Filtered by vendor Samsung
Subscriptions
Total
1257 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-42114 | 3 Micron, Samsung, Skhynix | 12 Ddr4 Sdram, Ddr4 Sdram Firmware, Lddr4 and 9 more | 2024-11-21 | 9 Critical |
| Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability in their internal Target Row Refresh (TRR) mitigation against Rowhammer attacks. Novel non-uniform Rowhammer access patterns, consisting of aggressors with different frequencies, phases, and amplitudes allow triggering bit flips on affected memory modules using our Blacksmith fuzzer. The patterns generated by Blacksmith were able to trigger bitflips on all 40 PC-DDR4 DRAM devices in our test pool, which cover the three major DRAM manufacturers: Samsung, SK Hynix, and Micron. This means that, even when chips advertised as Rowhammer-free are used, attackers may still be able to exploit Rowhammer. For example, this enables privilege-escalation attacks against the kernel or binaries such as the sudo binary, and also triggering bit flips in RSA-2048 keys (e.g., SSH keys) to gain cross-tenant virtual-machine access. We can confirm that DRAM devices acquired in July 2020 with DRAM chips from all three major DRAM vendors (Samsung, SK Hynix, Micron) are affected by this vulnerability. For more details, please refer to our publication. | ||||
| CVE-2021-3438 | 2 Hp, Samsung | 382 Color Laser 150 4zb94a, Color Laser 150 4zb95a, Color Laser Mfp 170 4zb96a and 379 more | 2024-11-21 | 7.8 High |
| A potential buffer overflow in the software drivers for certain HP LaserJet products and Samsung product printers could lead to an escalation of privilege. | ||||
| CVE-2021-39373 | 1 Samsung | 2 Drive Manager, H3 | 2024-11-21 | 7.8 High |
| Samsung Drive Manager 2.0.104 on Samsung H3 devices allows attackers to bypass intended access controls on disk management. WideCharToMultiByte, WideCharStr, and MultiByteStr can contribute to password exposure. | ||||
| CVE-2021-35309 | 1 Samsung | 1 Syncthru Web Service | 2024-11-21 | 7.5 High |
| An issue discovered in Samsung SyncThru Web Service SPL 5.93 06-09-2014 allows attackers to gain escalated privileges via MITM attacks. | ||||
| CVE-2021-25527 | 1 Samsung | 1 Pay | 2024-11-21 | 3.8 Low |
| Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication. | ||||
| CVE-2021-25526 | 1 Samsung | 1 Blockchain Wallet | 2024-11-21 | 4 Medium |
| Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action. | ||||
| CVE-2021-25525 | 1 Samsung | 1 Pay | 2024-11-21 | 2 Low |
| Improper check or handling of exception conditions vulnerability in Samsung Pay (US only) prior to version 4.0.65 allows attacker to use NFC without user recognition. | ||||
| CVE-2021-25524 | 1 Samsung | 1 Contacts | 2024-11-21 | 4 Medium |
| Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID. | ||||
| CVE-2021-25523 | 1 Samsung | 1 Dialer | 2024-11-21 | 4 Medium |
| Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID. | ||||
| CVE-2021-25522 | 1 Samsung | 1 Smart Capture | 2024-11-21 | 5.3 Medium |
| Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 allows attacker to access victim's captured images without permission. | ||||
| CVE-2021-25521 | 1 Samsung | 1 Internet | 2024-11-21 | 4 Medium |
| Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet. | ||||
| CVE-2021-25520 | 1 Samsung | 1 Internet | 2024-11-21 | 5.9 Medium |
| Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet. | ||||
| CVE-2021-25509 | 1 Samsung | 1 Samsung Flow | 2024-11-21 | 5.9 Medium |
| A missing input validation in Samsung Flow Windows application prior to Version 4.8.5.0 allows attackers to overwrite abtraty file in the Windows known folders. | ||||
| CVE-2021-25508 | 1 Samsung | 1 Smartthings | 2024-11-21 | 5.3 Medium |
| Improper privilege management vulnerability in API Key used in SmartThings prior to 1.7.73.22 allows an attacker to abuse the API key without limitation. | ||||
| CVE-2021-25507 | 1 Samsung | 1 Samsung Flow | 2024-11-21 | 5.7 Medium |
| Improper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with user device to access part of notification data in Secure Folder without authorization. | ||||
| CVE-2021-25506 | 1 Samsung | 1 Health | 2024-11-21 | 4 Medium |
| Non-existent provider in Samsung Health prior to 6.19.1.0001 allows attacker to access it via malicious content provider or lead to denial of service. | ||||
| CVE-2021-25505 | 1 Samsung | 1 Samsung Pass | 2024-11-21 | 3.3 Low |
| Improper authentication in Samsung Pass prior to 3.0.02.4 allows to use app without authentication when lockscreen is unlocked. | ||||
| CVE-2021-25504 | 1 Samsung | 1 Group Sharing | 2024-11-21 | 4 Medium |
| Intent redirection vulnerability in Group Sharing prior to 10.8.03.2 allows attacker to access contact information. | ||||
| CVE-2021-25503 | 2 Google, Samsung | 2 Android, Exynos | 2024-11-21 | 5 Medium |
| Improper input validation vulnerability in HDCP prior to SMR Nov-2021 Release 1 allows attackers to arbitrary code execution. | ||||
| CVE-2021-25500 | 2 Google, Samsung | 5 Android, Exynos 2100, Exynos 980 and 2 more | 2024-11-21 | 7.2 High |
| A missing input validation in HDCP LDFW prior to SMR Nov-2021 Release 1 allows attackers to overwrite TZASC allowing TEE compromise. | ||||