VYPR

Vendor CVEs

Samsung Mobile

All CVEs

2,204 total · sorted by risk
  • CVE-2024-32670HigJul 10, 2024
    risk 0.46cvss epss 0.00

    Exposure of Sensitive Information to an Unauthorized Actor in Samsung Galaxy SmartTag2 prior to 0.20.04 allows attackes to potentially identify the tag's location by scanning the BLE adversting.

  • CVE-2018-10501HigSep 24, 2018
    risk 0.46cvss 7.0epss 0.00

    This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Notes Fixed in version 2.0.02.31. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The…

  • CVE-2018-10500HigSep 24, 2018
    risk 0.46cvss 7.0epss 0.00

    This vulnerability allows local attackers to escalate privileges on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.…

  • CVE-2018-10499HigSep 24, 2018
    risk 0.46cvss 7.0epss 0.00

    This vulnerability allows local attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy Apps Fixed in version 6.4.0.15. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.…

  • CVE-2018-9142HigMar 30, 2018
    risk 0.46cvss 7.0epss 0.01

    On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932.

  • CVE-2015-7896MedAug 24, 2017
    risk 0.46cvss 6.5epss 0.07

    LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file.

  • CVE-2026-21037MedJun 5, 2026
    risk 0.45cvss epss 0.00

    Improper input validation in Samsung Members prior to version 5.8.01.5 allows local attackers to access arbitrary URL and launch arbitrary activity with Samsung Members privilege.

  • CVE-2026-47314HigMay 19, 2026
    risk 0.44cvss 7.8epss 0.00

    Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

  • CVE-2026-47311HigMay 19, 2026
    risk 0.44cvss 7.8epss 0.00

    Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows Overflow Buffers. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

  • CVE-2026-47310HigMay 19, 2026
    risk 0.44cvss 7.8epss 0.00

    Use after free vulnerability in Samsung Open Source Escargot allows Pointer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

  • CVE-2026-21021MedMay 13, 2026
    risk 0.44cvss 6.8epss 0.00

    Improper input validation in Routines prior to SMR May-2026 Release 1 allows physical attackers to launch privileged activity.

  • CVE-2026-21018MedMay 13, 2026
    risk 0.44cvss 6.7epss 0.00

    Out-of-bounds write in SveService prior to SMR May-2026 Release 1 allows local privileged attackers to execute arbitrary code.

  • CVE-2026-21011MedApr 13, 2026
    risk 0.44cvss 6.8epss 0.00

    Incorrect privilege assignment in Bluetooth in Maintenance mode prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Extend Unlock.

  • CVE-2026-21009MedApr 13, 2026
    risk 0.44cvss 6.8epss 0.00

    Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Release 1 allows physical attacker to bypass App Pinning.

  • CVE-2026-21007MedApr 13, 2026
    risk 0.44cvss 6.8epss 0.00

    Improper check for exceptional conditions in Device Care prior to SMR Apr-2026 Release 1 allows physical attackers to bypass Knox Guard.

  • CVE-2026-21003MedApr 13, 2026
    risk 0.44cvss 6.8epss 0.00

    Improper input validation in data related to network restrictions prior to SMR Apr-2026 Release 1 allows physical attackers to bypass the restrictions.

  • CVE-2025-20897MedFeb 4, 2025
    risk 0.44cvss 6.8epss 0.00

    Improper access control in Secure Folder prior to version 1.9.20.50 in Android 14, 1.8.11.0 in Android 13, and 1.7.04.0 in Android 12 allows local attacker to access data in Secure Folder.

  • CVE-2018-3913MedSep 21, 2018
    risk 0.44cvss 6.7epss 0.00

    An exploitable stack-based buffer overflow vulnerability exists in the retrieval of database fields in the video-core HTTP server of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy call overflows the destination buffer, which has a size of 32…

  • CVE-2018-3927MedAug 27, 2018
    risk 0.44cvss 6.8epss 0.01

    An exploitable information disclosure vulnerability exists in the crash handler of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. When hubCore crashes, Google Breakpad is used to record minidumps, which are sent over an insecure HTTPS…

  • CVE-2016-4031MedApr 13, 2017
    risk 0.44cvss 6.8epss 0.01

    Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices allow attackers to send AT commands…

  • CVE-2016-4030MedApr 13, 2017
    risk 0.44cvss 6.8epss 0.01

    Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices have unintended availability of the…

  • CVE-2026-21010MedApr 13, 2026
    risk 0.43cvss 6.6epss 0.00

    Improper input validation in Retail Mode prior to SMR Apr-2026 Release 1 allows local attackers to trigger privileged functions.

  • CVE-2025-21065MedOct 10, 2025
    risk 0.43cvss 6.6epss 0.00

    Improper input validation in Retail Mode prior to version 5.59.11 allows self attackers to execute privileged commands on their own devices.

  • CVE-2024-34681MedNov 6, 2024
    risk 0.43cvss 6.6epss 0.00

    Improper input validation in BluetoothAdapter prior to SMR Nov-2024 Release 1 allows local attackers to cause local permanent denial of service on Galaxy Watch.

  • CVE-2013-7447MedFeb 17, 2016
    risk 0.43cvss 6.5epss 0.05

    Integer overflow in the gdk_cairo_set_source_pixbuf function in gdk/gdkcairo.c in GTK+ before 3.9.8, as used in eom, gnome-photos, eog, gambas3, thunar, pinpoint, and possibly other applications, allows remote attackers to cause a denial of service (crash) via a large image…

  • CVE-2026-21035MedJun 5, 2026
    risk 0.42cvss epss 0.00

    Improper input validation in Samsung Plus TV prior to version 1.0.28.6 allows remote attackers to access sensitive information.

  • CVE-2026-21008MedApr 13, 2026
    risk 0.42cvss 6.5epss 0.00

    Exposure of sensitive information in S Share prior to SMR Apr-2026 Release 1 allows adjacent attacker to access sensitive information.

  • CVE-2024-49418MedDec 3, 2024
    risk 0.42cvss 6.5epss 0.00

    Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to enable JavaScript in its webview.

  • CVE-2024-5095MedMay 19, 2024
    risk 0.42cvss 6.5epss 0.01

    A vulnerability classified as problematic has been found in Victor Zsviot Camera 8.26.31. This affects an unknown part of the component MQTT Packet Handler. The manipulation leads to denial of service. It is possible to initiate the attack remotely. The exploit has been…

  • CVE-2024-31587MedApr 19, 2024
    risk 0.42cvss 6.5epss 0.00

    SecuSTATION Camera V2.5.5.3116-S50-SMA-B20160811A and lower allows an unauthenticated attacker to download device configuration files via a crafted request.

  • CVE-2020-26145MedMay 11, 2021
    risk 0.42cvss 6.5epss 0.04

    An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept second (or subsequent) broadcast fragments even when sent in plaintext and process them as full unfragmented frames. An adversary can abuse this to inject…

  • CVE-2020-26144MedMay 11, 2021
    risk 0.42cvss 6.5epss 0.05

    An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WEP, WPA, WPA2, and WPA3 implementations accept plaintext A-MSDU frames as long as the first 8 bytes correspond to a valid RFC1042 (i.e., LLC/SNAP) header for EAPOL. An adversary can abuse this to inject…

  • CVE-2015-8780MedApr 13, 2017
    risk 0.42cvss 6.4epss 0.01

    Samsung wssyncmlnps before 2015-10-31 allows directory traversal in a Kies restore, aka ZipFury.

  • CVE-2016-1308MedFeb 7, 2016
    risk 0.42cvss 6.5epss 0.01

    SQL injection vulnerability in Cisco Unified Communications Manager 10.5(2.13900.9) allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCux99227.

  • CVE-2026-21036MedJun 5, 2026
    risk 0.41cvss epss 0.00

    Improper authorization in Samsung Internet prior to version 30.0.0.39 allows local attackers to access sensitive information.

  • CVE-2026-21024MedMay 13, 2026
    risk 0.41cvss epss 0.00

    Improper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows local attackers to trigger privileged functions.

  • CVE-2026-25207HigApr 13, 2026
    risk 0.41cvss 7.4epss 0.00

    Out-of-bounds write vulnerability in Samsung Open Source Escargot allows Overflow Buffers.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.

  • CVE-2026-25205HigApr 13, 2026
    risk 0.41cvss 7.4epss 0.00

    Heap-based buffer overflow vulnerability in Samsung Open Source Escargot allows out-of-bounds write.This issue affects Escargot:commit hash  97e8115ab1110bc502b4b5e4a0c689a71520d335 .

  • CVE-2026-20994MedMar 16, 2026
    risk 0.40cvss 6.1epss 0.00

    URL redirection in Samsung Account prior to version 15.5.01.1 allows local attackers to potentially get access token.

  • CVE-2025-21013MedAug 6, 2025
    risk 0.40cvss 6.2epss 0.00

    Improper access control in SemSensorManager for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information related to outdoor exercise and sleep time.

  • CVE-2025-20978MedMay 7, 2025
    risk 0.40cvss 6.2epss 0.00

    Improper access control in PENUP prior to version 3.9.19.32 allows local attackers to access files with PENUP privilege.

  • CVE-2025-20974MedMay 7, 2025
    risk 0.40cvss 6.1epss 0.00

    Improper handling of insufficient permission in PackageInstallerCN prior to version 15.0.11.0 allows local attacker to bypass user interaction for requested installation.

  • CVE-2025-20970MedMay 7, 2025
    risk 0.40cvss 6.2epss 0.00

    Improper access control in Bixby Vision prior to version 3.8.1 in Android 13, 3.8.3 in Android 14, 3.8.21 in Android 15 allows local attackers to access image files with Bixby Vision privilege.

  • CVE-2024-20886MedJun 4, 2024
    risk 0.40cvss 6.2epss 0.00

    Arbitrary directory creation in Samsung Live Wallpaper PC prior to version 3.3.8.0 allows attacker to create arbitrary directory.

  • CVE-2018-14904MedAug 3, 2018
    risk 0.40cvss 6.1epss 0.01

    Samsung Syncthru Web Service V4.05.61 is vulnerable to Multiple unauthenticated XSS attacks on several parameters, as demonstrated by ruiFw_pid.

  • CVE-2018-11689MedJun 14, 2018
    risk 0.40cvss 6.1epss 0.02

    Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter. (The same Web Viewer codebase was transitioned from Samsung to Hanwha.)

  • CVE-2018-9140MedMar 30, 2018
    risk 0.40cvss 6.1epss 0.01

    On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747.

  • CVE-2017-17859MedDec 27, 2017
    risk 0.40cvss 6.1epss 0.01

    Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another…

  • CVE-2024-27363MedJul 9, 2024
    risk 0.39cvss 6.0epss 0.00

    A vulnerability was discovered in Samsung Mobile Processor Exynos 850, Exynos 9610, Exynos 980, Exynos 1280, Exynos 1380, Exynos 1330, Exynos W920, and Exynos W930 where it does not properly check a pointer address, which can lead to a Information disclosure.

  • CVE-2015-7889MedDec 28, 2017
    risk 0.39cvss 5.5epss 0.02

    The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email…

Page 4 of 45