Vulnerabilities > Samsung
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-04 | CVE-2018-5210 | Out-of-bounds Write vulnerability in Samsung Mobile On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack to discover unlock information (PIN, password, or pattern). | 8.1 |
| 2018-01-04 | CVE-2017-18020 | Improper Input Validation vulnerability in Samsung Mobile On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers can execute arbitrary code in the bootloader because S Boot omits a size check during a copy of ramfs data to memory. | 8.4 |
| 2017-12-27 | CVE-2017-17859 | Cross-site Scripting vulnerability in Samsung Internet Browser 6.2.01.12 Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. | 6.1 |
| 2017-12-21 | CVE-2017-17692 | Information Exposure vulnerability in Samsung Internet Browser 5.4.02.3 Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property. | 7.5 |
| 2017-11-27 | CVE-2015-7268 | 7PK - Security Features vulnerability in multiple products Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or ThinkPad W541 laptops with BIOS 2.21, or in Opal or eDrive mode on Dell Latitude E6410 laptops with BIOS A16 or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by triggering a soft reset and booting from an alternative OS, aka a "Forced Restart Attack." | 4.2 |
| 2017-11-27 | CVE-2015-7267 | 7PK - Security Features vulnerability in multiple products Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a "Hot Plug attack." | 4.2 |
| 2017-09-11 | CVE-2017-14262 | Inadequate Encryption Strength vulnerability in Samsung products On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter. | 8.1 |
| 2017-08-24 | CVE-2015-7896 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Mobile LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file. | 6.5 |
| 2017-08-24 | CVE-2015-1801 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Galaxy S4 Firmware I9500Xxuemk8 The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to cause a denial of service (memory corruption) or gain privileges. | 9.8 |
| 2017-08-24 | CVE-2015-1800 | Information Exposure vulnerability in Samsung Galaxy S4 Firmware I9500Xxuemk8 The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to potentially obtain sensitive information. | 7.5 |