Filtered by vendor Samsung
Subscribe
Total
1175 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-44636 | 1 Samsung | 30 T-ksu2eakuc, T-ksu2eakuc Firmware, T-ksu2edeuc and 27 more | 2025-04-22 | N/A | 4.6 MEDIUM |
| The Samsung TV (2021 and 2022 model) smart remote control allows attackers to enable microphone access via Bluetooth spoofing when a user is activating remote control by pressing a button. This is fixed in xxx72510, E9172511 for 2021 models, xxxA1000, 4x2A0200 for 2022 models. | |||||
| CVE-2016-4031 | 1 Samsung | 10 Galaxy Note 3, Galaxy Note 3 Firmware, Galaxy S4 and 7 more | 2025-04-20 | 4.6 MEDIUM | 6.8 MEDIUM |
| Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices allow attackers to send AT commands by plugging the device into a Linux host, aka SVE-2016-5301. | |||||
| CVE-2016-3996 | 1 Samsung | 1 Knox | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users to read KNOX clipboard data via a crafted application. | |||||
| CVE-2017-5925 | 5 Allwinner, Amd, Intel and 2 more | 20 A64, Athlon Ii 640 X4, E-350 and 17 more | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking ASLR. | |||||
| CVE-2017-5538 | 1 Samsung | 1 Samsung Mobile | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka SVE-2016-6362. | |||||
| CVE-2015-1801 | 1 Samsung | 2 Galaxy S4, Galaxy S4 Firmware | 2025-04-20 | 10.0 HIGH | 9.8 CRITICAL |
| The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to cause a denial of service (memory corruption) or gain privileges. | |||||
| CVE-2016-1920 | 1 Samsung | 1 Knox | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| Samsung KNOX 1.0.0 uses the shared certificate on Android, which allows local users to conduct man-in-the-middle attacks as demonstrated by installing a certificate and running a VPN service. | |||||
| CVE-2016-6526 | 1 Samsung | 1 Samsung Mobile | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object. | |||||
| CVE-2015-7267 | 2 Samsung, Seagate | 8 850 Pro, 850 Pro Firmware, Pm851 and 5 more | 2025-04-20 | 1.9 LOW | 4.2 MEDIUM |
| Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with BIOS A16; or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by leveraging failure to detect when SATA drives are unplugged in Sleep Mode, aka a "Hot Plug attack." | |||||
| CVE-2016-2566 | 1 Samsung | 2 Galaxy S6, Galaxy S6 Firmware | 2025-04-20 | 7.5 HIGH | 9.8 CRITICAL |
| Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices has SQL injection, aka SVE-2015-5081. | |||||
| CVE-2016-9279 | 1 Samsung | 1 Exynos Fimg2d Driver | 2025-04-20 | 5.0 MEDIUM | 7.5 HIGH |
| Use-after-free vulnerability in the Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows attackers to obtain sensitive information via unspecified vectors. The Samsung ID is SVE-2016-6853. | |||||
| CVE-2016-4030 | 1 Samsung | 10 Galaxy Note 3, Galaxy Note 3 Firmware, Galaxy S4 and 7 more | 2025-04-20 | 4.6 MEDIUM | 6.8 MEDIUM |
| Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the modem in USB configuration number 2 within the secure lockscreen state, allowing an attacker to make phone calls, send text messages, or issue commands, aka SVE-2016-5301. | |||||
| CVE-2015-7896 | 1 Samsung | 2 Galaxy S6, Samsung Mobile | 2025-04-20 | 4.3 MEDIUM | 6.5 MEDIUM |
| LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file. | |||||
| CVE-2016-9278 | 1 Samsung | 1 Exynos Fimg2d Driver | 2025-04-20 | 4.9 MEDIUM | 5.5 MEDIUM |
| The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows local users to cause a denial of service (kernel panic) via a crafted ioctl command. The Samsung ID is SVE-2016-6736. | |||||
| CVE-2017-3218 | 1 Samsung | 1 Magician | 2025-04-20 | 8.3 HIGH | 8.8 HIGH |
| Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates. | |||||
| CVE-2016-2036 | 1 Samsung | 4 Galaxy Note 3, Galaxy Note 3 Firmware, Galaxy S6 and 1 more | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a "GET HTTP/1.1" request, aka SVE-2016-5036. | |||||
| CVE-2015-7895 | 1 Samsung | 2 Galaxy S6, Samsung Mobile | 2025-04-20 | 2.1 LOW | 5.5 MEDIUM |
| Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). | |||||
| CVE-2015-7891 | 1 Samsung | 1 Samsung Mobile | 2025-04-20 | 4.4 MEDIUM | 7.0 HIGH |
| Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598. | |||||
| CVE-2016-6527 | 1 Samsung | 1 Samsung Mobile | 2025-04-20 | 9.3 HIGH | 7.8 HIGH |
| The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object. | |||||
| CVE-2015-7888 | 1 Samsung | 2 Galaxy S6 Edge, Galaxy S6 Edge Firmware | 2025-04-20 | 7.8 HIGH | 7.5 HIGH |
| Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download. | |||||