Vulnerabilities > Samsung
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2012-12-18 | CVE-2012-6422 | Permissions, Privileges, and Access Controls vulnerability in multiple products The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse. | 9.3 |
| 2012-12-03 | CVE-2012-5859 | Denial of Service and Security Bypass vulnerability in Samsung Kies AIR 2.1.207051/2.1.210161 Samsung Kies Air 2.1.207051 and 2.1.210161 allows remote attackers to cause a denial of service (crash) via a crafted request to www/apps/KiesAir/jws/ssd.php. | 5.0 |
| 2012-12-03 | CVE-2012-5858 | Improper Authentication vulnerability in Samsung Kies AIR 2.1.207051/2.1.210161 Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address for authentication, which allows remote man-in-the-middle attackers to read arbitrary phone contents by spoofing or controlling the IP address. | 4.3 |
| 2012-11-28 | CVE-2012-4964 | Permissions, Privileges, and Access Controls vulnerability in Samsung Printer Firmware The Samsung printer firmware before 20121031 has a hardcoded read-write SNMP community, which makes it easier for remote attackers to obtain administrative access via an SNMP request. | 7.5 |
| 2012-08-24 | CVE-2012-2990 | Code Injection vulnerability in Samsung Kies 2.3.2.12074 The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller.dll in MarkAny ContentSAFER, as distributed in Samsung KIES before 2.3.2.12074_13_13, does not properly implement unspecified methods, which allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via a crafted HTML document. | 9.3 |
| 2012-08-21 | CVE-2012-2980 | Credentials Management vulnerability in multiple products The Samsung and HTC onTouchEvent method implementation for Android on the T-Mobile myTouch 3G Slide, HTC Merge, Sprint EVO Shift 4G, HTC ChaCha, AT&T Status, HTC Desire Z, T-Mobile G2, T-Mobile myTouch 4G Slide, and Samsung Galaxy S stores touch coordinates in the dmesg buffer, which allows remote attackers to obtain sensitive information via a crafted application, as demonstrated by PIN numbers, telephone numbers, and text messages. | 7.1 |
| 2012-08-14 | CVE-2012-4335 | Buffer Errors vulnerability in Samsung Net-I Viewer 1.37.120316 Samsung NET-i viewer 1.37.120316 allows remote attackers to cause a denial of service (infinite loop) via a negative size value in a TCP request to (1) NiwMasterService or (2) NiwStorageService. | 7.8 |
| 2012-08-14 | CVE-2012-4334 | Remote vulnerability in Samsung Net-I Viewer 1.37.120316 The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i viewer 1.37.120316 allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
| 2012-08-14 | CVE-2012-4333 | Buffer Errors vulnerability in Samsung Net-I Viewer 1.37.120316 Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to execute arbitrary code via a long string in the fname parameter. | 10.0 |
| 2012-08-14 | CVE-2012-4330 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung D6000 Firmware The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as demonstrated by the MAC address field, possibly a buffer overflow. | 7.8 |