Vulnerabilities > Samsung
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2013-08-28 | CVE-2013-3586 | Improper Authentication vulnerability in Samsung DVR and Smart Viewer Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie. | 7.6 |
| 2013-08-28 | CVE-2013-3585 | Credentials Management vulnerability in Samsung Smart Viewer Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file or (2) the user-setup web page. | 5.0 |
| 2013-07-23 | CVE-2013-4890 | Denial of Service vulnerability in Samsung products The DMCRUIS/0.1 web server on the Samsung PS50C7700 TV allows remote attackers to cause a denial of service (daemon crash) via a long URI to TCP port 5600. | 7.8 |
| 2012-12-31 | CVE-2012-6337 | Information Exposure vulnerability in Samsung Samsungdive The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data. | 3.3 |
| 2012-12-31 | CVE-2012-6334 | Permissions, Privileges, and Access Controls vulnerability in Samsung Samsungdive The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer." | 2.9 |
| 2012-12-18 | CVE-2012-6422 | Permissions, Privileges, and Access Controls vulnerability in multiple products The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse. | 9.3 |
| 2012-12-03 | CVE-2012-5859 | Denial of Service and Security Bypass vulnerability in Samsung Kies AIR 2.1.207051/2.1.210161 Samsung Kies Air 2.1.207051 and 2.1.210161 allows remote attackers to cause a denial of service (crash) via a crafted request to www/apps/KiesAir/jws/ssd.php. | 5.0 |
| 2012-12-03 | CVE-2012-5858 | Improper Authentication vulnerability in Samsung Kies AIR 2.1.207051/2.1.210161 Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address for authentication, which allows remote man-in-the-middle attackers to read arbitrary phone contents by spoofing or controlling the IP address. | 4.3 |
| 2012-11-28 | CVE-2012-4964 | Permissions, Privileges, and Access Controls vulnerability in Samsung Printer Firmware The Samsung printer firmware before 20121031 has a hardcoded read-write SNMP community, which makes it easier for remote attackers to obtain administrative access via an SNMP request. | 7.5 |
| 2012-08-24 | CVE-2012-2990 | Code Injection vulnerability in Samsung Kies 2.3.2.12074 The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller.dll in MarkAny ContentSAFER, as distributed in Samsung KIES before 2.3.2.12074_13_13, does not properly implement unspecified methods, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted HTML document. | 9.3 |