Vulnerabilities > Samsung > Medium

DATE CVE VULNERABILITY TITLE RISK
2017-01-12 CVE-2017-5350 Denial of Service vulnerability in Multiple Samsung Android Mobile Devices
Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allow attackers to crash systemUI by leveraging incomplete exception handling.
network
low complexity
samsung
5.0
2016-11-23 CVE-2016-9567 Information Exposure vulnerability in Samsung Mobile 6.0
The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen.
network
samsung CWE-200
4.3
2016-01-15 CVE-2015-8280 Information Exposure vulnerability in Samsung web Viewer 1.0.0.193
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to discover credentials by reading detailed error messages.
network
low complexity
samsung CWE-200
5.0
2016-01-15 CVE-2015-8279 Permissions, Privileges, and Access Controls vulnerability in Samsung web Viewer 1.0.0.193
Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to read arbitrary files via a request to an unspecified PHP script.
network
low complexity
samsung CWE-264
5.0
2015-11-02 CVE-2015-8040 Improper Input Validation vulnerability in Samsung Smartviewer
The rtsp_getdlsendtime method in the CNC_Ctrl control in Samsung SmartViewer allows remote attackers to execute arbitrary code via an index value.
network
samsung CWE-20
6.8
2015-11-02 CVE-2015-8039 Remote Code Execution vulnerability in Samsung SmartViewer
Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors to the (1) DVRSetupSave method in the STWAxConfig control or (2) SendCustomPacket method in the STWAxConfigNVR control, which trigger an untrusted pointer dereference.
network
samsung
6.8
2015-06-19 CVE-2015-4641 Path Traversal vulnerability in Swiftkey SDK
Directory traversal vulnerability in the SwiftKey language-pack update implementation on Samsung Galaxy S4, S4 Mini, S5, and S6 devices allows remote web servers to write to arbitrary files, and consequently execute arbitrary code in a privileged context, by leveraging control of the skslm.swiftkey.net domain name and providing a ..
network
low complexity
swiftkey samsung CWE-22
6.4
2015-02-24 CVE-2015-0555 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Samsung Ipolis Device Manager 1.12.2
Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code via a long string in the first argument to the (1) ReadConfigValue or (2) WriteConfigValue function.
network
samsung CWE-119
6.8
2014-12-08 CVE-2014-9266 Code Injection vulnerability in Samsung Smart Viewer
The STWConfig ActiveX control in Samsung SmartViewer does not properly initialize a variable, which allows remote attackers to execute arbitrary code via unspecified vectors.
network
samsung CWE-94
6.8
2014-12-08 CVE-2014-9265 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Samsung Smartviewer
Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors.
network
samsung CWE-119
6.8