ReportizFlow
Filtered by vendor Samsung
Subscriptions
Total
1608 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-20934 | 1 Samsung | 1 Android | 2025-04-30 | 5.5 Medium |
| Improper access control in Sticker Center prior to SMR Apr-2025 Release 1 allows local attackers to access image files with system privilege. | ||||
| CVE-2024-20810 | 1 Samsung | 1 Android | 2025-04-24 | 3.3 Low |
| Implicit intent hijacking vulnerability in Smart Suggestions prior to SMR Feb-2024 Release 1 allows local attackers to get sensitive information. | ||||
| CVE-2024-20822 | 1 Samsung | 1 Galaxy Store | 2025-04-24 | 5.5 Medium |
| Implicit intent hijacking vulnerability in AccountActivity of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent. | ||||
| CVE-2022-39901 | 1 Samsung | 2 Exynos, Exynos Firmware | 2025-04-23 | 6.5 Medium |
| Improper authentication in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to disable the network traffic encryption between UE and gNodeB. | ||||
| CVE-2022-39909 | 1 Samsung | 1 Gear Iconx Pc Manager | 2025-04-23 | 7.1 High |
| Insufficient verification of data authenticity vulnerability in Samsung Gear IconX PC Manager prior to version 2.1.221019.51 allows local attackers to create arbitrary file using symbolic link. | ||||
| CVE-2022-39910 | 1 Samsung | 1 Pass | 2025-04-23 | 3.9 Low |
| Improper access control vulnerability in Samsung Pass prior to version 4.0.06.7 allow physical attackers to access data of Samsung Pass on a certain state of an unlocked device using pop-up view. | ||||
| CVE-2022-39911 | 1 Samsung | 1 Pass | 2025-04-23 | 4.8 Medium |
| Improper check or handling of exceptional conditions vulnerability in Samsung Pass prior to version 4.0.06.1 allows attacker to access Samsung Pass. | ||||
| CVE-2022-39915 | 2 Google, Samsung | 2 Android, Calendar | 2025-04-23 | 3.3 Low |
| Improper access control vulnerability in Calendar prior to versions 11.6.08.0 in Android Q(10), 12.2.11.3000 in Android R(11), 12.3.07.2000 in Android S(12), and 12.4.02.0 in Android T(13) allows attackers to access sensitive information via implicit intent. | ||||
| CVE-2022-39902 | 1 Samsung | 2 Exynos, Exynos Firmware | 2025-04-22 | 6.5 Medium |
| Improper authorization in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to get sensitive information including IMEI via emergency call. | ||||
| CVE-2022-44636 | 1 Samsung | 30 T-ksu2eakuc, T-ksu2eakuc Firmware, T-ksu2edeuc and 27 more | 2025-04-22 | 4.6 Medium |
| The Samsung TV (2021 and 2022 model) smart remote control allows attackers to enable microphone access via Bluetooth spoofing when a user is activating remote control by pressing a button. This is fixed in xxx72510, E9172511 for 2021 models, xxxA1000, 4x2A0200 for 2022 models. | ||||
| CVE-2016-1919 | 1 Samsung | 1 Knox | 2025-04-20 | N/A |
| Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which makes it easier for local users to obtain sensitive information by leveraging knowledge of the TIMA key and a brute-force attack. | ||||
| CVE-2017-14262 | 1 Samsung | 8 Srn 1000, Srn 1000 Firmware, Srn 1670d and 5 more | 2025-04-20 | N/A |
| On Samsung NVR devices, remote attackers can read the MD5 password hash of the 'admin' account via certain szUserName JSON data to cgi-bin/main-cgi, and login to the device with that hash in the szUserPasswd parameter. | ||||
| CVE-2015-1801 | 1 Samsung | 2 Galaxy S4, Galaxy S4 Firmware | 2025-04-20 | N/A |
| The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to cause a denial of service (memory corruption) or gain privileges. | ||||
| CVE-2016-9279 | 1 Samsung | 1 Exynos Fimg2d Driver | 2025-04-20 | N/A |
| Use-after-free vulnerability in the Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows attackers to obtain sensitive information via unspecified vectors. The Samsung ID is SVE-2016-6853. | ||||
| CVE-2015-7268 | 2 Samsung, Seagate | 8 850 Pro, 850 Pro Firmware, Pm851 and 5 more | 2025-04-20 | N/A |
| Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or ThinkPad W541 laptops with BIOS 2.21, or in Opal or eDrive mode on Dell Latitude E6410 laptops with BIOS A16 or Latitude E6430 laptops with BIOS A16, allow physically proximate attackers to bypass self-encrypting drive (SED) protection by triggering a soft reset and booting from an alternative OS, aka a "Forced Restart Attack." | ||||
| CVE-2016-2567 | 1 Samsung | 4 Galaxy Note 3, Galaxy Note 3 Firmware, Galaxy S6 and 1 more | 2025-04-20 | N/A |
| secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by the http://should-have-been-filtered.example.com/?http://google.com URL. | ||||
| CVE-2015-7889 | 2 Google, Samsung | 2 Android, Galaxy S6 Edge | 2025-04-20 | N/A |
| The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent. | ||||
| CVE-2015-5473 | 1 Samsung | 1 Syncthru 6 | 2025-04-20 | N/A |
| Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver. | ||||
| CVE-2016-4032 | 1 Samsung | 10 Galaxy Note 3, Galaxy Note 3 Firmware, Galaxy S4 and 7 more | 2025-04-20 | N/A |
| Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and AT+WIFIVALUE, which allows attackers to modify Android settings by leveraging AT access, aka SVE-2016-5301. | ||||
| CVE-2017-16524 | 2 Hanwhasecurity, Samsung | 2 Web Viewer, Srn-1670d | 2025-04-20 | N/A |
| Web Viewer 1.0.0.193 on Samsung SRN-1670D devices suffers from an Unrestricted file upload vulnerability: 'network_ssl_upload.php' allows remote authenticated attackers to upload and execute arbitrary PHP code via a filename with a .php extension, which is then accessed via a direct request to the file in the upload/ directory. To authenticate for this attack, one can obtain web-interface credentials in cleartext by leveraging the existing Local File Read Vulnerability referenced as CVE-2015-8279, which allows remote attackers to read the web-interface credentials via a request for the cslog_export.php?path=/root/php_modules/lighttpd/sbin/userpw URI. | ||||