Vulnerabilities > Samsung > Low
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-24 | CVE-2018-10498 | Information Exposure vulnerability in Samsung Email This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. | 2.1 |
| 2017-11-27 | CVE-2015-7267 | 7PK - Security Features vulnerability in multiple products Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a "Hot Plug attack." | 1.9 |
| 2017-11-27 | CVE-2015-7268 | 7PK - Security Features vulnerability in multiple products Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or ThinkPad W541 laptops with BIOS 2.21, or in Opal or eDrive mode on Dell Latitude E6410 laptops with BIOS A16 or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by triggering a soft reset and booting from an alternative OS, aka a "Forced Restart Attack." | 1.9 |
| 2017-06-27 | CVE-2015-7895 | Improper Access Control vulnerability in Samsung Mobile Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). | 2.1 |
| 2017-06-27 | CVE-2015-7898 | Improper Access Control vulnerability in Samsung Mobile Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). | 2.1 |
| 2017-04-13 | CVE-2016-2036 | NULL Pointer Dereference vulnerability in Samsung Galaxy Note 3 Firmware and Galaxy S6 Firmware The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a "GET HTTP/1.1" request, aka SVE-2016-5036. | 2.1 |
| 2017-04-13 | CVE-2016-2565 | Information Exposure vulnerability in Samsung Galaxy S6 Firmware G920Fxxu2Coh2 Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to read sent e-mail messages, aka SVE-2015-5081. | 2.1 |
| 2017-04-13 | CVE-2016-2567 | Improper Input Validation vulnerability in Samsung Galaxy Note 3 Firmware and Galaxy S6 Firmware secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by the http://should-have-been-filtered.example.com/?http://google.com URL. | 2.1 |
| 2017-04-13 | CVE-2016-4032 | Improper Access Control vulnerability in Samsung products Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301. | 2.1 |
| 2017-02-13 | CVE-2016-4546 | Improper Input Validation vulnerability in Samsung Mobile 4.4/5.0/5.1 Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call. | 2.1 |