
Improper input validation in Dressroom prior to SMR Nov-2024 Release 1 allow physical attackers to access data across multiple user profiles.
|
|||||
| CVE-2024-34668 | 1 Samsung | 1 Android | 2024-10-30 | N/A | 8.8 HIGH |
|
Out-of-bounds write in parsing h.263 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2024-34667 | 1 Samsung | 1 Android | 2024-10-30 | N/A | 8.8 HIGH |
|
Out-of-bounds write in parsing h.265 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2024-34666 | 1 Samsung | 1 Android | 2024-10-30 | N/A | 8.8 HIGH |
|
Out-of-bounds write in parsing h.264 format in a specific mode in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2024-34665 | 1 Samsung | 1 Android | 2024-10-30 | N/A | 8.8 HIGH |
|
Out-of-bounds write in parsing h.264 format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2024-34669 | 1 Samsung | 1 Android | 2024-10-30 | N/A | 8.8 HIGH |
|
Out-of-bounds write in parsing h.263+ format in librtppayload.so prior to SMR Oct-2024 Release 1 allows remote attackers to execute arbitrary code with system privilege. User interaction is required for triggering this vulnerability.
|
|||||
| CVE-2024-31960 | 1 Samsung | 4 Exynos 1480, Exynos 1480 Firmware, Exynos 2400 and 1 more | 2024-09-24 | N/A | 7.8 HIGH |
|
An issue was discovered in Samsung Mobile Processor Exynos 1480, Exynos 2400. The xclipse amdgpu driver has a reference count bug. This can lead to a use after free.
|
|||||
| CVE-2024-5760 | 2 Microsoft, Samsung | 2 Windows, Universal Print Driver | 2024-09-13 | N/A | 7.8 HIGH |
|
The Samsung Universal Print Driver for Windows is potentially vulnerable to escalation of privilege allowing the creation of a reverse shell in the tool. This is only applicable for products in the application released or manufactured before 2018.
|
|||||