CISA Catalog
Data sourced from the official CISA Known Exploited Vulnerabilities Catalog. Federal agencies are required to remediate these vulnerabilities by the due date per BOD 22-01.
KEV Entries
1,619
Ransomware Use
327
Overdue
1,615
Vendors
266
Products
655
15 results · Page 1/1
Samsung MagicINFO 9 Server Path Traversal Vulnerability
Samsung · MagicINFO 9 Server
Samsung MagicINFO 9 Server contains a path traversal vulnerability that could allow an attacker to write arbitrary files as system authority.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Samsung Mobile Devices Out-of-Bounds Write Vulnerability
Samsung · Mobile Devices
Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so. This vulnerability could allow remote attackers to execute arbitrary code.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Samsung Mobile Devices Out-of-Bounds Write Vulnerability
Samsung · Mobile Devices
Samsung mobile devices contain an out-of-bounds write vulnerability in libimagecodec.quram.so which allows remote attackers to execute arbitrary code.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Samsung MagicINFO 9 Server Path Traversal Vulnerability
Samsung · MagicINFO 9 Server
Samsung MagicINFO 9 Server contains a path traversal vulnerability that allows an attacker to write arbitrary file as system authority.
Required Action
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Samsung Mobile Devices Use-After-Free Vulnerability
Samsung · Mobile Devices
Samsung devices with selected Exynos chipsets contain a use-after-free vulnerability that allows malicious memory write and code execution.
Required Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Samsung Mobile Devices Out-of-Bounds Read Vulnerability
Samsung · Mobile Devices
Samsung mobile devices contain an out-of-bounds read vulnerability within the modem interface driver due to a lack of boundary checking of a buffer in set_skb_priv(), leading to remote code execution by dereference of an invalid function pointer.
Required Action
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable
Samsung Mobile Devices Improper Input Validation Vulnerability
Samsung · Mobile Devices
Samsung mobile devices contain an improper input validation vulnerability within the modem interface driver that results in a format string bug leading to kernel panic.
Required Action
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable
Samsung Mobile Devices Race Condition Vulnerability
Samsung · Mobile Devices
Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised.
Required Action
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable
Samsung Mobile Devices Race Condition Vulnerability
Samsung · Mobile Devices
Samsung mobile devices contain a race condition vulnerability within the MFC charger driver that leads to a use-after-free allowing for a write given a radio privilege is compromised.
Required Action
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable
Samsung Mobile Devices Unspecified Vulnerability
Samsung · Mobile Devices
Samsung mobile devices contain an unspecified vulnerability within DSP driver that allows attackers to load ELF libraries inside DSP.
Required Action
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable
Samsung Mobile Devices Improper Boundary Check Vulnerability
Samsung · Mobile Devices
Samsung mobile devices contain an improper boundary check vulnerability within DSP driver that allows for out-of-bounds memory access.
Required Action
Apply updates per vendor instructions or discontinue use of the product if updates are unavailable
Samsung Mobile Devices Insertion of Sensitive Information Into Log File Vulnerability
Samsung · Mobile Devices
Samsung mobile devices running Android 11, 12, and 13 contain an insertion of sensitive information into log file vulnerability that allows a privileged, local attacker to conduct an address space layout randomization (ASLR) bypass.
Required Action
Apply updates per vendor instructions.
Samsung Mobile Devices Improper Access Control Vulnerability
Samsung · Mobile Devices
Samsung mobile devices contain an improper access control vulnerability in clipboard service which allows untrusted applications to read or write arbitrary files. This vulnerability was chained with CVE-2021-25369 and CVE-2021-25370.
Required Action
Apply updates per vendor instructions.
Samsung Mobile Devices Improper Access Control Vulnerability
Samsung · Mobile Devices
Samsung mobile devices using Mali GPU contains an improper access control vulnerability in sec_log file. Exploitation of the vulnerability exposes sensitive kernel information to the userspace. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25370.
Required Action
Apply updates per vendor instructions.
Samsung Mobile Devices Memory Corruption Vulnerability
Samsung · Mobile Devices
Samsung mobile devices using Mali GPU contain an incorrect implementation handling file descriptor in dpu driver. This incorrect implementation results in memory corruption, leading to kernel panic. This vulnerability was chained with CVE-2021-25337 and CVE-2021-25369.
Required Action
Apply updates per vendor instructions.
