Vulnerabilities > Samsung
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-03-24 | CVE-2020-10835 | Classic Buffer Overflow vulnerability in Samsung Exynos An issue was discovered on Samsung mobile devices with any (before February 2020 for Exynos modem chipsets) software. | 10.0 |
| 2020-03-10 | CVE-2020-10255 | Improper Input Validation vulnerability in multiple products Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. | 9.3 |
| 2020-02-12 | CVE-2015-7890 | Classic Buffer Overflow vulnerability in Samsung Galaxy S6 Edge Firmware Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter. | 4.9 |
| 2020-02-10 | CVE-2019-6744 | Improper Authentication vulnerability in Samsung Knox 1.2.02.39 This vulnerability allows local attackers to disclose sensitive information on affected installations of Samsung Knox 1.2.02.39 on Samsung Galaxy S9 build G9600ZHS3ARL1 Secure Folder. | 2.1 |
| 2020-02-10 | CVE-2019-20451 | Unrestricted Upload of File with Dangerous Type vulnerability in Samsung Prismview Player 11 and Prismview System 9 The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. | 10.0 |
| 2020-02-04 | CVE-2019-19273 | Out-of-bounds Write vulnerability in multiple products On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. | 7.2 |
| 2020-01-22 | CVE-2018-16272 | Improper Privilege Management vulnerability in Samsung products The wpa_supplicant system service in Samsung Galaxy Gear series allows an unprivileged process to fully control the Wi-Fi interface, due to the lack of its D-Bus security policy configurations. | 7.5 |
| 2020-01-22 | CVE-2018-16271 | Improper Privilege Management vulnerability in Samsung products The wemail_consumer_service (from the built-in application wemail) in Samsung Galaxy Gear series allows an unprivileged process to manipulate a user's mailbox, due to improper D-Bus security policy configurations. | 3.3 |
| 2020-01-22 | CVE-2018-16270 | Improper Privilege Management vulnerability in Samsung products Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. | 5.0 |
| 2020-01-22 | CVE-2018-16269 | Information Exposure vulnerability in Samsung products The wnoti system service in Samsung Galaxy Gear series allows an unprivileged process to take over the internal notification message data, due to improper D-Bus security policy configurations. | 5.0 |