Filtered by vendor Samsung
Subscriptions
Total
1187 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2020-10849 | 2 Google, Samsung | 4 Android, Exynos 7885, Exynos 8895 and 1 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos7885, Exynos8895, and Exynos9810 chipsets) software. The Gatekeeper trustlet allows a brute-force attack on the screen lock password. The Samsung ID is SVE-2019-14575 (January 2020). | ||||
| CVE-2020-10848 | 2 Google, Samsung | 2 Android, Exynos 9810 | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos 9810 chipsets) software. Arbitrary memory mapping exists in TEE. The Samsung ID is SVE-2019-16665 (February 2020). | ||||
| CVE-2020-10847 | 2 Google, Samsung | 3 Android, Galaxy Note8, Galaxy S8 | 2024-11-21 | 6.8 Medium |
| An issue was discovered on Samsung mobile devices with P(9.0) (Galaxy S8 and Note8) software. Facial recognition can be spoofed. The Samsung ID is SVE-2019-16614 (February 2020). | ||||
| CVE-2020-10841 | 2 Google, Samsung | 2 Android, Exynos 9610 | 2024-11-21 | 7.8 High |
| An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 9610 chipsets) software. There is an arbitrary kfree in the vipx and vertex drivers. The Samsung ID is SVE-2019-16294 (February 2020). | ||||
| CVE-2020-10840 | 2 Google, Samsung | 2 Android, Exynos 9610 | 2024-11-21 | 7.1 High |
| An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 9610 chipsets) software. There is a kernel pointer leak in the vipx driver. The Samsung ID is SVE-2019-16293 (February 2020). | ||||
| CVE-2020-10835 | 1 Samsung | 1 Exynos | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with any (before February 2020 for Exynos modem chipsets) software. There is a buffer overflow in baseband CP message decoding. The Samsung IDs are SVE-2019-15816 and SVE-2019-15817 (February 2020). | ||||
| CVE-2020-10255 | 3 Micron, Samsung, Skhynix | 6 Ddr4 Sdram, Lpddr4, Ddr4 and 3 more | 2024-11-21 | 9.0 Critical |
| Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger bit flips on affected memory modules, aka a Many-sided RowHammer attack. This means that, even when chips advertised as RowHammer-free are used, attackers may still be able to conduct privilege-escalation attacks against the kernel, conduct privilege-escalation attacks against the Sudo binary, and achieve cross-tenant virtual-machine access by corrupting RSA keys. The issue affects chips produced by SK Hynix, Micron, and Samsung. NOTE: tracking DRAM supply-chain issues is not straightforward because a single product model from a single vendor may use DRAM chips from different manufacturers. | ||||
| CVE-2019-7421 | 1 Samsung | 3 Syncthru Web Service, X7400gx, X7400gx Firmware | 2024-11-21 | N/A |
| XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple parameters: contextpath and basedURL. | ||||
| CVE-2019-7420 | 1 Samsung | 3 Syncthru Web Service, X7400gx, X7400gx Firmware | 2024-11-21 | N/A |
| XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.application/information/networkinformationView.sws" in the tabName parameter. | ||||
| CVE-2019-7419 | 1 Samsung | 3 Syncthru Web Service, X7400gx, X7400gx Firmware | 2024-11-21 | N/A |
| XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title. | ||||
| CVE-2019-7418 | 1 Samsung | 3 Syncthru Web Service, X7400gx, X7400gx Firmware | 2024-11-21 | N/A |
| XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc. | ||||
| CVE-2019-6744 | 1 Samsung | 2 Galaxy S9, Knox | 2024-11-21 | 4.3 Medium |
| This vulnerability allows local attackers to disclose sensitive information on affected installations of Samsung Knox 1.2.02.39 on Samsung Galaxy S9 build G9600ZHS3ARL1 Secure Folder. An attacker must first obtain physical access to the device in order to exploit this vulnerability. The specific flaws exists within the the handling of the lock screen for Secure Folder. The issue results from the lack of proper validation that a user has correctly authenticated. An attacker can leverage this vulnerability to disclose the contents of the secure container. Was ZDI-CAN-7381. | ||||
| CVE-2019-6742 | 1 Samsung | 2 Galaxy S9, Galaxy S9 Firmware | 2024-11-21 | 9.8 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the GameServiceReceiver update mechanism. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7477. | ||||
| CVE-2019-6741 | 1 Samsung | 2 Galaxy S9, Galaxy S9 Firmware | 2024-11-21 | 9.3 Critical |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must connect to a wireless network. The specific flaw exists within the captive portal. By manipulating HTML, an attacker can force a page redirection. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7476. | ||||
| CVE-2019-6740 | 1 Samsung | 2 Galaxy S9, Galaxy S9 Firmware | 2024-11-21 | 8.8 High |
| This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to January 2019 Security Update (SMR-JAN-2019 - SVE-2018-13467). User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ASN.1 parser. When parsing ASN.1 strings, the process does not properly validate the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-7472. | ||||
| CVE-2019-20610 | 2 Google, Samsung | 8 Android, Exynos 7570, Exynos 7870 and 5 more | 2024-11-21 | 8.1 High |
| An issue was discovered on Samsung mobile devices with N(7.X) and O(8.X) (Exynos 7570, 7870, 7880, 7885, 8890, 8895, and 9810 chipsets) software. A double-fetch vulnerability in Trustlet allows arbitrary TEE code execution. The Samsung ID is SVE-2019-13910 (April 2019). | ||||
| CVE-2019-20607 | 3 Google, Qualcomm, Samsung | 7 Android, Msm8996, Msm8998 and 4 more | 2024-11-21 | 9.8 Critical |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (MSM8996, MSM8998, Exynos7420, Exynos7870, Exynos8890, and Exynos8895 chipsets) software. A heap overflow in the keymaster Trustlet allows attackers to write to TEE memory, and achieve arbitrary code execution. The Samsung ID is SVE-2019-14126 (May 2019). | ||||
| CVE-2019-20601 | 2 Google, Samsung | 6 Android, Exynos 7570, Exynos 7580 and 3 more | 2024-11-21 | 7.5 High |
| An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos7570, 7580, 7870, 7880, and 8890 chipsets) software. RKP memory corruption causes an arbitrary write to protected memory. The Samsung ID is SVE-2019-13921-2 (May 2019). | ||||
| CVE-2019-20600 | 2 Google, Samsung | 2 Android, Exynos 8890 | 2024-11-21 | 7.1 High |
| An issue was discovered on Samsung mobile devices with O(8.0) and P(9.0) (Exynos8890 chipsets) software. A use-after-free occurs in the MALI GPU driver. The Samsung ID is SVE-2019-13921-1 (May 2019). | ||||
| CVE-2019-20596 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 9.1 Critical |
| An issue was discovered on Samsung mobile devices with N(7.x) and O(8.x) (Exynos chipsets) software. There is information disclosure in the GateKeeper Trustlet. The Samsung ID is SVE-2019-13958 (June 2019). | ||||