Samsung: Security Vulnerabilities
The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to potentially obtain sensitive information.
CVSS Score
7.5
EPSS Score
0.009
Published
2017-08-24
The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to cause a denial of service (memory corruption) or gain privileges.
CVSS Score
9.8
EPSS Score
0.009
Published
2017-08-24
LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file.
CVSS Score
6.5
EPSS Score
0.072
Published
2017-08-24
The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process crash) and execute arbitrary code via a crafted JPG.
CVSS Score
8.8
EPSS Score
0.048
Published
2017-08-09
Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598.
CVSS Score
7.0
EPSS Score
0.002
Published
2017-08-02
Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
CVSS Score
5.5
EPSS Score
0.003
Published
2017-06-27
Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
CVSS Score
5.5
EPSS Score
0.002
Published
2017-06-27
Samsung Magician 5.0 fails to validate TLS certificates for HTTPS software update traffic. Prior to version 5.0, Samsung Magician uses HTTP for software updates.
CVSS Score
8.8
EPSS Score
0.0
Published
2017-06-21
Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named cred.zip, and downloaded to /sdcard/Download.
CVSS Score
7.5
EPSS Score
0.139
Published
2017-06-07
Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver.
CVSS Score
9.8
EPSS Score
0.469
Published
2017-06-01