VYPR

Vendor CVEs

Samsung Mobile

All CVEs

2,204 total · sorted by risk
  • CVE-2021-47945HigMay 10, 2026
    risk 0.51cvss 7.8epss 0.00

    Argus Surveillance DVR 4.0 contains an unquoted service path vulnerability in the DVRWatchdog service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the Program Files directory to be…

  • CVE-2026-25203HigApr 10, 2026
    risk 0.51cvss 7.8epss 0.00

    Samsung MagicINFO 9 Server Incorrect Default Permissions Local Privilege Escalation Vulnerability This issue affects MagicINFO 9 Server: less than 21.1091.1.

  • CVE-2018-10502HigSep 24, 2018
    risk 0.51cvss 7.8epss 0.00

    This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 4.2.18.2. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.…

  • CVE-2018-10497HigSep 24, 2018
    risk 0.51cvss 7.8epss 0.00

    This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The…

  • CVE-2018-3914HigSep 21, 2018
    risk 0.51cvss 7.8epss 0.00

    An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 2000…

  • CVE-2018-3916HigAug 28, 2018
    risk 0.51cvss 7.8epss 0.00

    An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 136…

  • CVE-2018-3912HigAug 23, 2018
    risk 0.51cvss 7.8epss 0.00

    On Samsung SmartThings Hub STH-ETH-250 devices with firmware version 0.20.17, the video-core process insecurely extracts the fields from the "shard" table of its SQLite database, leading to a buffer overflow on the stack. The strcpy call overflows the destination buffer, which…

  • CVE-2018-9141HigMar 30, 2018
    risk 0.51cvss 7.8epss 0.02

    On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Gallery allows remote attackers to execute arbitrary code via a BMP file with a crafted resolution, aka SVE-2017-11105.

  • CVE-2016-4038HigFeb 1, 2017
    risk 0.51cvss 7.8epss 0.00

    Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L and an APQ8084, MSM8974, or MSM8974pro chipset allows local users to have…

  • CVE-2016-6527HigJan 18, 2017
    risk 0.51cvss 7.8epss 0.01

    The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.

  • CVE-2016-6526HigJan 18, 2017
    risk 0.51cvss 7.8epss 0.01

    The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.

  • CVE-2026-8915HigMay 28, 2026
    risk 0.50cvss 8.8epss 0.00

    Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 36f5fb58366a67b713c02f6fd985e924fcc09e31.

  • CVE-2025-66369HigMay 5, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in MM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, W920, W930, W1000, Modem 5123, and Modem 5300. Incorrect handling of 5G NR NAS registration accept messages leads to a…

  • CVE-2025-57834HigApr 6, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in Samsung Mobile Processor, Wearable Processor, and Modem (Exynos 980, 850, 990, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 1680, 9110, W920, W930, W1000, Modem 5123, Modem 5300, Modem 5400, and Modem 5410). The absence of proper input…

  • CVE-2025-54324HigApr 6, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in NAS in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Incorrect Handling of a DL NAS Transport…

  • CVE-2025-59440HigApr 6, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in USIM in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Improper handling of SIM card proactive…

  • CVE-2025-57835HigApr 6, 2026
    risk 0.49cvss 7.5epss 0.00

    An issue was discovered in RRC in Samsung Mobile Processor, Wearable Processor, and Modem Exynos 980, 990, 850, 1080, 2100, 1280, 2200, 1330, 1380, 1480, 2400, 1580, 2500, 9110, W920, W930, W1000, Modem 5123, Modem 5300, and Modem 5400. Improper memory initialization results in…

  • CVE-2024-49420HigDec 3, 2024
    risk 0.49cvss 7.5epss 0.01

    Improper handling of responses in GamingHub prior to version 6.1.04.6 in Korea, 7.1.03.7 in Global allows remote attackers to launch arbitrary activity.

  • CVE-2018-3908HigAug 28, 2018
    risk 0.49cvss 7.5epss 0.01

    An exploitable vulnerability exists in the REST parser of video-core's HTTP server of the Samsung SmartThings Hub STH-ETH-250-Firmware version 0.20.17. The video-core process incorrectly handles pipelined HTTP requests, which allows successive requests to overwrite the…

  • CVE-2018-3918HigAug 27, 2018
    risk 0.49cvss 7.5epss 0.01

    An exploitable vulnerability exists in the remote servers of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process listens on port 39500 and relays any unauthenticated messages to SmartThings' remote servers, which incorrectly handle camera IDs for…

  • CVE-2015-1800HigAug 24, 2017
    risk 0.49cvss 7.5epss 0.03

    The samsung_extdisp driver in the Samsung S4 (GT-I9500) I9500XXUEMK8 kernel 3.4 and earlier allows attackers to potentially obtain sensitive information.

  • CVE-2015-7891HigAug 2, 2017
    risk 0.49cvss 7.0epss 0.01

    Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598.

  • CVE-2015-7888HigJun 7, 2017
    risk 0.49cvss 7.5epss 0.04

    Directory traversal vulnerability in the WifiHs20UtilityService on the Samsung S6 Edge LRX22G.G925VVRU1AOE2 allows remote attackers to overwrite or create arbitrary files as the system-level user via a .. (dot dot) in the name of a file, compressed into a zipped file named…

  • CVE-2017-7978HigApr 19, 2017
    risk 0.49cvss 7.5epss 0.01

    Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is SVE-2017-8290.

  • CVE-2017-5927HigFeb 27, 2017
    risk 0.49cvss 7.5epss 0.02

    Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern ARM processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking…

  • CVE-2017-5926HigFeb 27, 2017
    risk 0.49cvss 7.5epss 0.02

    Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern AMD processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript, breaking…

  • CVE-2017-5925HigFeb 27, 2017
    risk 0.49cvss 7.5epss 0.02

    Page table walks conducted by the MMU during virtual to physical address translation leave a trace in the last level cache of modern Intel processors. By performing a side-channel attack on the MMU operations, it is possible to leak data and code pointers from JavaScript,…

  • CVE-2016-4547HigFeb 13, 2017
    risk 0.49cvss 7.5epss 0.01

    Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C.

  • CVE-2016-9279HigJan 18, 2017
    risk 0.49cvss 7.5epss 0.02

    Use-after-free vulnerability in the Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows attackers to obtain sensitive information via unspecified vectors. The Samsung ID is SVE-2016-6853.

  • CVE-2017-5351HigJan 12, 2017
    risk 0.49cvss 7.5epss 0.01

    Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016-7650.

  • CVE-2017-5350HigJan 12, 2017
    risk 0.49cvss 7.5epss 0.01

    Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allow attackers to crash systemUI by leveraging incomplete exception handling. The Samsung ID is SVE-2016-7122.

  • CVE-2016-9277HigNov 11, 2016
    risk 0.49cvss 7.5epss 0.01

    Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note devices allows attackers to cause a denial of service (UI restart) via vectors involving APIs and an activity that computes an out-of-bounds array index, aka SVE-2016-6906.

  • CVE-2016-7160HigNov 3, 2016
    risk 0.49cvss 7.5epss 0.01

    A vulnerability on Samsung Mobile M(6.0) devices exists because external access to SystemUI activities is not properly restricted, leading to a SystemUI crash and device restart, aka SVE-2016-6248.

  • CVE-2016-7991HigOct 31, 2016
    risk 0.49cvss 7.5epss 0.00

    On Samsung Galaxy S4 through S7 devices, the "omacp" app ignores security information embedded in the OMACP messages resulting in remote unsolicited WAP Push SMS messages being accepted, parsed, and handled by the device, leading to unauthorized configuration changes, a subset…

  • CVE-2016-7989HigOct 31, 2016
    risk 0.49cvss 7.5epss 0.01

    On Samsung Galaxy S4 through S7 devices, a malformed OTA WAP PUSH SMS containing an OMACP message sent remotely triggers an unhandled ArrayIndexOutOfBoundsException in Samsung's implementation of the WifiServiceImpl class within wifi-service.jar. This causes the Android runtime…

  • CVE-2016-7988HigOct 31, 2016
    risk 0.49cvss 7.5epss 0.01

    On Samsung Galaxy S4 through S7 devices, absence of permissions on the BroadcastReceiver responsible for handling the com.[Samsung].android.intent.action.SET_WIFI intent leads to unsolicited configuration messages being handled by wifi-service.jar within the Android Framework, a…

  • CVE-2016-1350HigMar 26, 2016
    risk 0.49cvss 7.5epss 0.03

    Cisco IOS 15.3 and 15.4, Cisco IOS XE 3.8 through 3.11, and Cisco Unified Communications Manager allow remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCuj23293.

  • CVE-2016-1349HigMar 26, 2016
    risk 0.49cvss 7.5epss 0.02

    The Smart Install client implementation in Cisco IOS 12.2, 15.0, and 15.2 and IOS XE 3.2 through 3.7 allows remote attackers to cause a denial of service (device reload) via crafted image list parameters in a Smart Install packet, aka Bug ID CSCuv45410.

  • CVE-2016-1348HigMar 26, 2016
    risk 0.49cvss 7.5epss 0.02

    Cisco IOS 15.0 through 15.5 and IOS XE 3.3 through 3.16 allow remote attackers to cause a denial of service (device reload) via a crafted DHCPv6 Relay message, aka Bug ID CSCus55821.

  • CVE-2015-0718HigMar 3, 2016
    risk 0.49cvss 7.5epss 0.04

    Cisco NX-OS 4.0 through 6.1 on Nexus 1000V 3000, 4000, 5000, 6000, and 7000 devices and Unified Computing System (UCS) platforms allows remote attackers to cause a denial of service (TCP stack reload) by sending crafted TCP packets to a device that has a TIME_WAIT TCP session,…

  • CVE-2015-8281HigJan 15, 2016
    risk 0.49cvss 7.5epss 0.04

    Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows attackers to bypass filesystem encryption via XOR calculations.

  • CVE-2015-8280HigJan 15, 2016
    risk 0.49cvss 7.5epss 0.06

    Web Viewer 1.0.0.193 on Samsung SRN-1670D devices allows remote attackers to discover credentials by reading detailed error messages.

  • CVE-2025-21058HigOct 10, 2025
    risk 0.47cvss 7.3epss 0.00

    Improper access control in Routines prior to version 4.8.7.1 in Android 15 and 4.9.6.0 in Android 16 allows local attackers to potentially execute arbitrary code with SystemUI privilege.

  • CVE-2024-31954HigMay 14, 2024
    risk 0.47cvss 7.3epss 0.00

    An issue was discovered in the installer in Samsung Portable SSD for T5 1.6.10 on Windows. Because it is possible to tamper with the directory and DLL files used during the installation process, an attacker can escalate privileges through arbitrary code execution. (An attacker…

  • CVE-2016-3850HigAug 5, 2016
    risk 0.47cvss 7.3epss 0.00

    Integer overflow in app/aboot/aboot.c in the Qualcomm bootloader in Android before 2016-08-05 on Nexus 5, 5X, 6P, and 7 (2013) devices allows attackers to gain privileges via a crafted header field in a boot image, aka Android internal bug 27917291 and Qualcomm internal bug…

  • CVE-2026-21033HigJun 5, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper export of android application components in ExpressHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.

  • CVE-2026-21032HigJun 5, 2026
    risk 0.46cvss 7.1epss 0.00

    Improper export of android application components in SmartHomeWidgetReceiver of Samsung Assistant prior to version 9.3.14 allows local attacker to execute arbitrary script.

  • CVE-2026-25208HigApr 13, 2026
    risk 0.46cvss 8.1epss 0.00

    Integer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.

  • CVE-2025-54601HigApr 6, 2026
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor amd Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Improper synchronization on a global variable leads to a double free. An attacker can trigger a race…

  • CVE-2025-54602HigApr 6, 2026
    risk 0.46cvss 7.0epss 0.00

    An issue was discovered in the Wi-Fi driver in Samsung Mobile Processor and Wearable Processor Exynos 980, 850, 1080, 1280, 1330, 1380, 1480, 1580, W920, W930, and W1000. Improper synchronization on a global variable leads to a use-after-free. An attacker can trigger a race…

Page 3 of 45