Filtered by vendor Samsung
Subscriptions
Total
1082 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-30690 | 1 Samsung | 1 Android | 2024-09-19 | 8.5 High |
| Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities. | ||||
| CVE-2023-30692 | 1 Samsung | 1 Android | 2024-09-19 | 8.5 High |
| Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities. | ||||
| CVE-2023-30727 | 1 Samsung | 1 Android | 2024-09-19 | 6.7 Medium |
| Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction. | ||||
| CVE-2023-30731 | 1 Samsung | 1 Android | 2024-09-19 | 5.7 Medium |
| Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type. | ||||
| CVE-2023-30732 | 1 Samsung | 1 Android | 2024-09-19 | 5.5 Medium |
| Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number. | ||||
| CVE-2023-30734 | 1 Samsung | 1 Health | 2024-09-19 | 4 Medium |
| Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent. | ||||
| CVE-2023-30735 | 1 Samsung | 1 Sassistant | 2024-09-19 | 5.1 Medium |
| Improper Preservation of Permissions vulnerability in SAssistant prior to version 8.7 allows local attackers to access backup data in SAssistant. | ||||
| CVE-2023-30736 | 1 Samsung | 1 Samsung Assistant | 2024-09-19 | 4.4 Medium |
| Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface. To trigger this vulnerability, user interaction is required. | ||||
| CVE-2023-30737 | 1 Samsung | 1 Health | 2024-09-19 | 4 Medium |
| Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent. | ||||
| CVE-2023-30738 | 1 Samsung | 8 Galaxy Book, Galaxy Book Firmware, Galaxy Book Odyssey and 5 more | 2024-09-19 | 5.5 Medium |
| An improper input validation in UEFI Firmware prior to Firmware update Oct-2023 Release in Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 and Galaxy Book Odyssey allows local attacker to execute SMM memory corruption. | ||||
| CVE-2023-42539 | 1 Samsung | 1 Health | 2024-09-17 | 4.7 Medium |
| PendingIntent hijacking vulnerability in ChallengeNotificationManager in Samsung Health prior to version 6.25 allows local attackers to access data. | ||||
| CVE-2023-42543 | 1 Samsung | 1 Bixby Voice | 2024-09-17 | 6.2 Medium |
| Improper verification of intent by broadcast receiver vulnerability in Bixby Voice prior to version 3.3.35.12 allows attackers to access arbitrary data with Bixby Voice privilege. | ||||
| CVE-2023-42544 | 1 Samsung | 1 Quick Share | 2024-09-17 | 5.5 Medium |
| Improper access control vulnerability in Quick Share prior to 13.5.52.0 allows local attacker to access local files. | ||||
| CVE-2023-42545 | 1 Samsung | 2 Android, Phone | 2024-09-17 | 5.5 Medium |
| Use of implicit intent for sensitive communication vulnerability in Phone prior to versions 12.7.20.12 in Android 11, 13.1.48, 13.5.28 in Android 12, and 14.7.38 in Android 13 allows attackers to access location data. | ||||
| CVE-2023-42546 | 1 Samsung | 1 Account | 2024-09-17 | 5.5 Medium |
| Use of implicit intent for sensitive communication vulnerability in startAgreeToDisclaimerActivity in Samsung Account prior to version 14.5.00.7 allows attackers to access arbitrary file with Samsung Account privilege. | ||||
| CVE-2023-42537 | 1 Samsung | 1 Android | 2024-09-17 | 8.4 High |
| An improper input validation in get_head_crc in libsaped prior to SMR Nov-2023 Release 1 allows local attackers to cause out-of-bounds read and write. | ||||
| CVE-2023-41111 | 1 Samsung | 32 Exynos 1080, Exynos 1080 Firmware, Exynos 1280 and 29 more | 2024-09-17 | 7.1 High |
| An issue was discovered in Samsung Mobile Processor, Wearable Processor, Automotive Processor, and Modem (Exynos 9810, 9610, 9820, 980, 850, 1080, 2100, 2200, 1280, 1380, 1330, 9110, W920, Modem 5123, Modem 5300, and Auto T5123). Improper handling of a length parameter inconsistency can cause abnormal termination of a mobile phone. This occurs in the RLC task and RLC module. | ||||
| CVE-2013-3586 | 1 Samsung | 2 Dvr, Smart Viewer | 2024-09-17 | N/A |
| Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie. | ||||
| CVE-2018-3878 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-17 | 9.9 Critical |
| Multiple exploitable buffer overflow vulnerabilities exist in the credentials handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17. The video-core process incorrectly extracts fields from a user-controlled JSON payload, leading to a buffer overflow on the stack. A strncpy overflows the destination buffer, which has a size of 16 bytes. An attacker can send an arbitrarily long "region" value in order to exploit this vulnerability. | ||||
| CVE-2018-3895 | 1 Samsung | 2 Sth-eth-250, Sth-eth-250 Firmware | 2024-09-17 | 8.8 High |
| An exploitable buffer overflow vulnerability exists in the /cameras/XXXX/clips handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 Firmware version 0.20.17. The strncpy call overflows the destination buffer, which has a size of 52 bytes. An attacker can send an arbitrarily long 'endTime' value in order to exploit this vulnerability. An attacker can send an HTTP request to trigger this vulnerability. | ||||