Filtered by vendor Samsung
Subscriptions
Total
1110 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2021-25341 | 1 Samsung | 1 S Assistant | 2024-11-21 | 4 Medium |
Calling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actions including denial of service attack by hijacking the provider. | ||||
CVE-2021-25339 | 2 Google, Samsung | 2 Android, Exynos 9830 | 2024-11-21 | 4.4 Medium |
Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory. | ||||
CVE-2021-25338 | 2 Google, Samsung | 2 Android, Exynos 9830 | 2024-11-21 | 4.4 Medium |
Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to write certain part of RKP EL2 memory region. | ||||
CVE-2021-25335 | 2 Google, Samsung | 2 Android, One Ui | 2024-11-21 | 2.5 Low |
Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscreen in specific condition. | ||||
CVE-2021-25333 | 1 Samsung | 1 Pay Mini | 2024-11-21 | 3.2 Low |
Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code. | ||||
CVE-2021-25332 | 1 Samsung | 1 Pay Mini | 2024-11-21 | 3.2 Low |
Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to contacts information over the lockscreen in specific condition. | ||||
CVE-2021-25331 | 1 Samsung | 1 Pay Mini | 2024-11-21 | 3.2 Low |
Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen in specific condition. | ||||
CVE-2021-22684 | 1 Samsung | 1 Tizenrt | 2024-11-21 | 7.5 High |
Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in functions_calloc and mm_zalloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash | ||||
CVE-2021-22495 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 5.5 Medium |
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) (Exynos chipsets) software. The Mali GPU driver allows out-of-bounds access and a device reset. The Samsung ID is SVE-2020-19174 (January 2021). | ||||
CVE-2021-22494 | 2 Google, Samsung | 2 Android, Galaxy Note 20 | 2024-11-21 | 5.5 Medium |
An issue was discovered in the fingerprint scanner on Samsung Note20 mobile devices with Q(10.0) software. When a screen protector is used, the required image compensation is not present. Consequently, inversion can occur during fingerprint enrollment, and a high False Recognition Rate (FRR) can occur. The Samsung ID is SVE-2020-19216 (January 2021). | ||||
CVE-2020-9061 | 4 Aeotec, Samsung, Silabs and 1 more | 6 Zw090-a, Sth-eth-200, 500 Series Firmware and 3 more | 2024-11-21 | 6.5 Medium |
Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages. | ||||
CVE-2020-8860 | 2 Google, Samsung | 2 Android, Galaxy S10 | 2024-11-21 | 8.0 High |
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets. User interaction is required to exploit this vulnerability in that the target must answer a phone call. The specific flaw exists within the Call Control Setup messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the baseband processor. Was ZDI-CAN-9658. | ||||
CVE-2020-7811 | 2 Microsoft, Samsung | 2 Windows, Update | 2024-11-21 | 6.2 Medium |
Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication | ||||
CVE-2020-6616 | 3 Apple, Google, Samsung | 7 Ipados, Iphone Os, Mac Os X and 4 more | 2024-11-21 | 6.5 Medium |
Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020). | ||||
CVE-2020-35693 | 2 Google, Samsung | 8 Android, Galaxy A3, Galaxy Note 4 and 5 more | 2024-11-21 | 8.8 High |
On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device's Bluetooth is on, and it is running an app that offers a connectable BLE advertisement. An example of such an app could be a Bluetooth-based contact tracing app, such as Australia's COVIDSafe app, Singapore's TraceTogether app, or France's TousAntiCovid (formerly StopCovid). As part of the pairing process, two pieces (among others) of personally identifiable information are exchanged: the Identity Address of the Bluetooth adapter of the target device, and its associated Identity Resolving Key (IRK). Either one of these identifiers can be used to perform re-identification of the target device for long term tracking. The list of affected devices includes (but is not limited to): Galaxy Note 5, Galaxy S6 Edge, Galaxy A3, Tab A (2017), J2 Pro (2018), Galaxy Note 4, and Galaxy S5. | ||||
CVE-2020-28343 | 2 Google, Samsung | 4 Android, Exynos 980, Exynos 9820 and 1 more | 2024-11-21 | 7.8 High |
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 980, 9820, and 9830 chipsets) software. The NPU driver allows attackers to execute arbitrary code because of unintended write and read operations on memory. The Samsung ID is SVE-2020-18610 (November 2020). | ||||
CVE-2020-28341 | 2 Google, Samsung | 2 Android, Exynos 990 | 2024-11-21 | 7.8 High |
An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos990 chipsets) software. The S3K250AF Secure Element CC EAL 5+ chip allows attackers to execute arbitrary code and obtain sensitive information via a buffer overflow. The Samsung ID is SVE-2020-18632 (November 2020). | ||||
CVE-2020-26146 | 4 Arista, Redhat, Samsung and 1 more | 39 C-100, C-100 Firmware, C-110 and 36 more | 2024-11-21 | 5.3 Medium |
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design. | ||||
CVE-2020-26145 | 3 Redhat, Samsung, Siemens | 27 Enterprise Linux, Galaxy I9305, Galaxy I9305 Firmware and 24 more | 2024-11-21 | 6.5 Medium |
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. | ||||
CVE-2020-26144 | 4 Arista, Redhat, Samsung and 1 more | 37 C-100, C-100 Firmware, C-110 and 34 more | 2024-11-21 | 6.5 Medium |
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration. |