CVE-2018-14745

Buffer overflow in protgetringspace in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker who has obtained code execution on the Wi-Fi chip to overwrite kernel memory due to improper validation of the ring buffer read pointer. The Samsung ID is...

CVE-2018-14745

CVE-2018-14745 affects the bcmdhd4358 Wi‑Fi driver in the Samsung Galaxy S6 (SM-G920F). The flaw is a buffer overflow in prot_get_ring_space caused by improper validation of the ring buffer read pointer, enabling an attacker who already has code execution on the Wi‑Fi chip to overwrite kernel mem...

CVE-2018-14856

CVE-2018-14856 affects the Samsung Galaxy S6 SM-G920F with the bcmdhd4358 Wi‑Fi driver. The issue is a buffer overflow in dhd_bus_flow_ring_create_response (file drivers/net/wireless/bcmdhd4358/dhd_pcie.c). If an attacker already has code execution on the Wi‑Fi chip, this can cause invalid memory...

CVE-2018-14854

Buffer overflow in dhdbusflowringdeleteresponse in drivers/net/wireless/bcmdhd4358/dhdpcie.c in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allow an attacker who has obtained code execution on the Wi-Fi chip to cause the device driver to perform invalid memory...

CVE-2016-2565

Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 Galaxy S6 devices allows attackers to read sent e-mail messages, aka SVE-2015-5081...

CVE-2016-2567

secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 Note 3 and SM-G920F build G920FXXU2COH2 Galaxy S6 devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by the...

CVE-2016-2567

secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 Note 3 and SM-G920F build G920FXXU2COH2 Galaxy S6 devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by the...

Sql injection

Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 Galaxy S6 devices has SQL injection, aka SVE-2015-5081...

Null pointer dereference

The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 Note 3 and SM-G920F build G920FXXU2COH2 Galaxy S6 devices allows attackers to trigger a NULL pointer dereference via a "GET HTTP/1.1" request, aka SVE-2016-5036...

Code injection

Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 Galaxy S6 devices allows attackers to read sent e-mail messages, aka SVE-2015-5081...

CVE-2016-2566

The CVE-2016-2566 entry concerns Samsung SecEmailSync on Galaxy S6 (SM-G920F, build G920FXXU2COH2). Connected documents confirm a SQL injection in the SecEmailSync plugin (SVE-2015-5081). Reported impact in CNVD sources states an attacker could exploit this to read e-mails; the CNVD-2017-07204 en...

CVE-2016-2036

The CVE-2016-2036 entry concerns the getURL function in drivers/secfilter/urlparser.c within the Samsung kernel’s secfilter component for Android on SM-N9005 (Note 3) and SM-G920F (Galaxy S6). The underlying issue is a NULL pointer dereference triggered by a crafted GET HTTP/1.1 request (SVE-2016...

CVE-2016-2567

Affected products/component: Samsung Android kernel on SM-N9005 (Note 3) and SM-G920F (Galaxy S6); vulnerable component: secfilter URL filtering plugin. Root cause: input validation vulnerability in secfilter enabling bypass of URL filtering by inserting an "exceptional URL" in the query string. ...

CVE-2016-4032

CVE-2016-4032 concerns Samsung devices (Galaxy S6, Note 3, Galaxy S4 variants) where AT commands can be executed because the devices do not block AT+USBDEBUG and AT+WIFIVALUE when connected to a Linux host. The issue enables an attacker with AT access to modify Android settings on affected builds...

CVE-2016-2565

The connected records corroborate that Samsung SecEmailSync on the Galaxy S6 (Samsung SM-G920F, build G920FXXU2COH2) contains a vulnerability class in the SecEmailSync plugin. CNVD entries describe two concrete issues: (1) CVE-2016-2565/2566 family in SecEmailSync, with an SQL injection vector (S...