Filtered by vendor Samsung
Subscriptions
Total
1083 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-6616 | 3 Apple, Google, Samsung | 7 Ipados, Iphone Os, Mac Os X and 4 more | 2024-08-04 | 6.5 Medium |
| Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020). | ||||
| CVE-2021-42913 | 1 Samsung | 3 Scx-6555, Scx-6555n, Syncthru Web Service | 2024-08-04 | 7.5 High |
| The SyncThru Web Service on Samsung SCX-6x55X printers allows an attacker to gain access to a list of SMB users and cleartext passwords by reading the HTML source code. Authentication is not required. | ||||
| CVE-2021-39373 | 1 Samsung | 2 Drive Manager, H3 | 2024-08-04 | 7.8 High |
| Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers to bypass intended access controls on disk management. WideCharToMultiByte, WideCharStr, and MultiByteStr can contribute to password exposure. | ||||
| CVE-2021-35309 | 1 Samsung | 1 Syncthru Web Service | 2024-08-04 | 7.5 High |
| An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks. | ||||
| CVE-2021-25522 | 1 Samsung | 1 Smart Capture | 2024-08-03 | 5.3 Medium |
| Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 allows attacker to access victim's captured images without permission. | ||||
| CVE-2021-25523 | 1 Samsung | 1 Dialer | 2024-08-03 | 4 Medium |
| Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID. | ||||
| CVE-2021-25525 | 1 Samsung | 1 Pay | 2024-08-03 | 2 Low |
| Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition. | ||||
| CVE-2021-25526 | 1 Samsung | 1 Blockchain Wallet | 2024-08-03 | 4 Medium |
| Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action. | ||||
| CVE-2021-25524 | 1 Samsung | 1 Contacts | 2024-08-03 | 4 Medium |
| Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID. | ||||
| CVE-2021-25521 | 1 Samsung | 1 Internet | 2024-08-03 | 4 Medium |
| Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet. | ||||
| CVE-2021-25527 | 1 Samsung | 1 Pay | 2024-08-03 | 3.8 Low |
| Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication. | ||||
| CVE-2021-25520 | 1 Samsung | 1 Internet | 2024-08-03 | 5.9 Medium |
| Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet. | ||||
| CVE-2021-25509 | 1 Samsung | 1 Samsung Flow | 2024-08-03 | 5.9 Medium |
| A missing input validation in Samsung Flow Windows application prior to Version 4.8.5.0 allows attackers to overwrite abtraty file in the Windows known folders. | ||||
| CVE-2021-25508 | 1 Samsung | 1 Smartthings | 2024-08-03 | 5.3 Medium |
| Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation. | ||||
| CVE-2021-25507 | 1 Samsung | 1 Samsung Flow | 2024-08-03 | 5.7 Medium |
| Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization. | ||||
| CVE-2021-25503 | 2 Google, Samsung | 2 Android, Exynos | 2024-08-03 | 5 Medium |
| Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution. | ||||
| CVE-2021-25379 | 1 Samsung | 1 Gallery | 2024-08-03 | 4 Medium |
| Intent redirection vulnerability in Gallery prior to version 5.4.16.1 allows attacker to execute privileged action. | ||||
| CVE-2021-25495 | 1 Samsung | 1 Notes | 2024-08-03 | 7.3 High |
| A possible heap buffer overflow vulnerability in libSPenBase library of Samsung Notes prior to Samsung Note version 4.3.02.61 allows arbitrary code execution. | ||||
| CVE-2021-25467 | 2 Google, Samsung | 4 Android, Exynos 2100, Exynos 980 and 1 more | 2024-08-03 | 5.3 Medium |
| Assuming system privilege is gained, possible buffer overflow vulnerabilities in the Vision DSP kernel driver prior to SMR Oct-2021 Release 1 allows privilege escalation to Root by hijacking loaded library. | ||||
| CVE-2021-25481 | 2 Google, Samsung | 2 Android, Exynos | 2024-08-03 | 6.4 Medium |
| An improper error handling in Exynos CP booting driver prior to SMR Oct-2021 Release 1 allows local attackers to bypass a Secure Memory Protector of Exynos CP Memory. | ||||