Vulnerabilities > Samsung
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-05-01 | CVE-2015-3435 | Permissions, Privileges, and Access Controls vulnerability in Samsung Security Manager 1.30 Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request. | 10.0 |
| 2015-02-24 | CVE-2015-0555 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Ipolis Device Manager 1.12.2 Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code via a long string in the first argument to the (1) ReadConfigValue or (2) WriteConfigValue function. | 6.8 |
| 2015-02-16 | CVE-2015-1499 | Permissions, Privileges, and Access Controls vulnerability in Samsung Security Manager 1.30 The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete arbitrary files, and consequently cause a denial of service, via a DELETE request. | 8.5 |
| 2014-12-08 | CVE-2014-9266 | Code Injection vulnerability in Samsung Smart Viewer The STWConfig ActiveX control in Samsung SmartViewer does not properly initialize a variable, which allows remote attackers to execute arbitrary code via unspecified vectors. | 6.8 |
| 2014-12-08 | CVE-2014-9265 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samsung Smartviewer Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors. | 6.8 |
| 2014-10-24 | CVE-2014-8346 | Code Injection vulnerability in Samsung Findmymobile and Mobile The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic. | 7.8 |
| 2014-06-11 | CVE-2014-3911 | Code Injection vulnerability in Samsung Ipolis Device Manager 1.8.2 Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control. | 9.3 |
| 2014-06-05 | CVE-2014-3912 | Buffer Errors vulnerability in Samsung Ipolis Device Manager 1.8.2 Stack-based buffer overflow in the FindConfigChildeKeyList method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control in Samsung iPOLiS Device Manager before 1.8.7 allows remote attackers to execute arbitrary code via a long value. | 9.3 |
| 2014-04-04 | CVE-2012-6429 | Buffer Errors vulnerability in Samsung Kies 2.3.2.12074/2.3.2.120741313/2.5.0.120942711 Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7 allows remote attackers to execute arbitrary code via a long string to the password argument. | 10.0 |
| 2013-10-01 | CVE-2013-3964 | Cross-Site Scripting vulnerability in Samsung Shr-5082 and Shr-5162 Cross-site scripting (XSS) vulnerability in Samsung SHR-5162, SHR-5082, and possibly other models, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 4.3 |