Vulnerabilities > Samsung > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-24 | CVE-2018-10499 | Improper Input Validation vulnerability in Samsung Galaxy Apps This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. | 4.4 |
| 2018-09-24 | CVE-2018-10497 | Improper Input Validation vulnerability in Samsung Email This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. | 4.6 |
| 2018-09-24 | CVE-2018-10496 | Improper Input Validation vulnerability in Samsung Internet Browser This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Internet Browser Fixed in version 6.4.0.15. | 6.8 |
| 2018-09-21 | CVE-2018-3913 | Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17 An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. | 6.7 |
| 2018-08-28 | CVE-2018-3926 | Integer Underflow (Wrap or Wraparound) vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17 An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. | 5.5 |
| 2018-08-27 | CVE-2018-3927 | Improper Certificate Validation vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17 An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. | 4.3 |
| 2018-08-03 | CVE-2018-14908 | Cross-Site Request Forgery (CSRF) vulnerability in Samsung Syncthru web Service 4.05.61 Samsung Syncthru Web Service V4.05.61 is vulnerable to CSRF on every request, as demonstrated by sws.application/printinformation/printReportSetupView.sws for a "Print emails sent" action. | 6.8 |
| 2018-08-03 | CVE-2018-14904 | Cross-site Scripting vulnerability in Samsung Syncthru web Service 4.05.61 Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid. | 4.3 |
| 2018-06-14 | CVE-2018-11689 | Cross-site Scripting vulnerability in multiple products Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. | 4.3 |
| 2018-05-29 | CVE-2018-10751 | Integer Overflow or Wraparound vulnerability in Samsung Mobile A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. | 5.4 |