Vulnerabilities > Samsung
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-06-11 | CVE-2014-3911 | Code Injection vulnerability in Samsung Ipolis Device Manager 1.8.2 Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdvanceReader, or other unknown method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control. | 9.3 |
| 2014-06-05 | CVE-2014-3912 | Buffer Errors vulnerability in Samsung Ipolis Device Manager 1.8.2 Stack-based buffer overflow in the FindConfigChildeKeyList method in the XNSSDKDEVICE.XnsSdkDeviceCtrlForIpInstaller.1 ActiveX control in Samsung iPOLiS Device Manager before 1.8.7 allows remote attackers to execute arbitrary code via a long value. | 9.3 |
| 2014-04-04 | CVE-2012-6429 | Buffer Errors vulnerability in Samsung Kies 2.3.2.12074/2.3.2.120741313/2.5.0.120942711 Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7 allows remote attackers to execute arbitrary code via a long string to the password argument. | 10.0 |
| 2013-10-01 | CVE-2013-3964 | Cross-Site Scripting vulnerability in Samsung Shr-5082 and Shr-5162 Cross-site scripting (XSS) vulnerability in Samsung SHR-5162, SHR-5082, and possibly other models, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 4.3 |
| 2013-08-28 | CVE-2013-3586 | Improper Authentication vulnerability in Samsung DVR and Smart Viewer Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie. | 7.6 |
| 2013-08-28 | CVE-2013-3585 | Credentials Management vulnerability in Samsung Smart Viewer Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file or (2) the user-setup web page. | 5.0 |
| 2013-07-23 | CVE-2013-4890 | Denial of Service vulnerability in Samsung products The DMCRUIS/0.1 web server on the Samsung PS50C7700 TV allows remote attackers to cause a denial of service (daemon crash) via a long URI to TCP port 5600. | 7.8 |
| 2012-12-31 | CVE-2012-6337 | Information Exposure vulnerability in Samsung Samsungdive The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data. | 3.3 |
| 2012-12-31 | CVE-2012-6334 | Permissions, Privileges, and Access Controls vulnerability in Samsung Samsungdive The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer." | 2.9 |
| 2012-12-18 | CVE-2012-6422 | Permissions, Privileges, and Access Controls vulnerability in multiple products The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse. | 9.3 |