Samsung : Security Vulnerabilities, CVEs, Published In 2017 (Code Execution)
The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process crash) and execute arbitrary code via a crafted JPG.
Max CVSS
8.8
EPSS Score
8.14%
Published
2017-08-09
Updated
2017-08-24
Multiple directory traversal vulnerabilities in Samsung SyncThru 6 before 1.0 allow remote attackers to delete arbitrary files via unspecified parameters to (1) upload/updateDriver or (2) upload/addDriver or to execute arbitrary code with SYSTEM privileges via unspecified parameters to (3) uploadCloning.html, (4) fileupload.html, (5) uploadFirmware.html, or (6) upload/driver.
Max CVSS
10.0
EPSS Score
4.85%
Published
2017-06-01
Updated
2017-06-12
Samsung Account (AKA com.osp.app.signin) before 1.6.0069 and 2.x before 2.1.0069 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code.
Max CVSS
8.0
EPSS Score
0.06%
Published
2017-03-27
Updated
2017-04-04
GALAXY Apps (aka Samsung Apps, Samsung Updates, or com.sec.android.app.samsungapps) before 14120405.03.012 allows man-in-the-middle attackers to obtain sensitive information and execute arbitrary code.
Max CVSS
8.0
EPSS Score
0.06%
Published
2017-03-27
Updated
2017-04-04
4 vulnerabilities found