Vulnerabilities > Samsung
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-13 | CVE-2016-4030 | Improper Access Control vulnerability in Samsung products Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the modem in USB configuration number 2 within the secure lockscreen state, allowing an attacker to make phone calls, send text messages, or issue commands, aka SVE-2016-5301. | 6.8 |
| 2017-04-13 | CVE-2016-2567 | Improper Input Validation vulnerability in Samsung Galaxy Note 3 Firmware and Galaxy S6 Firmware secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by the http://should-have-been-filtered.example.com/?http://google.com URL. | 3.3 |
| 2017-04-13 | CVE-2016-2566 | SQL Injection vulnerability in Samsung Galaxy S6 Firmware G920Fxxu2Coh2 Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081. | 9.8 |
| 2017-04-13 | CVE-2016-2565 | Information Exposure vulnerability in Samsung Galaxy S6 Firmware G920Fxxu2Coh2 Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to read sent e-mail messages, aka SVE-2015-5081. | 3.3 |
| 2017-04-13 | CVE-2016-2036 | NULL Pointer Dereference vulnerability in Samsung Galaxy Note 3 Firmware and Galaxy S6 Firmware The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a "GET HTTP/1.1" request, aka SVE-2016-5036. | 5.5 |
| 2017-04-13 | CVE-2015-8780 | Path Traversal vulnerability in Samsung Kies Samsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury. | 6.4 |
| 2017-04-11 | CVE-2015-7893 | Improper Input Validation vulnerability in Samsung Galaxy S6 SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript. | 8.8 |
| 2017-03-27 | CVE-2015-0864 | Permissions, Privileges, and Access Controls vulnerability in Samsung Galaxy APP and Samsung Account APP Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x before 2.1.0069 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. | 8.0 |
| 2017-03-27 | CVE-2015-0863 | Permissions, Privileges, and Access Controls vulnerability in Samsung Galaxy APP and Samsung Account APP GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code. | 8.0 |
| 2017-03-23 | CVE-2015-5729 | Information Exposure vulnerability in Samsung products The Soft Access Point (AP) feature in Samsung Smart TVs X10P, X12, X14H, X14J, and NT14U and Xpress M288OFW printers generate weak WPA2 PSK keys, which makes it easier for remote attackers to obtain sensitive information or bypass authentication via a brute-force attack. | 9.8 |