Vulnerabilities > Samsung
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-06-19 | CVE-2015-4641 | Path Traversal vulnerability in Swiftkey SDK Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and consequently execute arbitrary code in a privileged context, by leveraging control of the skslm.swiftkey.net domain name and providing a .. | 6.4 |
| 2015-06-19 | CVE-2015-4640 | 7PK - Security Features vulnerability in Swiftkey SDK The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. | 2.9 |
| 2015-05-01 | CVE-2015-3435 | Permissions, Privileges, and Access Controls vulnerability in Samsung Security Manager 1.30 Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request. | 10.0 |
| 2015-02-24 | CVE-2015-0555 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Ipolis Device Manager 1.12.2 Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code via a long string in the first argument to the (1) ReadConfigValue or (2) WriteConfigValue function. | 6.8 |
| 2015-02-16 | CVE-2015-1499 | Permissions, Privileges, and Access Controls vulnerability in Samsung Security Manager 1.30 The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete arbitrary files, and consequently cause a denial of service, via a DELETE request. | 8.5 |
| 2014-12-08 | CVE-2014-9266 | Code Injection vulnerability in Samsung Smart Viewer The STWConfig ActiveX control in Samsung SmartViewer does not properly initialize a variable, which allows remote attackers to execute arbitrary code via unspecified vectors. | 6.8 |
| 2014-12-08 | CVE-2014-9265 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samsung Smartviewer Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors. | 6.8 |
| 2014-10-24 | CVE-2014-8346 | Code Injection vulnerability in Samsung Findmymobile and Mobile The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic. | 7.8 |
| 2014-06-11 | CVE-2014-3911 | Code Injection vulnerability in Samsung Ipolis Device Manager 1.8.2 Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control. | 9.3 |
| 2014-06-05 | CVE-2014-3912 | Buffer Errors vulnerability in Samsung Ipolis Device Manager 1.8.2 Stack-based buffer overflow in the FindConfigChildeKeyList method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control in Samsung iPOLiS Device Manager before 1.8.7 allows remote attackers to execute arbitrary code via a long value. | 9.3 |