Vendor CVEs
Samsung Mobile
All CVEs
2,204 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-32670 | Hig | 0.46 | — | 0.00 | Jul 10, 2024 | Exposure of Sensitive Information to an Unauthorized Actor in Samsung Galaxy SmartTag2 prior to 0.20.04 allows attackes to potentially identify the tag's location by scanning the BLE adversting. | ||
| CVE-2018-10501 | Hig | 0.46 | 7.0 | 0.00 | Sep 24, 2018 | This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Notes Fixed in version 2.0.02.31. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The… | ||
| CVE-2018-10500 | Hig | 0.46 | 7.0 | 0.00 | Sep 24, 2018 | This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.… | ||
| CVE-2018-10499 | Hig | 0.46 | 7.0 | 0.00 | Sep 24, 2018 | This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.… | ||
| CVE-2018-9142 | Hig | 0.46 | 7.0 | 0.01 | Mar 30, 2018 | On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932. | ||
| CVE-2015-7896 | Med | 0.46 | 6.5 | 0.07 | Aug 24, 2017 | LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file. | ||
| CVE-2026-21037 | Med | 0.45 | — | 0.00 | Jun 5, 2026 | Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege. | ||
| CVE-2026-47314 | Hig | 0.44 | 7.8 | 0.00 | May 19, 2026 | Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | ||
| CVE-2026-47311 | Hig | 0.44 | 7.8 | 0.00 | May 19, 2026 | Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | ||
| CVE-2026-47310 | Hig | 0.44 | 7.8 | 0.00 | May 19, 2026 | Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3. | ||
| CVE-2026-21021 | Med | 0.44 | 6.8 | 0.00 | May 13, 2026 | Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity. | ||
| CVE-2026-21018 | Med | 0.44 | 6.7 | 0.00 | May 13, 2026 | Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code. | ||
| CVE-2026-21011 | Med | 0.44 | 6.8 | 0.00 | Apr 13, 2026 | Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock. | ||
| CVE-2026-21009 | Med | 0.44 | 6.8 | 0.00 | Apr 13, 2026 | Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Release 1 allows physical attacker to bypass App Pinning. | ||
| CVE-2026-21007 | Med | 0.44 | 6.8 | 0.00 | Apr 13, 2026 | Improper check for exceptional conditions in Device Care prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Knox Guard. | ||
| CVE-2026-21003 | Med | 0.44 | 6.8 | 0.00 | Apr 13, 2026 | Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attackers to bypass the restrictions. | ||
| CVE-2025-20897 | Med | 0.44 | 6.8 | 0.00 | Feb 4, 2025 | Improper access control in Secure Folder prior to version 1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12 allows local attacker to access data in Secure Folder. | ||
| CVE-2018-3913 | Med | 0.44 | 6.7 | 0.00 | Sep 21, 2018 | An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 32… | ||
| CVE-2018-3927 | Med | 0.44 | 6.8 | 0.01 | Aug 27, 2018 | An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS… | ||
| CVE-2016-4031 | Med | 0.44 | 6.8 | 0.01 | Apr 13, 2017 | Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices allow attackers to send AT commands… | ||
| CVE-2016-4030 | Med | 0.44 | 6.8 | 0.01 | Apr 13, 2017 | Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the… | ||
| CVE-2026-21010 | Med | 0.43 | 6.6 | 0.00 | Apr 13, 2026 | Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functions. | ||
| CVE-2025-21065 | Med | 0.43 | 6.6 | 0.00 | Oct 10, 2025 | Improper input validation in Retail Mode prior to version 5.59.11 allows self attackers to execute privileged commands on their own devices. | ||
| CVE-2024-34681 | Med | 0.43 | 6.6 | 0.00 | Nov 6, 2024 | Improper input validation in BluetoothAdapter prior to SMR Nov-2024 Release 1 allows local attackers to cause local permanent denial of service on Galaxy Watch. | ||
| CVE-2013-7447 | Med | 0.43 | 6.5 | 0.05 | Feb 17, 2016 | Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image… | ||
| CVE-2026-21035 | Med | 0.42 | — | 0.00 | Jun 5, 2026 | Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensitive information. | ||
| CVE-2026-21008 | Med | 0.42 | 6.5 | 0.00 | Apr 13, 2026 | Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information. | ||
| CVE-2024-49418 | Med | 0.42 | 6.5 | 0.00 | Dec 3, 2024 | Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to enable JavaScript in its webview. | ||
| CVE-2024-5095 | Med | 0.42 | 6.5 | 0.01 | May 19, 2024 | A vulnerability classified as problematic has been found in Victor Zsviot Camera 8.26.31. This affects an unknown part of the component MQTT Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been… | ||
| CVE-2024-31587 | Med | 0.42 | 6.5 | 0.00 | Apr 19, 2024 | SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower allows an unauthenticated attacker to download device configuration files via a crafted request. | ||
| CVE-2020-26145 | Med | 0.42 | 6.5 | 0.04 | May 11, 2021 | An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject… | ||
| CVE-2020-26144 | Med | 0.42 | 6.5 | 0.05 | May 11, 2021 | An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject… | ||
| CVE-2015-8780 | Med | 0.42 | 6.4 | 0.01 | Apr 13, 2017 | Samsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury. | ||
| CVE-2016-1308 | Med | 0.42 | 6.5 | 0.01 | Feb 7, 2016 | SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227. | ||
| CVE-2026-21036 | Med | 0.41 | — | 0.00 | Jun 5, 2026 | Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information. | ||
| CVE-2026-21024 | Med | 0.41 | — | 0.00 | May 13, 2026 | Improper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows local attackers to trigger privileged functions. | ||
| CVE-2026-25207 | Hig | 0.41 | 7.4 | 0.00 | Apr 13, 2026 | Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335. | ||
| CVE-2026-25205 | Hig | 0.41 | 7.4 | 0.00 | Apr 13, 2026 | Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows out-of-bounds write.This issue affects Escargot:commit hash 97e8115ab1110bc502b4b5e4a0c689a71520d335 . | ||
| CVE-2026-20994 | Med | 0.40 | 6.1 | 0.00 | Mar 16, 2026 | URL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token. | ||
| CVE-2025-21013 | Med | 0.40 | 6.2 | 0.00 | Aug 6, 2025 | Improper access control in SemSensorManager for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information related to outdoor exercise and sleep time. | ||
| CVE-2025-20978 | Med | 0.40 | 6.2 | 0.00 | May 7, 2025 | Improper access control in PENUP prior to version 3.9.19.32 allows local attackers to access files with PENUP privilege. | ||
| CVE-2025-20974 | Med | 0.40 | 6.1 | 0.00 | May 7, 2025 | Improper handling of insufficient permission in PackageInstallerCN prior to version 15.0.11.0 allows local attacker to bypass user interaction for requested installation. | ||
| CVE-2025-20970 | Med | 0.40 | 6.2 | 0.00 | May 7, 2025 | Improper access control in Bixby Vision prior to version 3.8.1 in Android 13, 3.8.3 in Android 14, 3.8.21 in Android 15 allows local attackers to access image files with Bixby Vision privilege. | ||
| CVE-2024-20886 | Med | 0.40 | 6.2 | 0.00 | Jun 4, 2024 | Arbitrary directory creation in Samsung Live Wallpaper PC prior to version 3.3.8.0 allows attacker to create arbitrary directory. | ||
| CVE-2018-14904 | Med | 0.40 | 6.1 | 0.01 | Aug 3, 2018 | Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid. | ||
| CVE-2018-11689 | Med | 0.40 | 6.1 | 0.02 | Jun 14, 2018 | Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.) | ||
| CVE-2018-9140 | Med | 0.40 | 6.1 | 0.01 | Mar 30, 2018 | On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747. | ||
| CVE-2017-17859 | Med | 0.40 | 6.1 | 0.01 | Dec 27, 2017 | Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another… | ||
| CVE-2024-27363 | Med | 0.39 | 6.0 | 0.00 | Jul 9, 2024 | A vulnerability was discovered in Samsung Mobile Processor Exynos 850, Exynos 9610, Exynos 980, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, and Exynos W930 where it does not properly check a pointer address, which can lead to a Information disclosure. | ||
| CVE-2015-7889 | Med | 0.39 | 5.5 | 0.02 | Dec 28, 2017 | The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email… |
- risk 0.46cvss —epss 0.00
Exposure of Sensitive Information to an Unauthorized Actor in Samsung Galaxy SmartTag2 prior to 0.20.04 allows attackes to potentially identify the tag's location by scanning the BLE adversting.
- risk 0.46cvss 7.0epss 0.00
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Notes Fixed in version 2.0.02.31. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The…
- risk 0.46cvss 7.0epss 0.00
This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.…
- risk 0.46cvss 7.0epss 0.00
This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.…
- risk 0.46cvss 7.0epss 0.01
On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932.
- risk 0.46cvss 6.5epss 0.07
LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file.
- risk 0.45cvss —epss 0.00
Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege.
- risk 0.44cvss 7.8epss 0.00
Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
- risk 0.44cvss 7.8epss 0.00
Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
- risk 0.44cvss 7.8epss 0.00
Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.
- risk 0.44cvss 6.8epss 0.00
Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity.
- risk 0.44cvss 6.7epss 0.00
Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code.
- risk 0.44cvss 6.8epss 0.00
Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock.
- risk 0.44cvss 6.8epss 0.00
Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Release 1 allows physical attacker to bypass App Pinning.
- risk 0.44cvss 6.8epss 0.00
Improper check for exceptional conditions in Device Care prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Knox Guard.
- risk 0.44cvss 6.8epss 0.00
Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attackers to bypass the restrictions.
- risk 0.44cvss 6.8epss 0.00
Improper access control in Secure Folder prior to version 1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12 allows local attacker to access data in Secure Folder.
- risk 0.44cvss 6.7epss 0.00
An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 32…
- risk 0.44cvss 6.8epss 0.01
An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS…
- risk 0.44cvss 6.8epss 0.01
Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices allow attackers to send AT commands…
- risk 0.44cvss 6.8epss 0.01
Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the…
- risk 0.43cvss 6.6epss 0.00
Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functions.
- risk 0.43cvss 6.6epss 0.00
Improper input validation in Retail Mode prior to version 5.59.11 allows self attackers to execute privileged commands on their own devices.
- risk 0.43cvss 6.6epss 0.00
Improper input validation in BluetoothAdapter prior to SMR Nov-2024 Release 1 allows local attackers to cause local permanent denial of service on Galaxy Watch.
- risk 0.43cvss 6.5epss 0.05
Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image…
- risk 0.42cvss —epss 0.00
Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensitive information.
- risk 0.42cvss 6.5epss 0.00
Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information.
- risk 0.42cvss 6.5epss 0.00
Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to enable JavaScript in its webview.
- risk 0.42cvss 6.5epss 0.01
A vulnerability classified as problematic has been found in Victor Zsviot Camera 8.26.31. This affects an unknown part of the component MQTT Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been…
- risk 0.42cvss 6.5epss 0.00
SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower allows an unauthenticated attacker to download device configuration files via a crafted request.
- risk 0.42cvss 6.5epss 0.04
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject…
- risk 0.42cvss 6.5epss 0.05
An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject…
- risk 0.42cvss 6.4epss 0.01
Samsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury.
- risk 0.42cvss 6.5epss 0.01
SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227.
- risk 0.41cvss —epss 0.00
Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information.
- risk 0.41cvss —epss 0.00
Improper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows local attackers to trigger privileged functions.
- risk 0.41cvss 7.4epss 0.00
Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.
- risk 0.41cvss 7.4epss 0.00
Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows out-of-bounds write.This issue affects Escargot:commit hash 97e8115ab1110bc502b4b5e4a0c689a71520d335 .
- risk 0.40cvss 6.1epss 0.00
URL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token.
- risk 0.40cvss 6.2epss 0.00
Improper access control in SemSensorManager for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information related to outdoor exercise and sleep time.
- risk 0.40cvss 6.2epss 0.00
Improper access control in PENUP prior to version 3.9.19.32 allows local attackers to access files with PENUP privilege.
- risk 0.40cvss 6.1epss 0.00
Improper handling of insufficient permission in PackageInstallerCN prior to version 15.0.11.0 allows local attacker to bypass user interaction for requested installation.
- risk 0.40cvss 6.2epss 0.00
Improper access control in Bixby Vision prior to version 3.8.1 in Android 13, 3.8.3 in Android 14, 3.8.21 in Android 15 allows local attackers to access image files with Bixby Vision privilege.
- risk 0.40cvss 6.2epss 0.00
Arbitrary directory creation in Samsung Live Wallpaper PC prior to version 3.3.8.0 allows attacker to create arbitrary directory.
- risk 0.40cvss 6.1epss 0.01
Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid.
- risk 0.40cvss 6.1epss 0.02
Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.)
- risk 0.40cvss 6.1epss 0.01
On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747.
- risk 0.40cvss 6.1epss 0.01
Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another…
- risk 0.39cvss 6.0epss 0.00
A vulnerability was discovered in Samsung Mobile Processor Exynos 850, Exynos 9610, Exynos 980, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, and Exynos W930 where it does not properly check a pointer address, which can lead to a Information disclosure.
- risk 0.39cvss 5.5epss 0.02
The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email…
Page 4 of 45