Vulnerabilities > Samsung > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-20 | CVE-2018-12037 | An issue was discovered on Samsung 840 EVO and 850 EVO devices (only in "ATA high" mode, not vulnerable in "TCG" or "ATA max" mode), Samsung T3 and T5 portable drives, and Crucial MX100, MX200 and MX300 devices. | 4.0 |
| 2018-09-24 | CVE-2018-10498 | Information Exposure vulnerability in Samsung Email This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. | 5.5 |
| 2018-09-21 | CVE-2018-3913 | Out-of-bounds Write vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17 An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. | 6.7 |
| 2018-08-28 | CVE-2018-3926 | Integer Underflow (Wrap or Wraparound) vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17 An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. | 5.5 |
| 2018-08-27 | CVE-2018-3927 | Improper Certificate Validation vulnerability in Samsung Sth-Eth-250 Firmware 0.20.17 An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. | 5.9 |
| 2018-08-03 | CVE-2018-14904 | Cross-site Scripting vulnerability in Samsung Syncthru web Service 4.05.61 Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid. | 6.1 |
| 2018-06-14 | CVE-2018-11689 | Cross-site Scripting vulnerability in multiple products Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. | 6.1 |
| 2018-05-29 | CVE-2018-10751 | Integer Overflow or Wraparound vulnerability in Samsung Mobile A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. | 5.3 |
| 2018-03-30 | CVE-2018-9140 | Cross-site Scripting vulnerability in Samsung Mobile 6.0 On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747. | 6.1 |
| 2018-03-06 | CVE-2018-6019 | Cleartext Transmission of Sensitive Information vulnerability in Samsung Display Solutions 3.01 Samsung Display Solutions App before 3.02 for Android allows man-in-the-middle attackers to spoof B2B content by leveraging failure to use encryption during information transmission. | 5.9 |