Vulnerabilities > Samsung > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-15 | CVE-2015-8280 | Information Exposure vulnerability in Samsung web Viewer 1.0.0.193 Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to discover credentials by reading detailed error messages. | 5.0 |
| 2016-01-15 | CVE-2015-8279 | Permissions, Privileges, and Access Controls vulnerability in Samsung web Viewer 1.0.0.193 Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script. | 5.0 |
| 2015-11-02 | CVE-2015-8040 | Improper Input Validation vulnerability in Samsung Smartviewer The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung SmartViewer allows remote attackers to execute arbitrary code via an index value. | 6.8 |
| 2015-11-02 | CVE-2015-8039 | Remote Code Execution vulnerability in Samsung SmartViewer Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the STWAxConfigNVR control, which trigger an untrusted pointer dereference. network samsung | 6.8 |
| 2015-06-19 | CVE-2015-4641 | Path Traversal vulnerability in Swiftkey SDK Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and consequently execute arbitrary code in a privileged context, by leveraging control of the skslm.swiftkey.net domain name and providing a .. | 6.4 |
| 2015-02-24 | CVE-2015-0555 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Ipolis Device Manager 1.12.2 Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code via a long string in the first argument to the (1) ReadConfigValue or (2) WriteConfigValue function. | 6.8 |
| 2014-12-08 | CVE-2014-9266 | Code Injection vulnerability in Samsung Smart Viewer The STWConfig ActiveX control in Samsung SmartViewer does not properly initialize a variable, which allows remote attackers to execute arbitrary code via unspecified vectors. | 6.8 |
| 2014-12-08 | CVE-2014-9265 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samsung Smartviewer Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors. | 6.8 |
| 2013-10-01 | CVE-2013-3964 | Cross-Site Scripting vulnerability in Samsung Shr-5082 and Shr-5162 Cross-site scripting (XSS) vulnerability in Samsung SHR-5162, SHR-5082, and possibly other models, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 4.3 |
| 2013-08-28 | CVE-2013-3585 | Credentials Management vulnerability in Samsung Smart Viewer Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file or (2) the user-setup web page. | 5.0 |