Skip to main content

Samsung

980 CVEs vendor

Monthly

CVE-2019-7418 MEDIUM POC This Month

XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Samsung Syncthru Web Service X7400Gx Firmware
NVD
CVSS 3.0
6.1
EPSS
1.6%
CVE-2018-14856 MEDIUM POC This Month

Buffer overflow in dhd_bus_flow_ring_create_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Samsung Galaxy S6 Firmware
NVD GitHub
CVSS 3.0
6.3
EPSS
0.9%
CVE-2018-14855 MEDIUM POC This Month

Buffer overflow in dhd_bus_flow_ring_flush_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 allow an attacker (who has obtained code. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Samsung Galaxy S6 Firmware
NVD GitHub
CVSS 3.0
6.3
EPSS
0.9%
CVE-2018-14854 MEDIUM POC This Month

Buffer overflow in dhd_bus_flow_ring_delete_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Samsung Galaxy S6 Firmware
NVD GitHub
CVSS 3.0
6.3
EPSS
0.9%
CVE-2018-14853 MEDIUM POC This Month

A NULL pointer dereference in dhd_prot_txdata_write_flush in drivers/net/wireless/bcmdhd4358/dhd_msgbuf.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Null Pointer Dereference Denial Of Service Samsung Galaxy S6 Firmware
NVD GitHub
CVSS 3.0
4.3
EPSS
0.9%
CVE-2018-14852 MEDIUM POC This Month

Out-of-bounds array access in dhd_rx_frame in drivers/net/wireless/bcmdhd4358/dhd_linux.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Samsung Galaxy S6 Firmware
NVD GitHub
CVSS 3.0
6.3
EPSS
1.0%
CVE-2018-12038 MEDIUM PATCH This Month

An issue was discovered on Samsung 840 EVO devices. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Samsung 840 Evo Firmware
NVD
CVSS 3.0
4.2
EPSS
0.6%
CVE-2018-12037 MEDIUM PATCH This Month

An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and. Rated medium severity (CVSS 4.0).

Information Disclosure Samsung 840 Evo Firmware 850 Evo Firmware T3 Firmware +4
NVD
CVSS 3.0
4.0
EPSS
0.2%
CVE-2018-17969 CRITICAL POC Act Now

Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote attackers to discover cleartext credentials via iso.3.6.1.4.1.236.11.5.11.81.10.1.5.0 and iso.3.6.1.4.1.236.11.5.11.81.10.1.6.0 SNMP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Samsung Scx 6545X Firmware
NVD
CVSS 3.0
9.8
EPSS
1.4%
CVE-2018-14318 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S8 G950FXXU1AQL5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung RCE Buffer Overflow Stack Overflow Galaxy S8 Firmware
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-11614 HIGH This Week

This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Samsung Samsung Members
NVD
CVSS 3.0
8.8
EPSS
1.3%
CVE-2018-10502 HIGH This Week

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 4.2.18.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Samsung Galaxy Apps
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-10501 HIGH This Week

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Notes Fixed in version 2.0.02.31. Rated high severity (CVSS 7.0). No vendor patch available.

Samsung Path Traversal Notes
NVD
CVSS 3.0
7.0
EPSS
0.3%
CVE-2018-10500 HIGH This Week

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. Rated high severity (CVSS 7.0). No vendor patch available.

Authentication Bypass Samsung Galaxy Apps
NVD
CVSS 3.0
7.0
EPSS
0.2%
CVE-2018-10499 HIGH This Week

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. Rated high severity (CVSS 7.0). No vendor patch available.

RCE Samsung Galaxy Apps
NVD
CVSS 3.0
7.0
EPSS
0.3%
CVE-2018-10498 MEDIUM This Month

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Samsung Samsung Email
NVD
CVSS 3.0
5.5
EPSS
0.4%
CVE-2018-10497 HIGH This Week

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Samsung Samsung Email
NVD
CVSS 3.0
7.8
EPSS
0.3%
CVE-2018-10496 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Internet Browser Fixed in version 6.4.0.15. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free Samsung Samsung Internet Browser
NVD
CVSS 3.0
8.8
EPSS
2.5%
CVE-2018-3915 HIGH POC This Week

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2018-3914 HIGH POC This Week

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-3913 MEDIUM POC This Month

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
6.7
EPSS
0.4%
CVE-2018-3906 HIGH POC This Week

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2018-3894 HIGH POC This Week

An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2018-3877 CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.8%
CVE-2018-3876 HIGH POC This Week

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.9%
CVE-2018-3874 CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.8%
CVE-2018-3873 CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.8%
CVE-2018-3865 HIGH POC This Week

An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2018-3864 HIGH POC This Week

An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2018-3875 CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.5%
CVE-2018-3897 HIGH POC This Week

An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2018-3896 HIGH POC This Week

An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.5%
CVE-2018-3916 HIGH POC This Week

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-3908 HIGH POC This Week

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.3%
CVE-2018-3895 HIGH POC This Week

An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2018-3926 MEDIUM POC This Month

An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2018-3927 MEDIUM POC This Month

An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Samsung Sth Eth 250 Firmware
NVD
CVSS 3.0
5.9
EPSS
1.1%
CVE-2018-3918 HIGH POC This Week

An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2018-3904 CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.8%
CVE-2018-3893 HIGH POC This Week

An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.8%
CVE-2018-3909 HIGH POC This Week

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.6
EPSS
1.3%
CVE-2018-3907 CRITICAL POC Act Now

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
10.0
EPSS
1.4%
CVE-2018-3911 HIGH POC This Week

An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.6
EPSS
1.2%
CVE-2018-3880 CRITICAL POC Act Now

An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.2%
CVE-2018-3872 CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.8%
CVE-2018-3866 CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.5%
CVE-2018-3856 CRITICAL POC Act Now

An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Samsung Command Injection Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
3.4%
CVE-2018-3912 HIGH POC This Week

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2018-3925 CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.0
9.9
EPSS
1.5%
CVE-2018-3919 CRITICAL POC Act Now

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
0.9%
CVE-2018-3917 CRITICAL POC Act Now

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
0.9%
CVE-2018-3905 CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the camera "create" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.5%
CVE-2018-3903 CRITICAL POC Act Now

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.8%
CVE-2018-3902 CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the camera "replace" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.8%
CVE-2018-3879 HIGH POC This Week

An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
8.8
EPSS
1.6%
CVE-2018-3878 CRITICAL POC Act Now

Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.5%
CVE-2018-3867 CRITICAL POC Act Now

An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
2.0%
CVE-2018-3863 CRITICAL POC Act Now

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
CVSS 3.1
9.9
EPSS
1.7%
CVE-2018-14908 HIGH POC This Week

Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Samsung Syncthru Web Service
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-14904 MEDIUM POC This Month

Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Samsung Syncthru Web Service
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-11689 MEDIUM POC This Month

Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Samsung Smartviewer Hrd 1642 Firmware Hrd 842 Firmware +7
NVD
CVSS 3.1
6.1
EPSS
1.6%
CVE-2018-10751 MEDIUM POC This Month

A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Samsung Samsung Mobile
NVD Exploit-DB
CVSS 3.0
5.3
EPSS
8.7%
CVE-2018-9143 CRITICAL Act Now

On Samsung mobile devices with M(6.0) and N(7.x) software, a heap overflow in the sensorhub binder service leads to code execution in a privileged process, aka SVE-2017-10991. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow Samsung Samsung Mobile
NVD
CVSS 3.0
9.8
EPSS
2.4%
CVE-2018-9142 HIGH This Week

On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Samsung Samsung Mobile
NVD
CVSS 3.0
7.0
EPSS
0.8%
CVE-2018-9141 HIGH This Week

On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Gallery allows remote attackers to execute arbitrary code via a BMP file with a crafted resolution, aka SVE-2017-11105. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Samsung Samsung Mobile
NVD
CVSS 3.0
7.8
EPSS
2.4%
CVE-2018-9140 MEDIUM This Month

On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Samsung Samsung Mobile
NVD
CVSS 3.0
6.1
EPSS
0.6%
CVE-2018-9139 CRITICAL Act Now

On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privileged process via a large frame size, aka SVE-2017-11165. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Samsung Samsung Mobile
NVD
CVSS 3.0
9.8
EPSS
2.5%
CVE-2018-6019 MEDIUM This Month

Samsung Display Solutions App before 3.02 for Android allows man-in-the-middle attackers to spoof B2B content by leveraging failure to use encryption during information transmission. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Samsung Display Solutions
NVD
CVSS 3.0
5.9
EPSS
0.3%
CVE-2018-5210 HIGH This Week

On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption RCE Buffer Overflow Samsung Samsung Mobile
NVD
CVSS 3.0
8.1
EPSS
1.8%
CVE-2015-7889 MEDIUM POC This Month

The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Samsung Information Disclosure Android
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
3.3%
CVE-2017-17859 MEDIUM This Month

Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Samsung Internet Browser
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2017-17692 HIGH POC THREAT Act Now

Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 67.5%.

Samsung Information Disclosure Internet Browser
NVD GitHub Exploit-DB
CVSS 3.0
7.5
EPSS
67.5%
Threat
5.0
CVE-2015-7268 MEDIUM This Month

Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Lenovo Microsoft Samsung Dell Authentication Bypass +4
NVD
CVSS 3.0
4.2
EPSS
0.1%
CVE-2015-7267 MEDIUM This Month

Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Dell Authentication Bypass Samsung Lenovo 850 Pro Firmware +3
NVD
CVSS 3.0
4.2
EPSS
0.1%
CVE-2017-16524 HIGH POC THREAT Act Now

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 74.7%.

Samsung PHP File Upload Web Viewer
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
74.7%
Threat
5.5
CVE-2014-0997 HIGH POC THREAT Act Now

WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.3%.

Denial Of Service Google Samsung Android
NVD Exploit-DB
CVSS 3.0
7.5
EPSS
17.3%
CVE-2017-14262 HIGH Act Now

On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 21.0% and no vendor patch available.

Samsung Information Disclosure Srn 1670D Firmware Srn 1000 Firmware Srn 472S Firmware +1
NVD GitHub
CVSS 3.0
8.1
EPSS
21.0%
CVE-2015-7896 MEDIUM POC THREAT This Month

LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.4%.

Buffer Overflow Denial Of Service Samsung Samsung Mobile
NVD Exploit-DB
CVSS 3.0
6.5
EPSS
12.4%
CVE-2015-1801 CRITICAL Act Now

The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to cause a denial of service (memory corruption) or gain privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Samsung Galaxy S4 Firmware
NVD
CVSS 3.0
9.8
EPSS
1.7%
CVE-2015-1800 HIGH This Week

The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to potentially obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Galaxy S4 Firmware
NVD
CVSS 3.0
7.5
EPSS
1.6%
CVE-2015-7894 HIGH POC This Week

The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service Samsung Galaxy S6 Edge Firmware
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
4.8%
CVE-2015-7891 HIGH POC This Week

Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Google Samsung Information Disclosure Samsung Mobile
NVD Exploit-DB
CVSS 3.0
7.0
EPSS
0.2%
CVE-2015-7898 MEDIUM POC This Month

Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Samsung Samsung Mobile
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
0.2%
CVE-2015-7895 MEDIUM POC This Month

Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Samsung Samsung Mobile
NVD Exploit-DB
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-3218 HIGH This Week

Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Magician
NVD
CVSS 3.0
8.8
EPSS
0.0%
CVE-2015-7888 HIGH This Week

Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Samsung Galaxy S6 Edge Firmware
NVD
CVSS 3.0
7.5
EPSS
3.8%
CVE-2015-5473 CRITICAL Emergency

Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 46.9% and no vendor patch available.

Path Traversal Samsung RCE Syncthru 6
NVD
CVSS 3.0
9.8
EPSS
46.9%
CVE-2017-7978 HIGH This Week

Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Samsung Information Disclosure Samsung Mobile
NVD
CVSS 3.0
7.5
EPSS
0.3%
CVE-2016-4032 MEDIUM POC This Month

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Samsung Galaxy S6 Firmware Galaxy Note 3 Firmware +3
NVD GitHub
CVSS 3.0
4.6
EPSS
0.1%
CVE-2016-4031 MEDIUM POC This Month

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Samsung Galaxy S6 Firmware Galaxy Note 3 Firmware Galaxy S4 Mini Firmware +2
NVD GitHub
CVSS 3.0
6.8
EPSS
0.1%
EPSS 2% CVSS 6.1
MEDIUM POC This Month

XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Samsung Syncthru Web Service +1
NVD
EPSS 1% CVSS 6.3
MEDIUM POC This Month

Buffer overflow in dhd_bus_flow_ring_create_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Samsung +1
NVD GitHub
EPSS 1% CVSS 6.3
MEDIUM POC This Month

Buffer overflow in dhd_bus_flow_ring_flush_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 allow an attacker (who has obtained code. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Samsung +1
NVD GitHub
EPSS 1% CVSS 6.3
MEDIUM POC This Month

Buffer overflow in dhd_bus_flow_ring_delete_response in drivers/net/wireless/bcmdhd4358/dhd_pcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Samsung +1
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM POC This Month

A NULL pointer dereference in dhd_prot_txdata_write_flush in drivers/net/wireless/bcmdhd4358/dhd_msgbuf.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Null Pointer Dereference Denial Of Service +2
NVD GitHub
EPSS 1% CVSS 6.3
MEDIUM POC This Month

Out-of-bounds array access in dhd_rx_frame in drivers/net/wireless/bcmdhd4358/dhd_linux.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has. Rated medium severity (CVSS 6.3), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

RCE Buffer Overflow Samsung +1
NVD GitHub
EPSS 1% CVSS 4.2
MEDIUM PATCH This Month

An issue was discovered on Samsung 840 EVO devices. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

Information Disclosure Samsung 840 Evo Firmware
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and. Rated medium severity (CVSS 4.0).

Information Disclosure Samsung 840 Evo Firmware +6
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Samsung SCX-6545X V2.00.03.01 03-23-2012 devices allows remote attackers to discover cleartext credentials via iso.3.6.1.4.1.236.11.5.11.81.10.1.5.0 and iso.3.6.1.4.1.236.11.5.11.81.10.1.6.0 SNMP. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Samsung Scx 6545X Firmware
NVD
EPSS 2% CVSS 8.8
HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S8 G950FXXU1AQL5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung RCE Buffer Overflow +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

This vulnerability allows remote attackers to escalate privileges on vulnerable installations of Samsung Members Fixed in version 2.4.25. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Samsung Samsung Members
NVD
EPSS 0% CVSS 7.8
HIGH This Week

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 4.2.18.2. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Samsung Galaxy Apps
NVD
EPSS 0% CVSS 7.0
HIGH This Week

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Notes Fixed in version 2.0.02.31. Rated high severity (CVSS 7.0). No vendor patch available.

Samsung Path Traversal Notes
NVD
EPSS 0% CVSS 7.0
HIGH This Week

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. Rated high severity (CVSS 7.0). No vendor patch available.

Authentication Bypass Samsung Galaxy Apps
NVD
EPSS 0% CVSS 7.0
HIGH This Week

This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. Rated high severity (CVSS 7.0). No vendor patch available.

RCE Samsung Galaxy Apps
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Samsung Samsung Email
NVD
EPSS 0% CVSS 7.8
HIGH This Week

This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

RCE Samsung Samsung Email
NVD
EPSS 2% CVSS 8.8
HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Internet Browser Fixed in version 6.4.0.15. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Use After Free +2
NVD
EPSS 0% CVSS 8.2
HIGH POC This Week

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung +1
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung +1
NVD
EPSS 0% CVSS 6.7
MEDIUM POC This Month

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung +1
NVD
EPSS 0% CVSS 8.2
HIGH POC This Week

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of a database field in video-core's HTTP server of Samsung SmartThings Hub. Rated high severity (CVSS 8.2), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung +1
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
EPSS 2% CVSS 9.9
CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
EPSS 2% CVSS 9.9
CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
EPSS 2% CVSS 9.9
CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
EPSS 2% CVSS 9.9
CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

An exploitable buffer overflow vulnerabilities exist in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub with Firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung +1
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Samsung +1
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
EPSS 0% CVSS 5.5
MEDIUM POC This Month

An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Denial Of Service Samsung +1
NVD
EPSS 1% CVSS 5.9
MEDIUM POC This Month

An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Google Information Disclosure Samsung +1
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Samsung Sth Eth 250 Firmware
NVD
EPSS 2% CVSS 9.9
CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the camera 'update' feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung +1
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung +1
NVD
EPSS 1% CVSS 8.6
HIGH POC This Week

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Samsung +1
NVD
EPSS 1% CVSS 10.0
CRITICAL POC Act Now

An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Request Smuggling Information Disclosure Samsung +1
NVD
EPSS 1% CVSS 8.6
HIGH POC This Week

An exploitable HTTP header injection vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection Samsung Sth Eth 250 Firmware
NVD
EPSS 1% CVSS 9.9
CRITICAL POC Act Now

An exploitable stack-based buffer overflow vulnerability exists in the database 'find-by-cameraId' functionality of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung +1
NVD
EPSS 2% CVSS 9.9
CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
EPSS 2% CVSS 9.9
CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the samsungWifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung +1
NVD
EPSS 3% CVSS 9.9
CRITICAL POC Act Now

An exploitable vulnerability exists in the smart cameras RTSP configuration of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Samsung Command Injection Sth Eth 250 Firmware
NVD
EPSS 0% CVSS 7.8
HIGH POC This Week

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung +1
NVD
EPSS 1% CVSS 9.9
CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the remote video-host communication of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
EPSS 1% CVSS 9.9
CRITICAL POC Act Now

An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung +1
NVD
EPSS 1% CVSS 9.9
CRITICAL POC Act Now

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
EPSS 1% CVSS 9.9
CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the camera "create" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
EPSS 2% CVSS 9.9
CRITICAL POC Act Now

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung +1
NVD
EPSS 2% CVSS 9.9
CRITICAL POC Act Now

An exploitable buffer overflow vulnerability exists in the camera "replace" feature of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung +1
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

An exploitable JSON injection vulnerability exists in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Samsung Sth Eth 250 Firmware
NVD
EPSS 2% CVSS 9.9
CRITICAL POC Act Now

Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Samsung Sth Eth 250 Firmware
NVD
EPSS 2% CVSS 9.9
CRITICAL POC Act Now

An exploitable stack-based buffer overflow vulnerability exists in the samsungWifiScan callback notification of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung +1
NVD
EPSS 2% CVSS 9.9
CRITICAL POC Act Now

On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on. Rated critical severity (CVSS 9.9), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Memory Corruption Buffer Overflow Samsung +1
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Samsung Syncthru Web Service
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Samsung Syncthru Web Service
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Samsung Smartviewer +9
NVD
EPSS 9% CVSS 5.3
MEDIUM POC This Month

A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Samsung +1
NVD Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL Act Now

On Samsung mobile devices with M(6.0) and N(7.x) software, a heap overflow in the sensorhub binder service leads to code execution in a privileged process, aka SVE-2017-10991. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Memory Corruption RCE Buffer Overflow +2
NVD
EPSS 1% CVSS 7.0
HIGH This Week

On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka. Rated high severity (CVSS 7.0), this vulnerability is no authentication required. No vendor patch available.

Information Disclosure Samsung Samsung Mobile
NVD
EPSS 2% CVSS 7.8
HIGH This Week

On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Gallery allows remote attackers to execute arbitrary code via a BMP file with a crafted resolution, aka SVE-2017-11105. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Samsung Samsung Mobile
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Samsung Samsung Mobile
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privileged process via a large frame size, aka SVE-2017-11165. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Samsung +1
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Samsung Display Solutions App before 3.02 for Android allows man-in-the-middle attackers to spoof B2B content by leveraging failure to use encryption during information transmission. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Google Information Disclosure Samsung +1
NVD
EPSS 2% CVSS 8.1
HIGH This Week

On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Memory Corruption RCE Buffer Overflow +2
NVD
EPSS 3% CVSS 5.5
MEDIUM POC This Month

The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Samsung Information Disclosure +1
NVD Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM This Month

Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Samsung Internet Browser
NVD
EPSS 68% 5.0 CVSS 7.5
HIGH POC THREAT Act Now

Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 67.5%.

Samsung Information Disclosure Internet Browser
NVD GitHub Exploit-DB
EPSS 0% CVSS 4.2
MEDIUM This Month

Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Lenovo Microsoft Samsung +6
NVD
EPSS 0% CVSS 4.2
MEDIUM This Month

Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS. Rated medium severity (CVSS 4.2), this vulnerability is no authentication required. No vendor patch available.

Dell Authentication Bypass Samsung +5
NVD
EPSS 75% 5.5 CVSS 8.8
HIGH POC THREAT Act Now

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 74.7%.

Samsung PHP File Upload +1
NVD GitHub Exploit-DB
EPSS 17% CVSS 7.5
HIGH POC THREAT Act Now

WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 17.3%.

Denial Of Service Google Samsung +1
NVD Exploit-DB
EPSS 21% CVSS 8.1
HIGH Act Now

On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required. Epss exploitation probability 21.0% and no vendor patch available.

Samsung Information Disclosure Srn 1670D Firmware +3
NVD GitHub
EPSS 12% CVSS 6.5
MEDIUM POC THREAT This Month

LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 12.4%.

Buffer Overflow Denial Of Service Samsung +1
NVD Exploit-DB
EPSS 2% CVSS 9.8
CRITICAL Act Now

The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to cause a denial of service (memory corruption) or gain privileges. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Samsung +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to potentially obtain sensitive information. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Galaxy S4 Firmware
NVD
EPSS 5% CVSS 8.8
HIGH POC This Week

The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow RCE Denial Of Service +2
NVD Exploit-DB
EPSS 0% CVSS 7.0
HIGH POC This Week

Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging. Rated high severity (CVSS 7.0). Public exploit code available and no vendor patch available.

Race Condition Google Samsung +2
NVD Exploit-DB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Samsung +1
NVD Exploit-DB
EPSS 0% CVSS 5.5
MEDIUM POC This Month

Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Samsung +1
NVD Exploit-DB
EPSS 0% CVSS 8.8
HIGH This Week

Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Rated high severity (CVSS 8.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Magician
NVD
EPSS 4% CVSS 7.5
HIGH This Week

Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Samsung Galaxy S6 Edge Firmware
NVD
EPSS 47% CVSS 9.8
CRITICAL Emergency

Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Epss exploitation probability 46.9% and no vendor patch available.

Path Traversal Samsung RCE +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google Samsung Information Disclosure +1
NVD
EPSS 0% CVSS 4.6
MEDIUM POC This Month

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and. Rated medium severity (CVSS 4.6), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Samsung +5
NVD GitHub
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Samsung Galaxy S6 Firmware +4
NVD GitHub
Prev Page 10 of 11 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy