Skip to main content

Samsung

980 CVEs vendor

Monthly

CVE-2016-4030 MEDIUM POC This Month

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Samsung Galaxy S6 Firmware Galaxy Note 3 Firmware Galaxy S4 Mini Firmware +2
NVD GitHub
CVSS 3.0
6.8
EPSS
0.1%
CVE-2016-2567 LOW POC Monitor

secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Samsung Galaxy S6 Firmware Galaxy Note 3 Firmware
NVD GitHub
CVSS 3.0
3.3
EPSS
0.1%
CVE-2016-2566 CRITICAL Act Now

Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Samsung Galaxy S6 Firmware
NVD GitHub
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-2565 LOW POC Monitor

Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to read sent e-mail messages, aka SVE-2015-5081. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Samsung Information Disclosure Galaxy S6 Firmware
NVD GitHub
CVSS 3.0
3.3
EPSS
0.1%
CVE-2016-2036 MEDIUM POC This Month

The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Google Samsung Galaxy S6 Firmware +1
NVD GitHub
CVSS 3.0
5.5
EPSS
0.1%
CVE-2015-8780 MEDIUM POC This Month

Samsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Path Traversal Samsung Kies
NVD GitHub
CVSS 3.0
6.4
EPSS
0.1%
CVE-2015-7893 HIGH POC THREAT Act Now

SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.6%.

Samsung Information Disclosure Galaxy S6
NVD Exploit-DB
CVSS 3.0
8.8
EPSS
13.6%
CVE-2015-0864 HIGH This Week

Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x before 2.1.0069 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Privilege Escalation RCE Galaxy App Samsung Account App
NVD
CVSS 3.0
8.0
EPSS
0.3%
CVE-2015-0863 HIGH This Week

GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Google Privilege Escalation RCE Galaxy App +1
NVD
CVSS 3.0
8.0
EPSS
0.1%
CVE-2015-5729 CRITICAL POC Act Now

The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Samsung Information Disclosure Nt14U Firmware X14J Firmware X14H Firmware +3
NVD
CVSS 3.0
9.8
EPSS
1.3%
CVE-2017-5538 CRITICAL PATCH Act Now

The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Samsung Information Disclosure Samsung Mobile
NVD
CVSS 3.0
9.8
EPSS
2.8%
CVE-2016-4547 HIGH This Week

Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Samsung Samsung Mobile
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-4546 MEDIUM This Month

Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Samsung Samsung Mobile
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-4038 HIGH This Week

Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Samsung Information Disclosure Samsung Mobile
NVD
CVSS 3.0
7.8
EPSS
0.0%
CVE-2016-6604 CRITICAL Act Now

NULL pointer dereference in Samsung Exynos fimg2d driver for Android L(5.0/5.1) and M(6.0) allows attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Google Samsung Exynos Fimg2D
NVD
CVSS 3.0
9.8
EPSS
0.6%
CVE-2016-3996 MEDIUM This Month

ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users to read KNOX clipboard data via a crafted application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Knox
NVD VulDB
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-1920 MEDIUM This Month

Samsung KNOX 1.0.0 uses the shared certificate on Android, which allows local users to conduct man-in-the-middle attacks as demonstrated by installing a certificate and running a VPN service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Samsung Knox
NVD VulDB
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-1919 MEDIUM POC This Month

Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which makes it easier for local users to obtain sensitive information by leveraging knowledge of the TIMA key and a brute-force attack. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Samsung Information Disclosure Knox
NVD VulDB
CVSS 3.0
4.7
EPSS
0.1%
CVE-2016-9279 HIGH This Week

Use-after-free vulnerability in the Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows attackers to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Samsung Information Disclosure Memory Corruption +1
NVD VulDB
CVSS 3.0
7.5
EPSS
1.1%
CVE-2016-9278 MEDIUM This Month

The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows local users to cause a denial of service (kernel panic) via a crafted ioctl command. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Samsung Exynos Fimg2D Driver
NVD VulDB
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-6527 HIGH This Week

The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samsung Privilege Escalation Samsung Mobile
NVD VulDB
CVSS 3.0
7.8
EPSS
0.1%
CVE-2016-6526 HIGH This Week

The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samsung Privilege Escalation Samsung Mobile
NVD VulDB
CVSS 3.0
7.8
EPSS
0.1%
CVE-2017-5351 HIGH This Week

Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samsung Samsung Mobile
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-5350 HIGH This Week

Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allow attackers to crash systemUI by leveraging incomplete exception handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samsung Samsung Mobile
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2017-5217 MEDIUM This Month

Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Samsung Samsung Mobile
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-6910 MEDIUM This Month

The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 builds for the Samsung Galaxy S6 Edge devices, but the vulnerability can persist on the device even. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Samsung Android
NVD
CVSS 3.0
5.5
EPSS
0.1%
CVE-2016-9967 CRITICAL Act Now

Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samsung Samsung Mobile
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-9966 CRITICAL Act Now

Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samsung Samsung Mobile
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-9965 CRITICAL Act Now

Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samsung Samsung Mobile
NVD
CVSS 3.0
9.8
EPSS
0.5%
CVE-2016-9567 MEDIUM This Month

The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Samsung Mobile
NVD
CVSS 3.0
5.5
EPSS
0.2%
CVE-2016-9277 HIGH This Week

Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note devices allows attackers to cause a denial of service (UI restart) via vectors involving APIs and an activity that computes an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Samsung Samsung Mobile
NVD
CVSS 3.0
7.5
EPSS
0.5%
CVE-2016-7160 HIGH This Week

A vulnerability on Samsung Mobile M(6.0) devices exists because external access to SystemUI activities is not properly restricted, leading to a SystemUI crash and device restart, aka SVE-2016-6248. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samsung Null Pointer Dereference Samsung Mobile
NVD
CVSS 3.0
7.5
EPSS
0.6%
CVE-2016-7991 HIGH This Week

On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2016-7990 CRITICAL Act Now

On Samsung Galaxy S4 through S7 devices, an integer overflow condition exists within libomacp.so when parsing OMACP messages (within WAP Push SMS messages) leading to a heap corruption that can. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Samsung Denial Of Service Android
NVD
CVSS 3.0
9.8
EPSS
1.8%
CVE-2016-7989 HIGH This Week

On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Samsung Android
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2016-7988 HIGH This Week

On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Samsung Android
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2015-8281 HIGH This Week

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows attackers to bypass filesystem encryption via XOR calculations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Web Viewer
NVD
CVSS 3.0
7.5
EPSS
0.1%
CVE-2015-8280 HIGH This Week

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to discover credentials by reading detailed error messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Web Viewer
NVD
CVSS 3.0
7.5
EPSS
0.8%
CVE-2015-8279 HIGH POC THREAT Act Now

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 67.9%.

PHP Privilege Escalation Samsung Web Viewer
NVD
CVSS 3.0
8.6
EPSS
67.9%
Threat
5.3
CVE-2015-7897 HIGH POC This Week

The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Buffer Overflow Samsung Galaxy S6
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
4.5%
CVE-2015-8040 MEDIUM This Month

The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung SmartViewer allows remote attackers to execute arbitrary code via an index value. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Samsung Smartviewer
NVD
CVSS 2.0
6.8
EPSS
1.9%
CVE-2015-8039 MEDIUM This Month

Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Samsung Smartviewer
NVD
CVSS 2.0
6.8
EPSS
2.1%
CVE-2015-4034 HIGH This Week

The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a. Rated high severity (CVSS 7.9). No vendor patch available.

Google Samsung Authentication Bypass Galaxy S5
NVD
CVSS 2.0
7.9
EPSS
0.2%
CVE-2015-4033 LOW Monitor

Samsung SBeam allows remote attackers to read arbitrary images by leveraging an NFC connection to access the HTTP server on port 15000. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure S Beam
NVD
CVSS 2.0
3.3
EPSS
0.4%
CVE-2015-4641 MEDIUM POC This Month

Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal RCE Samsung Swiftkey Sdk
NVD GitHub
CVSS 2.0
6.4
EPSS
0.7%
CVE-2015-4640 LOW POC Monitor

The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle. Rated low severity (CVSS 2.9). Public exploit code available and no vendor patch available.

RCE Samsung Swiftkey Sdk
NVD GitHub
CVSS 2.0
2.9
EPSS
0.2%
CVE-2015-3435 CRITICAL Act Now

Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Samsung Samsung Security Manager
NVD
CVSS 2.0
10.0
EPSS
8.4%
CVE-2015-0555 MEDIUM POC THREAT This Month

Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code via a long string in the first argument to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 24.9%.

RCE Samsung Buffer Overflow Ipolis Device Manager
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
24.9%
CVE-2015-1499 HIGH This Week

The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete arbitrary files, and consequently cause a denial of service, via a DELETE request. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Samsung Samsung Security Manager
NVD
CVSS 2.0
8.5
EPSS
1.1%
CVE-2014-9266 MEDIUM This Month

The STWConfig ActiveX control in Samsung SmartViewer does not properly initialize a variable, which allows remote attackers to execute arbitrary code via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Samsung Code Injection Smart Viewer
NVD
CVSS 2.0
6.8
EPSS
2.0%
CVE-2014-9265 MEDIUM POC This Month

Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Samsung Buffer Overflow Smartviewer
NVD Exploit-DB
CVSS 2.0
6.8
EPSS
8.6%
CVE-2014-8346 HIGH POC This Week

The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Samsung Denial Of Service Code Injection Findmymobile +1
NVD
CVSS 2.0
7.8
EPSS
0.5%
CVE-2014-3911 CRITICAL PATCH Act Now

Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Samsung Code Injection Ipolis Device Manager
NVD
CVSS 2.0
9.3
EPSS
8.4%
CVE-2014-3912 CRITICAL PATCH Act Now

Stack-based buffer overflow in the FindConfigChildeKeyList method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control in Samsung iPOLiS Device Manager before 1.8.7 allows remote. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 12.3%.

RCE Samsung Buffer Overflow Ipolis Device Manager
NVD
CVSS 2.0
9.3
EPSS
12.3%
CVE-2012-6429 CRITICAL POC THREAT Emergency

Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7 allows remote attackers to execute arbitrary code via a long string to the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 49.9%.

RCE Samsung Buffer Overflow Kies
NVD Exploit-DB VulDB
CVSS 2.0
10.0
EPSS
49.9%
Threat
5.0
CVE-2013-3964 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Samsung SHR-5162, SHR-5082, and possibly other models, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Samsung XSS Shr 5082 Shr 5162
NVD
CVSS 2.0
4.3
EPSS
0.3%
CVE-2013-3586 HIGH POC This Week

Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Samsung Authentication Bypass Smart Viewer Dvr
NVD Exploit-DB
CVSS 2.0
7.6
EPSS
7.8%
CVE-2013-3585 MEDIUM POC THREAT This Month

Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.3%.

Samsung Authentication Bypass Smart Viewer
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
11.3%
CVE-2013-4890 HIGH POC THREAT Act Now

The DMCRUIS/0.1 web server on the Samsung PS50C7700 TV allows remote attackers to cause a denial of service (daemon crash) via a long URI to TCP port 5600. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.5%.

Samsung Denial Of Service Ps50C7700 Television Firmware Ps50C7700 Television
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
13.5%
CVE-2013-2310 LOW Monitor

SoftBank Wi-Fi Spot Configuration Software, as used on SoftBank SHARP 3G handsets, SoftBank Panasonic 3G handsets, SoftBank NEC 3G handsets, SoftBank Samsung 3G handsets, SoftBank mobile Wi-Fi. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Google Microsoft Authentication Bypass Wi Fi Spot Configuration Software +10
NVD
CVSS 2.0
3.3
EPSS
0.2%
CVE-2012-6337 LOW Monitor

The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Google Samsungdive
NVD
CVSS 2.0
3.3
EPSS
0.1%
CVE-2012-6334 LOW Monitor

The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide. Rated low severity (CVSS 2.9). No vendor patch available.

Privilege Escalation Samsung Google Samsungdive
NVD
CVSS 2.0
2.9
EPSS
0.1%
CVE-2012-6422 CRITICAL POC Act Now

The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Samsung Google Mx Galaxy Note 2 +1
NVD
CVSS 2.0
9.3
EPSS
6.6%
CVE-2012-5859 MEDIUM POC This Month

Samsung Kies Air 2.1.207051 and 2.1.210161 allows remote attackers to cause a denial of service (crash) via a crafted request to www/apps/KiesAir/jws/ssd.php. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Samsung Denial Of Service Kies Air
NVD
CVSS 2.0
5.0
EPSS
1.0%
CVE-2012-5858 MEDIUM POC THREAT This Month

Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address for authentication, which allows remote man-in-the-middle attackers to read arbitrary phone contents by spoofing or controlling the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.5%.

Samsung Authentication Bypass Kies Air
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
11.5%
CVE-2012-4964 HIGH This Week

The Samsung printer firmware before 20121031 has a hardcoded read-write SNMP community, which makes it easier for remote attackers to obtain administrative access via an SNMP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Samsung Printer Firmware
NVD
CVSS 2.0
7.5
EPSS
0.9%
CVE-2012-2619 HIGH POC THREAT Act Now

The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.5%.

Broadcom Denial Of Service Buffer Overflow Samsung Apple +4
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
26.5%
CVE-2012-2990 CRITICAL PATCH Act Now

The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller.dll in MarkAny ContentSAFER, as distributed in Samsung KIES before 2.3.2.12074_13_13, does not properly implement unspecified. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Samsung Code Injection RCE Kies
NVD
CVSS 2.0
9.3
EPSS
1.6%
CVE-2012-2864 CRITICAL Act Now

Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Google RCE Chrome Os +1
NVD
CVSS 2.0
10.0
EPSS
5.7%
CVE-2012-2980 HIGH This Week

The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Samsung Google Authentication Bypass Status Chacha +7
NVD
CVSS 2.0
7.1
EPSS
3.2%
CVE-2012-4335 HIGH POC THREAT Act Now

Samsung NET-i viewer 1.37.120316 allows remote attackers to cause a denial of service (infinite loop) via a negative size value in a TCP request to (1) NiwMasterService or (2) NiwStorageService. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.2%.

Buffer Overflow Samsung Denial Of Service Net I Viewer
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
12.2%
CVE-2012-4334 CRITICAL POC THREAT Emergency

The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i viewer 1.37.120316 allows remote attackers to execute arbitrary code via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.6%.

Samsung RCE Net I Viewer
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
28.6%
Threat
4.4
CVE-2012-4333 CRITICAL POC THREAT Emergency

Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 69.4%.

Buffer Overflow Samsung RCE Net I Viewer
NVD Exploit-DB
CVSS 2.0
10.0
EPSS
69.4%
Threat
5.6
CVE-2012-4330 HIGH POC THREAT Act Now

The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as demonstrated by the MAC address field, possibly a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.1%.

Buffer Overflow Samsung Denial Of Service D6000 Firmware
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
51.1%
Threat
4.6
CVE-2012-4329 HIGH POC THREAT Act Now

The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart) via a crafted controller name. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 54.1%.

Buffer Overflow Samsung Denial Of Service D6000 Firmware
NVD Exploit-DB
CVSS 2.0
7.8
EPSS
54.1%
Threat
4.7
CVE-2012-4250 CRITICAL POC THREAT Emergency

Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls31.dll in Samsung NET-i viewer 1.37 allows remote attackers to execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 25.2%.

Buffer Overflow Samsung RCE Net I Viewer
NVD Exploit-DB
CVSS 2.0
9.3
EPSS
25.2%
Threat
4.1
CVE-2012-4050 CRITICAL Act Now

Multiple unspecified vulnerabilities in Google Chrome OS before 21.0.1180.50 on the Cr-48 and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, have unknown impact. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Google Chrome Os Chrome
NVD
CVSS 2.0
10.0
EPSS
0.2%
CVE-2012-3290 CRITICAL Act Now

Multiple unspecified vulnerabilities in Google Chrome before 20.0.1132.22 on the Acer AC700; Samsung Series 5, 5 550, and Chromebox 3; and Cr-48 Chromebook platforms have unknown impact and attack. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Google Chrome Os Ac700 Chromebook +5
NVD
CVSS 2.0
10.0
EPSS
0.2%
CVE-2012-1418 CRITICAL Act Now

Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.60 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Google Chrome Os Ac700 Chromebook +3
NVD
CVSS 2.0
10.0
EPSS
0.2%
CVE-2012-0695 CRITICAL Act Now

Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Google Chrome Os Ac700 Chromebook +3
NVD
CVSS 2.0
10.0
EPSS
0.2%
EPSS 0% CVSS 6.8
MEDIUM POC This Month

Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Samsung Galaxy S6 Firmware +4
NVD GitHub
EPSS 0% CVSS 3.3
LOW POC Monitor

secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Google Authentication Bypass Samsung +2
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL Act Now

Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Samsung Galaxy S6 Firmware
NVD GitHub
EPSS 0% CVSS 3.3
LOW POC Monitor

Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to read sent e-mail messages, aka SVE-2015-5081. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Samsung Information Disclosure Galaxy S6 Firmware
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM POC This Month

The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Google +3
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM POC This Month

Samsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury. Rated medium severity (CVSS 6.4), this vulnerability is no authentication required. Public exploit code available and no vendor patch available.

Path Traversal Samsung Kies
NVD GitHub
EPSS 14% CVSS 8.8
HIGH POC THREAT Act Now

SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 13.6%.

Samsung Information Disclosure Galaxy S6
NVD Exploit-DB
EPSS 0% CVSS 8.0
HIGH This Week

Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x before 2.1.0069 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Privilege Escalation RCE +2
NVD
EPSS 0% CVSS 8.0
HIGH This Week

GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary. Rated high severity (CVSS 8.0), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Google Privilege Escalation +3
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Samsung Information Disclosure Nt14U Firmware +5
NVD
EPSS 3% CVSS 9.8
CRITICAL PATCH Act Now

The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Samsung Information Disclosure +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Samsung +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Samsung +1
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Google Samsung Information Disclosure +1
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

NULL pointer dereference in Samsung Exynos fimg2d driver for Android L(5.0/5.1) and M(6.0) allows attackers to have unspecified impact via unknown vectors. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Google +2
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users to read KNOX clipboard data via a crafted application. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Knox
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

Samsung KNOX 1.0.0 uses the shared certificate on Android, which allows local users to conduct man-in-the-middle attacks as demonstrated by installing a certificate and running a VPN service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Authentication Bypass Samsung +1
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM POC This Month

Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which makes it easier for local users to obtain sensitive information by leveraging knowledge of the TIMA key and a brute-force attack. Rated medium severity (CVSS 4.7). Public exploit code available and no vendor patch available.

Samsung Information Disclosure Knox
NVD VulDB
EPSS 1% CVSS 7.5
HIGH This Week

Use-after-free vulnerability in the Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows attackers to obtain sensitive information via unspecified vectors. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Use After Free Google Samsung +3
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM This Month

The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows local users to cause a denial of service (kernel panic) via a crafted ioctl command. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Google Samsung +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samsung Privilege Escalation +1
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samsung Privilege Escalation +1
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samsung Samsung Mobile
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allow attackers to crash systemUI by leveraging incomplete exception handling. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samsung Samsung Mobile
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Samsung +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 builds for the Samsung Galaxy S6 Edge devices, but the vulnerability can persist on the device even. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Google Information Disclosure Samsung +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samsung Samsung Mobile
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samsung Samsung Mobile
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samsung Samsung Mobile
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Samsung Mobile
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note devices allows attackers to cause a denial of service (UI restart) via vectors involving APIs and an activity that computes an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Samsung +1
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability on Samsung Mobile M(6.0) devices exists because external access to SystemUI activities is not properly restricted, leading to a SystemUI crash and device restart, aka SVE-2016-6248. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Samsung Null Pointer Dereference +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Android
NVD
EPSS 2% CVSS 9.8
CRITICAL Act Now

On Samsung Galaxy S4 through S7 devices, an integer overflow condition exists within libomacp.so when parsing OMACP messages (within WAP Push SMS messages) leading to a heap corruption that can. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Integer Overflow RCE Samsung +2
NVD
EPSS 0% CVSS 7.5
HIGH This Week

On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Google Samsung +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Google Samsung +1
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows attackers to bypass filesystem encryption via XOR calculations. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Authentication Bypass Web Viewer
NVD
EPSS 1% CVSS 7.5
HIGH This Week

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to discover credentials by reading detailed error messages. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Web Viewer
NVD
EPSS 68% 5.3 CVSS 8.6
HIGH POC THREAT Act Now

Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script. Rated high severity (CVSS 8.6), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 67.9%.

PHP Privilege Escalation Samsung +1
NVD
EPSS 5% CVSS 7.5
HIGH POC This Week

The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Google Buffer Overflow +2
NVD Exploit-DB
EPSS 2% CVSS 6.8
MEDIUM This Month

The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung SmartViewer allows remote attackers to execute arbitrary code via an index value. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Samsung Smartviewer
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Samsung Smartviewer
NVD
EPSS 0% CVSS 7.9
HIGH This Week

The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a. Rated high severity (CVSS 7.9). No vendor patch available.

Google Samsung Authentication Bypass +1
NVD
EPSS 0% CVSS 3.3
LOW Monitor

Samsung SBeam allows remote attackers to read arbitrary images by leveraging an NFC connection to access the HTTP server on port 15000. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure S Beam
NVD
EPSS 1% CVSS 6.4
MEDIUM POC This Month

Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal RCE Samsung +1
NVD GitHub
EPSS 0% CVSS 2.9
LOW POC Monitor

The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle. Rated low severity (CVSS 2.9). Public exploit code available and no vendor patch available.

RCE Samsung Swiftkey Sdk
NVD GitHub
EPSS 8% CVSS 10.0
CRITICAL Act Now

Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Privilege Escalation Samsung +1
NVD
EPSS 25% CVSS 6.8
MEDIUM POC THREAT This Month

Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code via a long string in the first argument to. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 24.9%.

RCE Samsung Buffer Overflow +1
NVD Exploit-DB
EPSS 1% CVSS 8.5
HIGH This Week

The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete arbitrary files, and consequently cause a denial of service, via a DELETE request. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Privilege Escalation Samsung +1
NVD
EPSS 2% CVSS 6.8
MEDIUM This Month

The STWConfig ActiveX control in Samsung SmartViewer does not properly initialize a variable, which allows remote attackers to execute arbitrary code via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. No vendor patch available.

RCE Samsung Code Injection +1
NVD
EPSS 9% CVSS 6.8
MEDIUM POC This Month

Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Samsung Buffer Overflow +1
NVD Exploit-DB
EPSS 0% CVSS 7.8
HIGH POC This Week

The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Samsung Denial Of Service +3
NVD
EPSS 8% CVSS 9.3
CRITICAL PATCH Act Now

Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4). Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Samsung Code Injection +1
NVD
EPSS 12% CVSS 9.3
CRITICAL PATCH Act Now

Stack-based buffer overflow in the FindConfigChildeKeyList method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control in Samsung iPOLiS Device Manager before 1.8.7 allows remote. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Epss exploitation probability 12.3%.

RCE Samsung Buffer Overflow +1
NVD
EPSS 50% 5.0 CVSS 10.0
CRITICAL POC THREAT Emergency

Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7 allows remote attackers to execute arbitrary code via a long string to the. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 49.9%.

RCE Samsung Buffer Overflow +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-site scripting (XSS) vulnerability in Samsung SHR-5162, SHR-5082, and possibly other models, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Samsung XSS Shr 5082 +1
NVD
EPSS 8% CVSS 7.6
HIGH POC This Week

Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie. Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Samsung Authentication Bypass Smart Viewer +1
NVD Exploit-DB
EPSS 11% CVSS 5.0
MEDIUM POC THREAT This Month

Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 11.3%.

Samsung Authentication Bypass Smart Viewer
NVD Exploit-DB
EPSS 13% CVSS 7.8
HIGH POC THREAT Act Now

The DMCRUIS/0.1 web server on the Samsung PS50C7700 TV allows remote attackers to cause a denial of service (daemon crash) via a long URI to TCP port 5600. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 13.5%.

Samsung Denial Of Service Ps50C7700 Television Firmware +1
NVD Exploit-DB
EPSS 0% CVSS 3.3
LOW Monitor

SoftBank Wi-Fi Spot Configuration Software, as used on SoftBank SHARP 3G handsets, SoftBank Panasonic 3G handsets, SoftBank NEC 3G handsets, SoftBank Samsung 3G handsets, SoftBank mobile Wi-Fi. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Google Microsoft +12
NVD
EPSS 0% CVSS 3.3
LOW Monitor

The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Google +1
NVD
EPSS 0% CVSS 2.9
LOW Monitor

The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide. Rated low severity (CVSS 2.9). No vendor patch available.

Privilege Escalation Samsung Google +1
NVD
EPSS 7% CVSS 9.3
CRITICAL POC Act Now

The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

Privilege Escalation Samsung Google +3
NVD
EPSS 1% CVSS 5.0
MEDIUM POC This Month

Samsung Kies Air 2.1.207051 and 2.1.210161 allows remote attackers to cause a denial of service (crash) via a crafted request to www/apps/KiesAir/jws/ssd.php. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP Samsung Denial Of Service +1
NVD
EPSS 11% CVSS 4.3
MEDIUM POC THREAT This Month

Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address for authentication, which allows remote man-in-the-middle attackers to read arbitrary phone contents by spoofing or controlling the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 11.5%.

Samsung Authentication Bypass Kies Air
NVD Exploit-DB
EPSS 1% CVSS 7.5
HIGH This Week

The Samsung printer firmware before 20121031 has a hardcoded read-write SNMP community, which makes it easier for remote attackers to obtain administrative access via an SNMP request. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Samsung Printer Firmware
NVD
EPSS 27% CVSS 7.8
HIGH POC THREAT Act Now

The Broadcom BCM4325 and BCM4329 Wi-Fi chips, as used in certain Acer, Apple, Asus, Ford, HTC, Kyocera, LG, Malata, Motorola, Nokia, Pantech, Samsung, and Sony products, allow remote attackers to. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 26.5%.

Broadcom Denial Of Service Buffer Overflow +6
NVD Exploit-DB
EPSS 2% CVSS 9.3
CRITICAL PATCH Act Now

The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller.dll in MarkAny ContentSAFER, as distributed in Samsung KIES before 2.3.2.12074_13_13, does not properly implement unspecified. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Samsung Code Injection RCE +1
NVD
EPSS 6% CVSS 10.0
CRITICAL Act Now

Mesa, as used in Google Chrome before 21.0.1183.0 on the Acer AC700, Cr-48, and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, allows remote attackers to execute. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Samsung Google +3
NVD
EPSS 3% CVSS 7.1
HIGH This Week

The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable. No vendor patch available.

Samsung Google Authentication Bypass +9
NVD
EPSS 12% CVSS 7.8
HIGH POC THREAT Act Now

Samsung NET-i viewer 1.37.120316 allows remote attackers to cause a denial of service (infinite loop) via a negative size value in a TCP request to (1) NiwMasterService or (2) NiwStorageService. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 12.2%.

Buffer Overflow Samsung Denial Of Service +1
NVD Exploit-DB
EPSS 29% 4.4 CVSS 10.0
CRITICAL POC THREAT Emergency

The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i viewer 1.37.120316 allows remote attackers to execute arbitrary code via. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 28.6%.

Samsung RCE Net I Viewer
NVD Exploit-DB
EPSS 69% 5.6 CVSS 10.0
CRITICAL POC THREAT Emergency

Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 69.4%.

Buffer Overflow Samsung RCE +1
NVD Exploit-DB
EPSS 51% 4.6 CVSS 7.8
HIGH POC THREAT Act Now

The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as demonstrated by the MAC address field, possibly a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 51.1%.

Buffer Overflow Samsung Denial Of Service +1
NVD Exploit-DB
EPSS 54% 4.7 CVSS 7.8
HIGH POC THREAT Act Now

The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart) via a crafted controller name. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 54.1%.

Buffer Overflow Samsung Denial Of Service +1
NVD Exploit-DB
EPSS 25% 4.1 CVSS 9.3
CRITICAL POC THREAT Emergency

Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls31.dll in Samsung NET-i viewer 1.37 allows remote attackers to execute. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 25.2%.

Buffer Overflow Samsung RCE +1
NVD Exploit-DB
EPSS 0% CVSS 10.0
CRITICAL Act Now

Multiple unspecified vulnerabilities in Google Chrome OS before 21.0.1180.50 on the Cr-48 and Samsung Series 5 and 5 550 Chromebook platforms, and the Samsung Chromebox Series 3, have unknown impact. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Google +2
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Multiple unspecified vulnerabilities in Google Chrome before 20.0.1132.22 on the Acer AC700; Samsung Series 5, 5 550, and Chromebox 3; and Cr-48 Chromebook platforms have unknown impact and attack. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Google +7
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.60 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Google +5
NVD
EPSS 0% CVSS 10.0
CRITICAL Act Now

Multiple unspecified vulnerabilities in Google Chrome before 17.0.963.27 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. Rated critical severity (CVSS 10.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Samsung Information Disclosure Google +5
NVD
Prev Page 11 of 11

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy