Filtered by vendor Samsung
Subscribe
Search
Total
584 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25495 | 1 Samsung | 1 Notes | 2022-04-26 | 4.6 MEDIUM | 7.8 HIGH |
| A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution. | |||||
| CVE-2021-25492 | 1 Samsung | 1 Notes | 2022-04-26 | 3.6 LOW | 7.1 HIGH |
| Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read. | |||||
| CVE-2018-11689 | 2 Hanwha-security, Samsung | 19 Hrd-1641, Hrd-1641 Firmware, Hrd-1642 and 16 more | 2022-04-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.) | |||||
| CVE-2012-4330 | 1 Samsung | 2 D6000, D6000 Firmware | 2022-02-24 | 7.8 HIGH | N/A |
| The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as demonstrated by the MAC address field, possibly a buffer overflow. | |||||
| CVE-2022-24924 | 1 Samsung | 1 Livewallpaperservice | 2022-02-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| An improper access control in LiveWallpaperService prior to versions 3.0.9.0 allows to create a specific named system directory without a proper permission. | |||||
| CVE-2022-24923 | 1 Samsung | 1 Searchwidget | 2022-02-22 | 2.1 LOW | 3.3 LOW |
| Improper access control vulnerability in Samsung SearchWidget prior to versions 2.3.00.6 in China models allows untrusted applications to load arbitrary URL and local files in webview. | |||||
| CVE-2022-24927 | 1 Samsung | 1 Video Player | 2022-02-22 | 7.5 HIGH | 9.8 CRITICAL |
| Improper privilege management vulnerability in Samsung Video Player prior to version 7.3.15.30 allows attackers to execute video files without permission. | |||||
| CVE-2022-24926 | 1 Samsung | 1 Smarttagplugin | 2022-02-22 | 3.5 LOW | 5.4 MEDIUM |
| Improper input validation vulnerability in SmartTagPlugin prior to version 1.2.15-6 allows privileged attackers to trigger a XSS on a victim's devices. | |||||
| CVE-2022-23998 | 2 Google, Samsung | 2 Android, Camera | 2022-02-22 | 4.3 MEDIUM | 5.5 MEDIUM |
| Improper access control vulnerability in Camera prior to versions 11.1.02.16 in Android R(11), 10.5.03.77 in Android Q(10) and 9.0.6.68 in Android P(9) allows untrusted applications to take a picture in screenlock status. | |||||
| CVE-2022-23996 | 1 Samsung | 1 Wear Os | 2022-02-22 | 4.3 MEDIUM | 3.3 LOW |
| Unprotected component vulnerability in StTheaterModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to enable bedtime mode without a proper permission. | |||||
| CVE-2022-23995 | 1 Samsung | 1 Wear Os | 2022-02-22 | 4.3 MEDIUM | 3.3 LOW |
| Unprotected component vulnerability in StBedtimeModeAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission. | |||||
| CVE-2022-23994 | 1 Samsung | 1 Wear Os | 2022-02-22 | 4.3 MEDIUM | 3.3 LOW |
| An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission. | |||||
| CVE-2022-24003 | 1 Samsung | 1 Bixby Vision | 2022-02-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| Exposure of Sensitive Information vulnerability in Bixby Vision prior to version 3.7.50.6 allows attackers to access internal data of Bixby Vision via unprotected intent. | |||||
| CVE-2022-23425 | 2 Google, Samsung | 2 Android, Exynos | 2022-02-18 | 7.5 HIGH | 9.8 CRITICAL |
| Improper input validation in Exynos baseband prior to SMR Feb-2022 Release 1 allows attackers to send arbitrary NAS signaling messages with fake base station. | |||||
| CVE-2022-24002 | 1 Samsung | 1 Link Sharing | 2022-02-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper Authorization vulnerability in Link Sharing prior to version 12.4.00.3 allows attackers to open protected activity via PreconditionActivity. | |||||
| CVE-2022-23997 | 1 Samsung | 1 Wear Os | 2022-02-18 | 4.3 MEDIUM | 3.3 LOW |
| Unprotected component vulnerability in StTheaterModeDurationAlarmReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to disable theater mode without a proper permission. | |||||
| CVE-2022-23428 | 2 Google, Samsung | 2 Android, Exynos | 2022-02-18 | 7.2 HIGH | 7.8 HIGH |
| An improper boundary check in eden_runtime hal service prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. | |||||
| CVE-2022-23432 | 2 Google, Samsung | 2 Android, Exynos | 2022-02-18 | 4.6 MEDIUM | 6.7 MEDIUM |
| An improper input validation in SMC_SRPMB_WSM handler of RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. | |||||
| CVE-2022-23431 | 2 Google, Samsung | 2 Android, Exynos | 2022-02-18 | 4.6 MEDIUM | 6.7 MEDIUM |
| An improper boundary check in RPMB ldfw prior to SMR Feb-2022 Release 1 allows arbitrary memory write and code execution. | |||||
| CVE-2022-23434 | 2 Google, Samsung | 2 Android, Bixby | 2022-02-18 | 2.1 LOW | 3.3 LOW |
| A vulnerability using PendingIntent in Bixby Vision prior to versions 3.7.60.8 in Android S(12), 3.7.50.6 in Andorid R(11) and below allows attackers to execute privileged action by hijacking and modifying the intent. | |||||
| CVE-2022-23433 | 2 Google, Samsung | 2 Android, Reminder | 2022-02-18 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control vulnerability in Reminder prior to versions 12.3.01.3000 in Android S(12), 12.2.05.6000 in Android R(11) and 11.6.08.6000 in Andoid Q(10) allows attackers to register reminders or execute exporeted activities remotely. | |||||
| CVE-2012-4329 | 1 Samsung | 2 D6000, D6000 Firmware | 2022-02-09 | 7.8 HIGH | N/A |
| The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart) via a crafted controller name. | |||||
| CVE-2022-22290 | 1 Samsung | 1 Internet | 2022-01-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Incorrect download source UI in Downloads in Samsung Internet prior to 16.0.6.23 allows attackers to perform domain spoofing via a crafted HTML page. | |||||
| CVE-2022-22289 | 1 Samsung | 1 S Assistant | 2022-01-19 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control vulnerability in S Assistant prior to version 7.5 allows attacker to remotely get senstive information. | |||||
| CVE-2022-22286 | 2 Google, Samsung | 2 Android, Bixby Routines | 2022-01-19 | 3.6 LOW | 7.1 HIGH |
| A vulnerability using PendingIntent in Bixby Routines prior to version 3.1.21.8 in Android R(11.0) and 2.6.30.5 in Android Q(10.0) allows attackers to execute privileged action by hijacking and modifying the intent. | |||||
| CVE-2022-22285 | 2 Google, Samsung | 2 Android, Reminder | 2022-01-19 | 3.6 LOW | 7.1 HIGH |
| A vulnerability using PendingIntent in Reminder prior to version 12.2.05.0 in Android R(11.0) and 12.3.02.1000 in Android S(12.0) allows attackers to execute privileged action by hijacking and modifying the intent. | |||||
| CVE-2022-22288 | 1 Samsung | 1 Galaxy Store | 2022-01-19 | 5.0 MEDIUM | 7.5 HIGH |
| Improper authorization vulnerability in Galaxy Store prior to 4.5.36.5 allows remote app installation of the allowlist. | |||||
| CVE-2022-22283 | 1 Samsung | 1 Health | 2022-01-19 | 2.1 LOW | 3.3 LOW |
| Improper session management vulnerability in Samsung Health prior to 6.20.1.005 prevents logging out from Samsung Health App. | |||||
| CVE-2022-22287 | 1 Samsung | 1 Samsung Email | 2022-01-19 | 2.1 LOW | 4.6 MEDIUM |
| Abitrary file access vulnerability in Samsung Email prior to 6.1.60.16 allows attacker to read isolated data in sandbox. | |||||
| CVE-2022-22284 | 1 Samsung | 1 Internet | 2022-01-18 | 2.1 LOW | 5.5 MEDIUM |
| Improper authentication vulnerability in Samsung Internet prior to 16.0.2.19 allows attackers to bypass secret mode password authentication | |||||
| CVE-2020-9061 | 4 Aeotec, Samsung, Silabs and 1 more | 6 Zw090-a, Sth-eth-200, 500 Series Firmware and 3 more | 2022-01-18 | 3.3 LOW | 6.5 MEDIUM |
| Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages. | |||||
| CVE-2022-22265 | 2 Google, Samsung | 2 Android, Exynos | 2022-01-14 | 4.6 MEDIUM | 7.8 HIGH |
| An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution. | |||||
| CVE-2021-25527 | 1 Samsung | 1 Pay | 2021-12-16 | 2.1 LOW | 3.3 LOW |
| Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication. | |||||
| CVE-2021-25526 | 1 Samsung | 1 Blockchain Wallet | 2021-12-16 | 2.1 LOW | 5.5 MEDIUM |
| Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action. | |||||
| CVE-2021-25525 | 1 Samsung | 1 Pay | 2021-12-13 | 3.3 LOW | 6.5 MEDIUM |
| Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition. | |||||
| CVE-2021-25524 | 1 Samsung | 1 Contacts | 2021-12-13 | 2.1 LOW | 3.3 LOW |
| Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID. | |||||
| CVE-2021-25523 | 1 Samsung | 1 Dialer | 2021-12-13 | 2.1 LOW | 3.3 LOW |
| Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID. | |||||
| CVE-2021-25522 | 1 Samsung | 1 Smart Capture | 2021-12-13 | 2.1 LOW | 3.3 LOW |
| Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 allows attacker to access victim's captured images without permission. | |||||
| CVE-2021-25521 | 1 Samsung | 1 Internet | 2021-12-13 | 2.1 LOW | 3.3 LOW |
| Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet. | |||||
| CVE-2021-25520 | 1 Samsung | 1 Internet | 2021-12-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet. | |||||
| CVE-2020-26146 | 3 Arista, Samsung, Siemens | 38 C-100, C-100 Firmware, C-110 and 35 more | 2021-12-06 | 2.9 LOW | 5.3 MEDIUM |
| An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design. | |||||
| CVE-2020-26144 | 3 Arista, Samsung, Siemens | 36 C-100, C-100 Firmware, C-110 and 33 more | 2021-12-04 | 3.3 LOW | 6.5 MEDIUM |
| An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. | |||||
| CVE-2021-42114 | 3 Micron, Samsung, Skhynix | 12 Ddr4 Sdram, Ddr4 Sdram Firmware, Lddr4 and 9 more | 2021-11-29 | 7.9 HIGH | 8.3 HIGH |
| Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability in their internal Target Row Refresh (TRR) mitigation against Rowhammer attacks. Novel non-uniform Rowhammer access patterns, consisting of aggressors with different frequencies, phases, and amplitudes allow triggering bit flips on affected memory modules using our Blacksmith fuzzer. The patterns generated by Blacksmith were able to trigger bitflips on all 40 PC-DDR4 DRAM devices in our test pool, which cover the three major DRAM manufacturers: Samsung, SK Hynix, and Micron. This means that, even when chips advertised as Rowhammer-free are used, attackers may still be able to exploit Rowhammer. For example, this enables privilege-escalation attacks against the kernel or binaries such as the sudo binary, and also triggering bit flips in RSA-2048 keys (e.g., SSH keys) to gain cross-tenant virtual-machine access. We can confirm that DRAM devices acquired in July 2020 with DRAM chips from all three major DRAM vendors (Samsung, SK Hynix, Micron) are affected by this vulnerability. For more details, please refer to our publication. | |||||
| CVE-2021-25509 | 1 Samsung | 1 Samsung Flow | 2021-11-09 | 3.6 LOW | 7.1 HIGH |
| A missing input validation in Samsung Flow Windows application prior to Version 4.8.5.0 allows attackers to overwrite abtraty file in the Windows known folders. | |||||
| CVE-2021-25508 | 1 Samsung | 1 Smartthings | 2021-11-09 | 7.5 HIGH | 9.8 CRITICAL |
| Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation. | |||||
| CVE-2021-25506 | 1 Samsung | 1 Health | 2021-11-09 | 2.1 LOW | 5.5 MEDIUM |
| Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service. | |||||
| CVE-2021-25500 | 2 Google, Samsung | 5 Android, Exynos 2100, Exynos 980 and 2 more | 2021-11-08 | 2.1 LOW | 4.4 MEDIUM |
| A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise. | |||||
| CVE-2021-25505 | 1 Samsung | 1 Samsung Pass | 2021-11-08 | 6.8 MEDIUM | 7.8 HIGH |
| Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked. | |||||
| CVE-2021-25504 | 1 Samsung | 1 Group Sharing | 2021-11-08 | 2.1 LOW | 4.0 MEDIUM |
| Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 allows attacker to access contact information. | |||||
| CVE-2021-25503 | 2 Google, Samsung | 2 Android, Exynos | 2021-11-08 | 4.6 MEDIUM | 6.7 MEDIUM |
| Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution. | |||||