Filtered by vendor Samsung Subscriptions
Total 1110 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-25341 1 Samsung 1 S Assistant 2024-11-21 4 Medium
Calling of non-existent provider in S Assistant prior to version 6.5.01.22 allows unauthorized actions including denial of service attack by hijacking the provider.
CVE-2021-25339 2 Google, Samsung 2 Android, Exynos 9830 2024-11-21 4.4 Medium
Improper address validation in HArx in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to corrupt EL2 memory.
CVE-2021-25338 2 Google, Samsung 2 Android, Exynos 9830 2024-11-21 4.4 Medium
Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to write certain part of RKP EL2 memory region.
CVE-2021-25335 2 Google, Samsung 2 Android, One Ui 2024-11-21 2.5 Low
Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscreen in specific condition.
CVE-2021-25333 1 Samsung 1 Pay Mini 2024-11-21 3.2 Low
Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code.
CVE-2021-25332 1 Samsung 1 Pay Mini 2024-11-21 3.2 Low
Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to contacts information over the lockscreen in specific condition.
CVE-2021-25331 1 Samsung 1 Pay Mini 2024-11-21 3.2 Low
Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen in specific condition.
CVE-2021-22684 1 Samsung 1 Tizenrt 2024-11-21 7.5 High
Tizen RT RTOS version 3.0.GBB is vulnerable to integer wrap-around in functions_calloc and mm_zalloc. This improper memory assignment can lead to arbitrary memory allocation, resulting in unexpected behavior such as a crash
CVE-2021-22495 2 Google, Samsung 2 Android, Exynos 2024-11-21 5.5 Medium
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), Q(10.0), and R(11.0) (Exynos chipsets) software. The Mali GPU driver allows out-of-bounds access and a device reset. The Samsung ID is SVE-2020-19174 (January 2021).
CVE-2021-22494 2 Google, Samsung 2 Android, Galaxy Note 20 2024-11-21 5.5 Medium
An issue was discovered in the fingerprint scanner on Samsung Note20 mobile devices with Q(10.0) software. When a screen protector is used, the required image compensation is not present. Consequently, inversion can occur during fingerprint enrollment, and a high False Recognition Rate (FRR) can occur. The Samsung ID is SVE-2020-19216 (January 2021).
CVE-2020-9061 4 Aeotec, Samsung, Silabs and 1 more 6 Zw090-a, Sth-eth-200, 500 Series Firmware and 3 more 2024-11-21 6.5 Medium
Z-Wave devices using Silicon Labs 500 and 700 series chipsets, including but not likely limited to the SiLabs UZB-7 version 7.00, ZooZ ZST10 version 6.04, Aeon Labs ZW090-A version 3.95, and Samsung STH-ETH-200 version 6.04, are susceptible to denial of service via malformed routing messages.
CVE-2020-8860 2 Google, Samsung 2 Android, Galaxy S10 2024-11-21 8.0 High
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets. User interaction is required to exploit this vulnerability in that the target must answer a phone call. The specific flaw exists within the Call Control Setup messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the baseband processor. Was ZDI-CAN-9658.
CVE-2020-7811 2 Microsoft, Samsung 2 Windows, Update 2024-11-21 6.2 Medium
Samsung Update 3.0.2.0 ~ 3.0.32.0 has a vulnerability that allows privilege escalation as commands crafted by attacker are executed while the engine deserializes the data received during inter-process communication
CVE-2020-6616 3 Apple, Google, Samsung 7 Ipados, Iphone Os, Mac Os X and 4 more 2024-11-21 6.5 Medium
Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020).
CVE-2020-35693 2 Google, Samsung 8 Android, Galaxy A3, Galaxy Note 4 and 5 more 2024-11-21 8.8 High
On some Samsung phones and tablets running Android through 7.1.1, it is possible for an attacker-controlled Bluetooth Low Energy (BLE) device to pair silently with a vulnerable target device, without any user interaction, when the target device's Bluetooth is on, and it is running an app that offers a connectable BLE advertisement. An example of such an app could be a Bluetooth-based contact tracing app, such as Australia's COVIDSafe app, Singapore's TraceTogether app, or France's TousAntiCovid (formerly StopCovid). As part of the pairing process, two pieces (among others) of personally identifiable information are exchanged: the Identity Address of the Bluetooth adapter of the target device, and its associated Identity Resolving Key (IRK). Either one of these identifiers can be used to perform re-identification of the target device for long term tracking. The list of affected devices includes (but is not limited to): Galaxy Note 5, Galaxy S6 Edge, Galaxy A3, Tab A (2017), J2 Pro (2018), Galaxy Note 4, and Galaxy S5.
CVE-2020-28343 2 Google, Samsung 4 Android, Exynos 980, Exynos 9820 and 1 more 2024-11-21 7.8 High
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 980, 9820, and 9830 chipsets) software. The NPU driver allows attackers to execute arbitrary code because of unintended write and read operations on memory. The Samsung ID is SVE-2020-18610 (November 2020).
CVE-2020-28341 2 Google, Samsung 2 Android, Exynos 990 2024-11-21 7.8 High
An issue was discovered on Samsung mobile devices with Q(10.0) (Exynos990 chipsets) software. The S3K250AF Secure Element CC EAL 5+ chip allows attackers to execute arbitrary code and obtain sensitive information via a buffer overflow. The Samsung ID is SVE-2020-18632 (November 2020).
CVE-2020-26146 4 Arista, Redhat, Samsung and 1 more 39 C-100, C-100 Firmware, C-110 and 36 more 2024-11-21 5.3 Medium
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device sends fragmented frames and the WEP, CCMP, or GCMP data-confidentiality protocol is used. Note that WEP is vulnerable to this attack by design.
CVE-2020-26145 3 Redhat, Samsung, Siemens 27 Enterprise Linux, Galaxy I9305, Galaxy I9305 Firmware and 24 more 2024-11-21 6.5 Medium
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.
CVE-2020-26144 4 Arista, Redhat, Samsung and 1 more 37 C-100, C-100 Firmware, C-110 and 34 more 2024-11-21 6.5 Medium
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject arbitrary network packets independent of the network configuration.