Filtered by vendor Samsung
Subscriptions
Total
969 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2018-3896 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2022-12-02 | 8.8 High |
| An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long "correlationId" value in order to exploit this vulnerability. | ||||
| CVE-2018-3895 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2022-12-02 | 8.8 High |
| An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long 'endTime' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2018-3893 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2022-12-02 | 8.8 High |
| An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. An attacker can send an HTTP request to trigger this vulnerability. | ||||
| CVE-2021-25463 | 1 Samsung | 1 Penup | 2022-12-02 | 3.3 Low |
| Improper access control vulnerability in PENUP prior to version 3.8.00.18 allows arbitrary webpage loading in webview. | ||||
| CVE-2022-39891 | 1 Samsung | 1 Editor Lite | 2022-11-14 | 7.5 High |
| Heap overflow vulnerability in parse_pce function in libsavsaudio.so in Editor Lite prior to version 4.0.41.3 allows attacker to get information. | ||||
| CVE-2022-39889 | 1 Samsung | 1 Galaxywatch4plugin | 2022-11-11 | 3.3 Low |
| Improper access control vulnerability in GalaxyWatch4Plugin prior to versions 2.2.11.22101351 and 2.2.12.22101351 allows attackers to access wearable device information. | ||||
| CVE-2022-39893 | 1 Samsung | 1 Galaxy Buds Pro Manage | 2022-11-10 | 3.3 Low |
| Sensitive information exposure vulnerability in FmmBaseModel in Galaxy Buds Pro Manage prior to version 4.1.22092751 allows local attackers with log access permission to get device identifier data through device log. | ||||
| CVE-2022-39890 | 1 Samsung | 1 Billing | 2022-11-10 | 7.5 High |
| Improper Authorization in Samsung Billing prior to version 5.0.56.0 allows attacker to get sensitive information. | ||||
| CVE-2022-39881 | 1 Samsung | 2 Exynos, Exynos Firmware | 2022-11-10 | 9.1 Critical |
| Improper input validation vulnerability for processing SIB12 PDU in Exynos modems prior to SMR Sep-2022 Release allows remote attacker to read out of bounds memory. | ||||
| CVE-2022-36840 | 1 Samsung | 1 Update | 2022-10-27 | 7.8 High |
| DLL hijacking vulnerability in Samsung Update Setup prior to version 2.2.9.50 allows attackers to execute arbitrary code. | ||||
| CVE-2022-36839 | 1 Samsung | 1 Checkout | 2022-10-27 | 5.5 Medium |
| SQL injection vulnerability via IAPService in Samsung Checkout prior to version 5.0.53.1 allows attackers to access IAP information. | ||||
| CVE-2022-36838 | 1 Samsung | 1 Galaxy Wearable | 2022-10-27 | 4.6 Medium |
| Implicit Intent hijacking vulnerability in Galaxy Wearable prior to version 2.2.50 allows attacker to get sensitive information. | ||||
| CVE-2022-36837 | 1 Samsung | 1 Samsung Email | 2022-10-27 | 5.5 Medium |
| Intent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows attacker to get sensitive information. | ||||
| CVE-2022-36836 | 1 Samsung | 2 Charm, Charm Firmware | 2022-10-27 | 5.5 Medium |
| Unprotected provider vulnerability in Charm by Samsung prior to version 1.2.3 allows attackers to read connection state without permission. | ||||
| CVE-2022-36835 | 1 Samsung | 1 Samsung Internet Browser | 2022-10-27 | 3.3 Low |
| Implicit Intent hijacking vulnerability in Samsung Internet Browser prior to version 17.0.7.34 allows attackers to access arbitrary files. | ||||
| CVE-2022-36833 | 2 Google, Samsung | 2 Android, Gameoptimizingservice | 2022-10-27 | 7.8 High |
| Improper Privilege Management vulnerability in Game Optimizing Service prior to versions 3.3.04.0 in Android 10, and 3.5.04.8 in Android 11 and above allows local attacker to execute hidden function for developer by changing package name. | ||||
| CVE-2022-36831 | 1 Samsung | 1 Notes | 2022-10-27 | 5.5 Medium |
| Path traversal vulnerability in UriFileUtils of Samsung Notes prior to version 4.3.14.39 allows attacker to access some file as Samsung Notes permission. | ||||
| CVE-2021-25399 | 1 Samsung | 1 Smart Manager | 2022-10-25 | 7.1 High |
| Improper configuration in Smart Manager prior to version 11.0.05.0 allows attacker to access the file with system privilege. | ||||
| CVE-2021-25338 | 2 Google, Samsung | 2 Android, Exynos 9830 | 2022-10-25 | 5.2 Medium |
| Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to write certain part of RKP EL2 memory region. | ||||
| CVE-2019-6741 | 1 Samsung | 2 Galaxy S9, Galaxy S9 Firmware | 2022-10-12 | 9.3 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must connect to a wireless network. The specific flaw exists within the captive portal. By manipulating HTML, an attacker can force a page redirection. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7476. | ||||