Vulnerabilities > Samsung > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-10 | CVE-2019-6744 | Improper Authentication vulnerability in Samsung Knox 1.2.02.39 This vulnerability allows local attackers to disclose sensitive information on affected installations of Samsung Knox 1.2.02.39 on Samsung Galaxy S9 build G9600ZHS3ARL1 Secure Folder. | 4.3 |
| 2020-01-22 | CVE-2018-16271 | Improper Privilege Management vulnerability in Samsung products The wemail_consumer_service (from the built-in application wemail) in Samsung Galaxy Gear series allows an unprivileged process to manipulate a user's mailbox, due to improper D-Bus security policy configurations. | 6.5 |
| 2019-12-27 | CVE-2013-4764 | Incorrect Default Permissions vulnerability in Samsung Galaxy S3 Firmware and Galaxy S4 Firmware Samsung Galaxy S3/S4 exposes an unprotected component allowing an unprivileged app to send arbitrary SMS texts to arbitrary destinations without permission. | 4.3 |
| 2019-12-27 | CVE-2013-4763 | Incorrect Default Permissions vulnerability in Samsung Galaxy S3 Firmware and Galaxy S4 Firmware Samsung Galaxy S3/S4 exposes an unprotected component allowing arbitrary SMS text messages without requesting permission. | 4.6 |
| 2019-11-06 | CVE-2019-16401 | Unspecified vulnerability in Samsung products Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow injection of AT+CIMI and AT+CGSN over Bluetooth, leaking sensitive information such as IMSI, IMEI, call status, call setup stage, internet service status, signal strength, current roaming status, battery level, and call held status. low complexity samsung | 6.5 |
| 2019-11-06 | CVE-2019-16400 | Unspecified vulnerability in Samsung products Samsung Galaxy S8 plus (Android version: 8.0.0, Build Number: R16NW.G955USQU5CRG3, Baseband Vendor: Qualcomm Snapdragon 835, Baseband: G955USQU5CRG3), Samsung Galaxy S3 (Android version: 4.3, Build Number: JSS15J.I9300XXUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: I9300XXUGNA8), and Samsung Galaxy Note 2 (Android version: 4.3, Build Number: JSS15J.I9300XUGND5, Baseband Vendor: Samsung Exynos 4412, Baseband: N7100DDUFND1) devices allow attackers to send AT commands over Bluetooth, resulting in several Denial of Service (DoS) attacks. low complexity samsung | 6.5 |
| 2019-10-17 | CVE-2019-17668 | Unspecified vulnerability in Samsung Galaxy S10 Firmware and Note 10 Firmware Samsung Galaxy S10 and Note10 devices allow unlock operations via unregistered fingerprints in certain situations involving a third-party screen protector. low complexity samsung | 6.8 |
| 2019-06-06 | CVE-2019-12762 | Xiaomi Mi 5s Plus devices allow attackers to trigger touchscreen anomalies via a radio signal between 198 kHz and 203 kHz, as demonstrated by a transmitter and antenna hidden just beneath the surface of a coffee-shop table, aka Ghost Touch. | 4.2 |
| 2019-05-24 | CVE-2019-12315 | Cross-site Scripting vulnerability in Samsung Scx-824 Firmware Samsung SCX-824 printers allow a reflected Cross-Site-Scripting (XSS) vulnerability that can be triggered by using the "print from file" feature, as demonstrated by the sws/swsAlert.sws?popupid=successMsg msg parameter. | 6.1 |
| 2019-05-14 | CVE-2019-12087 | Resource Management Errors vulnerability in Samsung S10 Firmware, S9+ Firmware and Xcover 4 Firmware Samsung S9+, S10, and XCover 4 P(9.0) devices can become temporarily inoperable because of an unprotected intent in the ContainerAgent application. | 5.5 |