Vulnerabilities > Samsung > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-03 | CVE-2018-14908 | Cross-Site Request Forgery (CSRF) vulnerability in Samsung Syncthru web Service 4.05.61 Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action. | 8.8 |
| 2018-03-30 | CVE-2018-9142 | Improper Input Validation vulnerability in Samsung Mobile On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932. | 7.0 |
| 2018-03-30 | CVE-2018-9141 | Improper Input Validation vulnerability in Samsung Mobile On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Gallery allows remote attackers to execute arbitrary code via a BMP file with a crafted resolution, aka SVE-2017-11105. | 7.8 |
| 2018-01-04 | CVE-2018-5210 | Out-of-bounds Write vulnerability in Samsung Mobile On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack to discover unlock information (PIN, password, or pattern). | 8.1 |
| 2018-01-04 | CVE-2017-18020 | Improper Input Validation vulnerability in Samsung Mobile On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers can execute arbitrary code in the bootloader because S Boot omits a size check during a copy of ramfs data to memory. | 8.4 |
| 2017-12-21 | CVE-2017-17692 | Information Exposure vulnerability in Samsung Internet Browser 5.4.02.3 Samsung Internet Browser 5.4.02.3 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code that redirects to a child tab and rewrites the innerHTML property. | 7.5 |
| 2017-09-11 | CVE-2017-14262 | Inadequate Encryption Strength vulnerability in Samsung products On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter. | 8.1 |
| 2017-08-24 | CVE-2015-1800 | Information Exposure vulnerability in Samsung Galaxy S4 Firmware I9500Xxuemk8 The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to potentially obtain sensitive information. | 7.5 |
| 2017-08-09 | CVE-2015-7894 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Galaxy S6 Edge Firmware Lrx22G.G925Vvru1Aoe2 The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process crash) and execute arbitrary code via a crafted JPG. | 8.8 |
| 2017-08-02 | CVE-2015-7891 | Race Condition vulnerability in Samsung Mobile 5.0/5.1 Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598. | 7.0 |