Filtered by vendor Samsung
Subscriptions
Total
969 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-21505 | 1 Samsung | 1 Samsung Core Services | 2023-05-10 | 8.6 High |
| Improper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox. | ||||
| CVE-2023-21501 | 1 Samsung | 1 Android | 2023-05-10 | 7.8 High |
| Improper input validation vulnerability in mPOS fiserve trustlet prior to SMR May-2023 Release 1 allows local attackers to execute arbitrary code. | ||||
| CVE-2023-21493 | 1 Samsung | 1 Android | 2023-05-10 | 5.5 Medium |
| Improper access control vulnerability in SemShareFileProvider prior to SMR May-2023 Release 1 allows local attackers to access protected data. | ||||
| CVE-2023-21492 | 1 Samsung | 1 Android | 2023-05-10 | 4.4 Medium |
| Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR. | ||||
| CVE-2023-21491 | 1 Samsung | 1 Android | 2023-05-10 | 7.8 High |
| Improper access control vulnerability in ThemeManager prior to SMR May-2023 Release 1 allows local attackers to write arbitrary files with system privilege. | ||||
| CVE-2023-21490 | 1 Samsung | 1 Android | 2023-05-10 | 7.1 High |
| Improper access control in GearManagerStub prior to SMR May-2023 Release 1 allows a local attacker to delete applications installed by watchmanager. | ||||
| CVE-2023-21489 | 1 Samsung | 1 Android | 2023-05-10 | 6.8 Medium |
| Heap out-of-bounds write vulnerability in bootloader prior to SMR May-2023 Release 1 allows a physical attacker to execute arbitrary code. | ||||
| CVE-2023-21488 | 1 Samsung | 1 Android | 2023-05-10 | 7.8 High |
| Improper access control vulnerablility in Tips prior to SMR May-2023 Release 1 allows local attackers to launch arbitrary activity in Tips. | ||||
| CVE-2023-21487 | 1 Samsung | 1 Android | 2023-05-10 | 3.3 Low |
| Improper access control vulnerability in Telephony framework prior to SMR May-2023 Release 1 allows local attackers to change a call setting. | ||||
| CVE-2023-21486 | 1 Samsung | 1 Android | 2023-05-10 | 4.6 Medium |
| Improper export of android application components vulnerability in ImagePreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. | ||||
| CVE-2023-21485 | 1 Samsung | 1 Android | 2023-05-10 | 4.6 Medium |
| Improper export of android application components vulnerability in VideoPreviewActivity in Call Settings to SMR May-2023 Release 1 allows physical attackers to access some media data stored in sandbox. | ||||
| CVE-2023-21484 | 1 Samsung | 1 Android | 2023-05-10 | 7.8 High |
| Improper access control vulnerability in AppLock prior to SMR May-2023 Release 1 allows local attackers without proper permission to execute a privileged operation. | ||||
| CVE-2023-28613 | 1 Samsung | 6 Exynos 1280, Exynos 1280 Firmware, Exynos 2200 and 3 more | 2023-05-05 | 9.8 Critical |
| An issue was discovered in Samsung Exynos Mobile Processor and Baseband Modem Processor for Exynos 1280, Exynos 2200, and Exynos Modem 5300. An integer overflow in IPv4 fragment handling can occur due to insufficient parameter validation when reassembling these fragments. | ||||
| CVE-2023-24033 | 1 Samsung | 10 Exynos 1080, Exynos 1080 Firmware, Exynos 980 and 7 more | 2023-05-04 | 9.8 Critical |
| The Samsung Exynos Modem 5123, Exynos Modem 5300, Exynos 980, Exynos 1080, and Exynos Auto T512 baseband modem chipsets do not properly check format types specified by the Session Description Protocol (SDP) module, which can lead to a denial of service. | ||||
| CVE-2018-3865 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2023-04-26 | 8.8 High |
| An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "cameraIp" value in order to exploit this vulnerability. | ||||
| CVE-2018-3874 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2023-04-26 | 9.9 Critical |
| An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The strncpy overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long "accessKey" value in order to exploit this vulnerability. | ||||
| CVE-2018-3913 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2023-04-26 | 6.7 Medium |
| An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 32 bytes. An attacker can send an arbitrarily long "accessKey" value in order to exploit this vulnerability. | ||||
| CVE-2018-3915 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2023-04-26 | 8.2 High |
| An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 64 bytes. An attacker can send an arbitrarily long "bucket" value in order to exploit this vulnerability. | ||||
| CVE-2018-3867 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2023-04-26 | 9.9 Critical |
| An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly handles the answer received from a smart camera, leading to a buffer overflow on the stack. An attacker can send a series of HTTP requests to trigger this vulnerability. | ||||
| CVE-2018-3863 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2023-04-26 | 9.9 Critical |
| On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. A strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long "user" value in order to exploit this vulnerability. | ||||