Filtered by vendor Samsung
Subscribe
Search
Total
584 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6742 | 1 Samsung | 2 Galaxy S9, Galaxy S9 Firmware | 2021-11-03 | 7.5 HIGH | 9.8 CRITICAL |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the GameServiceReceiver update mechanism. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7477. | |||||
| CVE-2021-25467 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2021-10-14 | 7.2 HIGH | 6.7 MEDIUM |
| Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library. | |||||
| CVE-2021-25496 | 1 Samsung | 1 Notes | 2021-10-14 | 4.6 MEDIUM | 7.8 HIGH |
| A possible buffer overflow vulnerability in maetd_dec_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. | |||||
| CVE-2021-25497 | 1 Samsung | 1 Notes | 2021-10-14 | 4.6 MEDIUM | 7.8 HIGH |
| A possible buffer overflow vulnerability in maetd_cpy_slice of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. | |||||
| CVE-2021-25498 | 1 Samsung | 1 Notes | 2021-10-14 | 4.6 MEDIUM | 7.8 HIGH |
| A possible buffer overflow vulnerability in maetd_eco_cb_mode of libSPenBase library of Samsung Notes prior to Samsung Notes version 4.3.02.61 allows arbitrary code execution. | |||||
| CVE-2021-25499 | 1 Samsung | 1 Galaxy Store | 2021-10-14 | 2.1 LOW | 5.5 MEDIUM |
| Intent redirection vulnerability in SamsungAccountSDKSigninActivity of Galaxy Store prior to version 4.5.32.4 allows attacker to access content provider of Galaxy Store. | |||||
| CVE-2021-25494 | 1 Samsung | 1 Notes | 2021-10-14 | 4.6 MEDIUM | 7.8 HIGH |
| A possible buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution. | |||||
| CVE-2021-25468 | 2 Google, Samsung | 2 Android, Exynos | 2021-10-14 | 2.1 LOW | 4.4 MEDIUM |
| A possible guessing and confirming a byte memory vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows attackers to read arbitrary memory address. | |||||
| CVE-2021-25470 | 2 Google, Samsung | 2 Android, Exynos | 2021-10-13 | 3.6 LOW | 7.9 HIGH |
| An improper caller check logic of SMC call in TEEGRIS secure OS prior to SMR Oct-2021 Release 1 can be used to compromise TEE. | |||||
| CVE-2021-25469 | 2 Google, Samsung | 2 Android, Exynos | 2021-10-13 | 4.6 MEDIUM | 6.7 MEDIUM |
| A possible stack-based buffer overflow vulnerability in Widevine trustlet prior to SMR Oct-2021 Release 1 allows arbitrary code execution. | |||||
| CVE-2021-25476 | 2 Google, Samsung | 2 Android, Exynos | 2021-10-13 | 2.1 LOW | 4.4 MEDIUM |
| An information disclosure vulnerability in Widevine TA log prior to SMR Oct-2021 Release 1 allows attackers to bypass the ASLR protection mechanism in TEE. | |||||
| CVE-2021-25471 | 2 Google, Samsung | 2 Android, Exynos | 2021-10-13 | 5.0 MEDIUM | 7.5 HIGH |
| A lack of replay attack protection in Security Mode Command process prior to SMR Oct-2021 Release 1 can lead to denial of service on mobile network connection and battery depletion. | |||||
| CVE-2021-25479 | 2 Google, Samsung | 2 Android, Exynos | 2021-10-13 | 6.5 MEDIUM | 7.2 HIGH |
| A possible heap-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. | |||||
| CVE-2021-25478 | 2 Google, Samsung | 2 Android, Exynos | 2021-10-13 | 6.5 MEDIUM | 7.2 HIGH |
| A possible stack-based buffer overflow vulnerability in Exynos CP Chipset prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. | |||||
| CVE-2021-25481 | 2 Google, Samsung | 2 Android, Exynos | 2021-10-13 | 4.6 MEDIUM | 6.7 MEDIUM |
| An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory. | |||||
| CVE-2021-25489 | 2 Google, Samsung | 2 Android, Exynos | 2021-10-13 | 4.9 MEDIUM | 5.5 MEDIUM |
| Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic. | |||||
| CVE-2021-25487 | 2 Google, Samsung | 2 Android, Exynos | 2021-10-13 | 4.6 MEDIUM | 7.8 HIGH |
| Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer. | |||||
| CVE-2021-25488 | 2 Google, Samsung | 2 Android, Exynos | 2021-10-13 | 2.1 LOW | 5.5 MEDIUM |
| Lack of boundary checking of a buffer in recv_data() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read. | |||||
| CVE-2021-25491 | 2 Google, Samsung | 2 Android, Exynos | 2021-10-13 | 2.1 LOW | 4.4 MEDIUM |
| A vulnerability in mfc driver prior to SMR Oct-2021 Release 1 allows memory corruption via NULL-pointer dereference. | |||||
| CVE-2021-25493 | 1 Samsung | 1 Notes | 2021-10-13 | 3.6 LOW | 7.1 HIGH |
| Lack of boundary checking of a buffer in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows OOB read | |||||
| CVE-2021-25475 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2021-10-13 | 7.2 HIGH | 6.7 MEDIUM |
| A possible heap-based buffer overflow vulnerability in DSP kernel driver prior to SMR Oct-2021 Release 1 allows arbitrary memory write and code execution. | |||||
| CVE-2021-25466 | 1 Samsung | 1 Internet | 2021-09-23 | 5.0 MEDIUM | 5.9 MEDIUM |
| Improper scheme check vulnerability in Samsung Internet prior to version 15.0.2.47 allows attackers to perform Man-in-the-middle attack and obtain Samsung Account token. | |||||
| CVE-2021-25452 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2021-09-23 | 4.9 MEDIUM | 5.5 MEDIUM |
| An improper input validation vulnerability in loading graph file in DSP driver prior to SMR Sep-2021 Release 1 allows attackers to perform permanent denial of service on the device. | |||||
| CVE-2021-25464 | 1 Samsung | 1 Capture | 2021-09-22 | 2.1 LOW | 5.5 MEDIUM |
| An improper file management vulnerability in SamsungCapture prior to version 4.8.02 allows sensitive information leak. | |||||
| CVE-2021-25465 | 1 Samsung | 1 Themes | 2021-09-22 | 4.4 MEDIUM | 7.0 HIGH |
| An improper scheme check vulnerability in Samsung Themes prior to version 5.2.01 allows attackers to perform Man-in-the-middle attack. | |||||
| CVE-2021-25457 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2021-09-22 | 2.1 LOW | 3.3 LOW |
| An improper input validation vulnerability in DSP driver prior to SMR Sep-2021 Release 1 allows local attackers to get a limited kernel memory information. | |||||
| CVE-2021-25407 | 2 Google, Samsung | 5 Android, Exynos 2100, Exynos 980 and 2 more | 2021-09-21 | 4.6 MEDIUM | 7.8 HIGH |
| A possible out of bounds write vulnerability in NPU driver prior to SMR JUN-2021 Release 1 allows arbitrary memory write. | |||||
| CVE-2019-20451 | 1 Samsung | 2 Prismview Player 11, Prismview System 9 | 2021-09-09 | 10.0 HIGH | 9.8 CRITICAL |
| The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. (Authentication is required but an XML file containing credentials can be downloaded.) | |||||
| CVE-2021-22684 | 1 Samsung | 1 Tizenrt | 2021-09-08 | 5.0 MEDIUM | 7.5 HIGH |
| Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in functions_calloc and mm_zalloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash | |||||
| CVE-2021-25448 | 1 Samsung | 1 Smart Touch Call | 2021-08-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control vulnerability in Smart Touch Call prior to version 1.0.0.5 allows arbitrary webpage loading in webview. | |||||
| CVE-2021-25447 | 1 Samsung | 2 Smartthings, Smartthings Firmware | 2021-08-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause local file inclusion in webview. | |||||
| CVE-2021-25446 | 1 Samsung | 2 Smartthings, Smartthings Firmware | 2021-08-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper access control vulnerability in SmartThings prior to version 1.7.67.25 allows untrusted applications to cause arbitrary webpage loading in webview. | |||||
| CVE-2021-25445 | 1 Samsung | 1 Internet | 2021-08-12 | 5.0 MEDIUM | 5.3 MEDIUM |
| Unprotected component vulnerability in Samsung Internet prior to version 14.2 allows untrusted application to access internal files in Samsung Internet. | |||||
| CVE-2020-15582 | 2 Google, Samsung | 2 Android, Exynos 7885 | 2021-07-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 7885 chipsets) software. The Bluetooth Low Energy (BLE) component has a buffer overflow with a resultant deadlock or crash. The Samsung ID is SVE-2020-16870 (July 2020). | |||||
| CVE-2020-25052 | 2 Google, Samsung | 2 Android, Exynos 9830 | 2021-07-21 | 7.5 HIGH | 9.8 CRITICAL |
| An issue was discovered on Samsung mobile devices with Q(10.0) (exynos9830 chipsets) software. H-Arx allows attackers to execute arbitrary code or cause a denial of service (memory corruption) because indexes are mishandled. The Samsung ID is SVE-2020-17426 (August 2020). | |||||
| CVE-2020-25054 | 1 Samsung | 1 Exynos | 2021-07-21 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered on Samsung mobile devices with software through 2020-04-02 (Exynos modem chipsets). There is a heap-based buffer over-read in the Shannon baseband. The Samsung ID is SVE-2020-17239 (August 2020). | |||||
| CVE-2019-20564 | 1 Samsung | 2 Note9, S9 | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered on Samsung mobile devices with any (before October 2019 for S9 or Note9) software. Attackers can manipulate the IMEI. The Samsung ID is SVE-2019-15435 (October 2019). | |||||
| CVE-2019-17668 | 1 Samsung | 4 Galaxy S10, Galaxy S10 Firmware, Note 10 and 1 more | 2021-07-21 | 4.4 MEDIUM | 6.8 MEDIUM |
| Samsung Galaxy S10 and Note10 devices allow unlock operations via unregistered fingerprints in certain situations involving a third-party screen protector. | |||||
| CVE-2021-25419 | 1 Samsung | 1 Internet | 2021-06-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Non-compliance of recommended secure coding scheme in Samsung Internet prior to version 14.0.1.62 allows attackers to display fake URL in address bar via phising URL link. | |||||
| CVE-2021-25404 | 1 Samsung | 2 Smartthings, Smartthings Firmware | 2021-06-21 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in SmartThings prior to version 1.7.64.21 allows attacker to access user information via log. | |||||
| CVE-2021-25402 | 1 Samsung | 1 Notes | 2021-06-21 | 2.1 LOW | 3.3 LOW |
| Information Exposure vulnerability in Samsung Notes prior to version 4.2.04.27 allows attacker to access s pen latency information. | |||||
| CVE-2021-25399 | 1 Samsung | 1 Smart Manager | 2021-06-21 | 3.6 LOW | 7.1 HIGH |
| Improper configuration in Smart Manager prior to version 11.0.05.0 allows attacker to access the file with system privilege. | |||||
| CVE-2021-25406 | 1 Samsung | 1 Gear S | 2021-06-17 | 3.3 LOW | 6.5 MEDIUM |
| Information exposure vulnerability in Gear S Plugin prior to version 2.2.05.20122441 allows unstrusted applications to access connected BT device information. | |||||
| CVE-2021-25420 | 1 Samsung | 1 Galaxy Watch Plugin | 2021-06-17 | 2.1 LOW | 5.5 MEDIUM |
| Improper log management vulnerability in Galaxy Watch PlugIn prior to version 2.2.05.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. | |||||
| CVE-2021-25421 | 1 Samsung | 1 Galaxy Watch 3 Plugin | 2021-06-17 | 2.1 LOW | 5.5 MEDIUM |
| Improper log management vulnerability in Galaxy Watch3 PlugIn prior to version 2.2.09.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. | |||||
| CVE-2021-25422 | 1 Samsung | 1 Watch Active Plugin | 2021-06-17 | 2.1 LOW | 5.5 MEDIUM |
| Improper log management vulnerability in Watch Active PlugIn prior to version 2.2.07.21033151 allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone within log. | |||||
| CVE-2021-25423 | 1 Samsung | 1 Watch Active2 Plugin | 2021-06-17 | 2.1 LOW | 5.5 MEDIUM |
| Improper log management vulnerability in Watch Active2 PlugIn prior to 2.2.08.21033151 version allows attacker with log permissions to leak Wi-Fi password connected to the user smartphone via log. | |||||
| CVE-2021-25424 | 1 Samsung | 18 Galaxy Watch, Galaxy Watch 3, Galaxy Watch 3 Firmware and 15 more | 2021-06-17 | 5.8 MEDIUM | 8.8 HIGH |
| Improper authentication vulnerability in Tizen bluetooth-frwk prior to Firmware update JUN-2021 Release allows bluetooth attacker to take over the user's bluetooth device without user awareness. | |||||
| CVE-2021-25416 | 2 Google, Samsung | 5 Android, Exynos 9610, Exynos 9810 and 2 more | 2021-06-16 | 2.1 LOW | 6.5 MEDIUM |
| Assuming EL1 is compromised, an improper address validation in RKP prior to SMR JUN-2021 Release 1 allows local attackers to create executable kernel page outside code area. | |||||
| CVE-2021-25425 | 1 Samsung | 1 Health | 2021-06-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| Improper check vulnerability in Samsung Health prior to version 6.17 allows attacker to read internal cache data via exported component. | |||||