Security News

CVE-2017-18693

National Vulnerability Database - Tue, 04/07/2020 - 10:15
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. There is a buffer overflow in the fps sysfs entry. The Samsung ID is SVE-2016-7510 (January 2017).
Categories: Security News

CVE-2017-18694

National Vulnerability Database - Tue, 04/07/2020 - 10:15
An issue was discovered on Samsung mobile devices with software through 2016-10-25 (Exynos5 chipsets). Attackers can read kernel addresses in the log because an incorrect format specifier is used. The Samsung ID is SVE-2016-7551 (January 2017).
Categories: Security News

CVE-2017-18695

National Vulnerability Database - Tue, 04/07/2020 - 10:15
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) software. Attackers (who control a certain subdomain) can discover a user's credentials, during an email account login, via an EAS autodiscover packet. The Samsung ID is SVE-2016-7654 (January 2017).
Categories: Security News

CVE-2017-18696

National Vulnerability Database - Tue, 04/07/2020 - 10:15
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos7420, Exynos8890, or MSM8996 chipsets) software. RKP allows memory corruption. The Samsung ID is SVE-2016-7897 (January 2017).
Categories: Security News

CVE-2016-11025

National Vulnerability Database - Tue, 04/07/2020 - 10:15
An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a memcpy heap-based buffer overflow in the OTP service. The Samsung ID is SVE-2016-7114 (December 2016).
Categories: Security News

CVE-2016-11026

National Vulnerability Database - Tue, 04/07/2020 - 10:15
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), and M(6.0) software. BootReceiver allows attackers to trigger a system crash because of incorrect exception handling. The Samsung ID is SVE-2016-7118 (December 2016).
Categories: Security News

CVE-2016-11027

National Vulnerability Database - Tue, 04/07/2020 - 10:15
An issue was discovered on Samsung mobile devices with M(6.0) software. In the Shade Locked state, a physically proximate attacker can read notifications on the lock screen. The Samsung ID is SVE-2016-7132 (December 2016).
Categories: Security News

CVE-2016-11028 (android)

National Vulnerability Database - Tue, 04/07/2020 - 10:15
An issue was discovered on Samsung mobile devices with software through 2016-09-13 (Exynos AP chipsets). There is a stack-based buffer overflow in the OTP TrustZone trustlet. The Samsung IDs are SVE-2016-7173 and SVE-2016-7174 (December 2016).
Categories: Security News

CVE-2016-11029 (android)

National Vulnerability Database - Tue, 04/07/2020 - 10:15
An issue was discovered on Samsung mobile devices with L(5.0/5.1), M(6.0), and N(7.0) software. Attackers can read the password of the Mobile Hotspot in the log because of an unprotected intent. The Samsung ID is SVE-2016-7301 (December 2016).
Categories: Security News

CVE-2016-11047 (android)

National Vulnerability Database - Tue, 04/07/2020 - 09:15
An issue was discovered on Samsung mobile devices with JBP(4.2) and KK(4.4) (Marvell chipsets) software. The ACIPC-MSOCKET driver allows local privilege escalation via a stack-based buffer overflow. The Samsung ID is SVE-2016-5393 (April 2016).
Categories: Security News

CVE-2016-11048

National Vulnerability Database - Tue, 04/07/2020 - 09:15
An issue was discovered on Samsung mobile devices with L(5.0/5.1) (Spreadtrum or Marvell chipsets) software. There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2016-5421 (March 2016).
Categories: Security News

CVE-2016-11049

National Vulnerability Database - Tue, 04/07/2020 - 09:15
An issue was discovered on Samsung mobile devices with software through 2016-01-16 (Shannon333/308/310 chipsets). The IMEI may be retrieved and modified because of an error in managing key information. The Samsung ID is SVE-2016-5435 (March 2016).
Categories: Security News

CVE-2016-11050

National Vulnerability Database - Tue, 04/07/2020 - 09:15
An issue was discovered on Samsung mobile devices with S3(KK), Note2(KK), S4(L), Note3(L), and S5(L) software. An attacker can rewrite the IMEI by flashing crafted firmware. The Samsung ID is SVE-2016-5562 (March 2016).
Categories: Security News

CVE-2016-11051

National Vulnerability Database - Tue, 04/07/2020 - 09:15
An issue was discovered on Samsung mobile devices with J(4.2) (Qualcomm Wi-Fi chipsets) software. There is a buffer overflow in the Qualcomm WLAN Driver. The Samsung ID is SVE-2016-5326 (February 2016).
Categories: Security News

CVE-2016-11052

National Vulnerability Database - Tue, 04/07/2020 - 09:15
An issue was discovered on Samsung mobile devices with L(5.0/5.1) software. je_free in libQjpeg.so in Qjpeg in Qt 5.5 allows memory corruption via a malformed JPEG file. The Samsung ID is SVE-2015-5110 (January 2016).
Categories: Security News

CVE-2016-11053

National Vulnerability Database - Tue, 04/07/2020 - 09:15
An issue was discovered on Samsung mobile devices with software through 2015-11-11 (supporting FRP/RL). There is a Factory Reset Protection (FRP) bypass. The Samsung ID is SVE-2015-5131 (January 2016).
Categories: Security News

CVE-2020-2172 (code_coverage_api)

National Vulnerability Database - Tue, 04/07/2020 - 09:15
Jenkins Code Coverage API Plugin 1.1.4 and earlier does not configure its XML parser to prevent XML external entity (XXE) attacks.
Categories: Security News

CVE-2020-2173 (gatling)

National Vulnerability Database - Tue, 04/07/2020 - 09:15
Jenkins Gatling Plugin 1.2.7 and earlier prevents Content-Security-Policy headers from being set for Gatling reports served by the plugin, resulting in an XSS vulnerability exploitable by users able to change report content.
Categories: Security News

CVE-2020-2174 (awseb_deployment)

National Vulnerability Database - Tue, 04/07/2020 - 09:15
Jenkins AWSEB Deployment Plugin 0.3.19 and earlier does not escape various values printed as part of form validation output, resulting in a reflected cross-site scripting vulnerability.
Categories: Security News

CVE-2020-2175 (fitnesse)

National Vulnerability Database - Tue, 04/07/2020 - 09:15
Jenkins FitNesse Plugin 1.31 and earlier does not correctly escape report contents before showing them on the Jenkins UI, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by users able to control the XML input files processed by the plugin.
Categories: Security News

Pages