Vulnerabilities > Samsung > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-06-07 | CVE-2018-20135 | Improper Certificate Validation vulnerability in Samsung Galaxy Apps Samsung Galaxy Apps before 4.4.01.7 allows modification of the hostname used for load balancing on installations of applications through a man-in-the-middle attack. | 6.8 |
| 2019-06-06 | CVE-2019-12762 | Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch. | 4.2 |
| 2019-06-03 | CVE-2019-6740 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Galaxy S9 Firmware This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). | 6.8 |
| 2019-05-24 | CVE-2019-12315 | Cross-site Scripting vulnerability in Samsung Scx-824 Firmware Samsung SCX-824 printers allow a reflected Cross-Site-Scripting (XSS) vulnerability that can be triggered by using the "print from file" feature, as demonstrated by the sws/swsAlert.sws?popupid=successMsg msg parameter. | 4.3 |
| 2019-05-14 | CVE-2019-12087 | Resource Management Errors vulnerability in Samsung S10 Firmware, S9+ Firmware and Xcover 4 Firmware Samsung S9+, S10, and XCover 4 P(9.0) devices can become temporarily inoperable because of an unprotected intent in the ContainerAgent application. | 5.5 |
| 2019-03-21 | CVE-2019-7421 | Cross-site Scripting vulnerability in Samsung Syncthru web Service and X7400Gx Firmware XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple parameters: contextpath and basedURL. | 4.3 |
| 2019-03-21 | CVE-2019-7420 | Cross-site Scripting vulnerability in Samsung Syncthru web Service and X7400Gx Firmware XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.application/information/networkinformationView.sws" in the tabName parameter. | 4.3 |
| 2019-03-21 | CVE-2019-7419 | Cross-site Scripting vulnerability in Samsung Syncthru web Service and X7400Gx Firmware XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title. | 4.3 |
| 2019-03-21 | CVE-2019-7418 | Cross-site Scripting vulnerability in Samsung Syncthru web Service and X7400Gx Firmware XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc. | 4.3 |
| 2019-03-21 | CVE-2018-14745 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Galaxy S6 Firmware G920Fxxu5Eqh7 Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to overwrite kernel memory due to improper validation of the ring buffer read pointer. | 5.8 |