Vulnerabilities > Samsung
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-07-06 | CVE-2015-4034 | Improper Access Control vulnerability in Samsung Galaxy S5 The createFromParcel method in the com.absolute.android.persistence.MethodSpec class in Samsung Galaxy S5s allows remote attackers to execute arbitrary files via a crafted Parcelable object in a serialized MethodSpec object. | 7.9 |
| 2015-07-06 | CVE-2015-4033 | Information Exposure vulnerability in Samsung S-Beam Samsung SBeam allows remote attackers to read arbitrary images by leveraging an NFC connection to access the HTTP server on port 15000. | 3.3 |
| 2015-06-19 | CVE-2015-4641 | Path Traversal vulnerability in Swiftkey SDK Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and consequently execute arbitrary code in a privileged context, by leveraging control of the skslm.swiftkey.net domain name and providing a .. | 6.4 |
| 2015-06-19 | CVE-2015-4640 | 7PK - Security Features vulnerability in Swiftkey SDK The SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices relies on an HTTP connection to the skslm.swiftkey.net server, which allows man-in-the-middle attackers to write to language-pack files by modifying an HTTP response. | 2.9 |
| 2015-05-01 | CVE-2015-3435 | Permissions, Privileges, and Access Controls vulnerability in Samsung Security Manager 1.30 Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request. | 10.0 |
| 2015-02-24 | CVE-2015-0555 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Ipolis Device Manager 1.12.2 Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code via a long string in the first argument to the (1) ReadConfigValue or (2) WriteConfigValue function. | 6.8 |
| 2015-02-16 | CVE-2015-1499 | Permissions, Privileges, and Access Controls vulnerability in Samsung Security Manager 1.30 The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete arbitrary files, and consequently cause a denial of service, via a DELETE request. | 8.5 |
| 2014-12-08 | CVE-2014-9266 | Code Injection vulnerability in Samsung Smart Viewer The STWConfig ActiveX control in Samsung SmartViewer does not properly initialize a variable, which allows remote attackers to execute arbitrary code via unspecified vectors. | 6.8 |
| 2014-12-08 | CVE-2014-9265 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samsung Smartviewer Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors. | 6.8 |
| 2014-10-24 | CVE-2014-8346 | Code Injection vulnerability in Samsung Findmymobile and Mobile The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (screen locking with an arbitrary code) by triggering unexpected Find My Mobile network traffic. | 7.8 |