VYPR

Vendor CVEs

Samsung Mobile

All CVEs

2,204 total · sorted by risk
  • CVE-2015-7898MedJun 27, 2017
    risk 0.39cvss 5.5epss 0.01

    Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).

  • CVE-2015-7895MedJun 27, 2017
    risk 0.39cvss 5.5epss 0.01

    Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).

  • CVE-2016-1344MedMar 26, 2016
    risk 0.39cvss 5.9epss 0.03

    The IKEv2 implementation in Cisco IOS 15.0 through 15.6 and IOS XE 3.3 through 3.17 allows remote attackers to cause a denial of service (device reload) via fragmented packets, aka Bug ID CSCux38417.

  • CVE-2026-21038MedJun 5, 2026
    risk 0.38cvss epss 0.00

    Improper input validation in Samsung Android USB Driver for Windows prior to version 1.9.5.0 allows local attacker to access out-of-bounds memory.

  • CVE-2026-40446MedApr 13, 2026
    risk 0.38cvss 6.9epss 0.00

    Access of resource using incompatible type ('type confusion') vulnerability in Samsung Open Source Escargot allows Pointer Manipulation.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.

  • CVE-2018-10751MedMay 29, 2018
    risk 0.38cvss 5.3epss 0.09

    A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463.

  • CVE-2018-6019MedMar 6, 2018
    risk 0.38cvss 5.9epss 0.00

    Samsung Display Solutions App before 3.02 for Android allows man-in-the-middle attackers to spoof B2B content by leveraging failure to use encryption during information transmission.

  • CVE-2017-10963MedFeb 20, 2018
    risk 0.38cvss 5.9epss 0.01

    In Knox SDS IAM (Identity Access Management) and EMM (Enterprise Mobility Management) 16.11 on Samsung mobile devices, a man-in-the-middle attacker can install any application into the Knox container (without the user's knowledge) by inspecting network traffic from a Samsung…

  • CVE-2017-8851MedMay 11, 2017
    risk 0.38cvss 5.9epss 0.00

    An issue was discovered on OnePlus One and X devices. Due to a lenient updater-script on the OnePlus One and X OTA images, the fact that both products use the same OTA verification keys, and the fact that both products share the same 'ro.build.product' system property, attackers…

  • CVE-2016-1346MedApr 6, 2016
    risk 0.38cvss 5.9epss 0.02

    The kernel in Cisco TelePresence Server 3.0 through 4.2(4.18) on Mobility Services Engine (MSE) 8710 devices allows remote attackers to cause a denial of service (panic and reboot) via a crafted sequence of IPv6 packets, aka Bug ID CSCuu46673.

  • CVE-2026-25206MedApr 13, 2026
    risk 0.37cvss 6.7epss 0.00

    Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.

  • CVE-2017-17860MedJan 18, 2018
    risk 0.37cvss 5.7epss 0.00

    In Samsung Gear products, Bluetooth link key is updated to the different key which is same with attacker's link key. It can be attacked without user's intention only if attacker can reveal the Bluetooth address of target device and paired user's smartphone

  • CVE-2026-21028MedJun 5, 2026
    risk 0.36cvss 5.5epss 0.00

    Improper access control in AuditLogService prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.

  • CVE-2026-21026MedJun 5, 2026
    risk 0.36cvss 5.5epss 0.00

    Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information.

  • CVE-2026-21025MedJun 5, 2026
    risk 0.36cvss 5.5epss 0.00

    Incorrect privilege assignment in Telephony prior to SMR Jun-2026 Release 1 allows local attackers to access sensitive information.

  • CVE-2026-21017MedJun 5, 2026
    risk 0.36cvss 5.5epss 0.00

    Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files.

  • CVE-2026-21022MedMay 13, 2026
    risk 0.36cvss 5.5epss 0.00

    Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.

  • CVE-2026-21016MedMay 13, 2026
    risk 0.36cvss 5.5epss 0.00

    Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information.

  • CVE-2026-21015MedMay 13, 2026
    risk 0.36cvss 5.5epss 0.00

    Incorrect default permissions in FactoryCamera prior to SMR May-2026 Release 1 allows local attacker to access unique identifier.

  • CVE-2026-3291MedMay 6, 2026
    risk 0.36cvss 5.5epss 0.00

    Samsung Print Service Plugin for Android is potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. HP is releasing updates to mitigate these potential vulnerabilities.

  • CVE-2026-21023MedApr 29, 2026
    risk 0.36cvss 5.5epss 0.00

    Insufficient verification of data authenticity in PackageManagerService prior to SMR Mar-2026 Release 1 allows local attackers to modify the installation restriction of specific application.

  • CVE-2026-6839MedApr 22, 2026
    risk 0.36cvss 6.6epss 0.00

    Improper validation of STRING tensor offsets could allows malformed string metadata to trigger out of bounds access during constant tensor import in Samsung Open Source ONE Affected version is prior to commit 1.30.0.

  • CVE-2026-41667MedApr 22, 2026
    risk 0.36cvss 6.6epss 0.00

    Integer overflow in constant tensor data size calculation in Samsung Open Source ONE could cause incorrect buffer sizing for large constant nodes. Affected version is prior to commit 1.30.0.

  • CVE-2026-41666MedApr 22, 2026
    risk 0.36cvss 6.6epss 0.00

    Integer overflow in tensor copy size calculation in Samsung Open Source ONE could lead to out of bounds access during loop state propagation. Affected version is prior to commit 1.30.0.

  • CVE-2026-41664MedApr 22, 2026
    risk 0.36cvss 6.6epss 0.00

    Integer overflow in memory copy size calculation in Samsung Open Source ONE could lead to invalid memory operations with large tensor shapes. Affected version is prior to commit 1.30.0.

  • CVE-2026-40450MedApr 22, 2026
    risk 0.36cvss 6.6epss 0.00

    Integer overflow in output tensor copy size calculation in Samsung Open Source ONE could cause incorrect copy length and memory corruption for oversized tensors. Affected version is prior to commit 1.30.0.

  • CVE-2026-40449MedApr 22, 2026
    risk 0.36cvss 6.6epss 0.00

    Integer overflow in buffer size calculation could result in out of bounds memory access when handling large tensors in Samsung Open Source ONE. Affected version is prior to commit 1.30.0.

  • CVE-2026-21013MedApr 13, 2026
    risk 0.36cvss 5.5epss 0.00

    Incorrect default permission in Galaxy Wearable prior to version 2.2.68.26 allows local attackers to access sensitive information.

  • CVE-2026-21002MedMar 16, 2026
    risk 0.36cvss 5.5epss 0.00

    Improper verification of cryptographic signature in Galaxy Store prior to version 4.6.03.8 allows local attacker to install arbitrary application.

  • CVE-2026-21001MedMar 16, 2026
    risk 0.36cvss 5.5epss 0.00

    Path traversal in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.

  • CVE-2026-21000MedMar 16, 2026
    risk 0.36cvss 5.5epss 0.00

    Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege.

  • CVE-2026-20993MedMar 16, 2026
    risk 0.36cvss 5.5epss 0.00

    Improper export of android application components in Samsung Assistant prior to version 9.3.10.7 allows local attacker to access saved information.

  • CVE-2025-21012MedAug 6, 2025
    risk 0.36cvss 5.5epss 0.00

    Improper access control in fall detection for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to modify fall detection configuration.

  • CVE-2025-21011MedAug 6, 2025
    risk 0.36cvss 5.5epss 0.00

    Improper access control in SemSensorService for Galaxy Watch prior to SMR Aug-2025 Release 1 allows local attackers to access sensitive information related to motion and body sensors.

  • CVE-2025-20975MedMay 7, 2025
    risk 0.36cvss 5.5epss 0.00

    Improper Export of Android Application Components in AODService prior to version 8.8.28.12 allows local attackers to launch arbitrary activity with systemui privilege.

  • CVE-2025-20906MedFeb 4, 2025
    risk 0.36cvss 5.5epss 0.00

    Improper Export of Android Application Components in Settings prior to SMR Feb-2025 Release 1 allows local attackers to enable ADB.

  • CVE-2024-49412MedDec 3, 2024
    risk 0.36cvss 5.5epss 0.00

    Improper input validation in Settings prior to SMR Dec-2024 Release 1 allows local attackers to broadcast signal for discovering Bluetooth on Galaxy Watch.

  • CVE-2024-32673MedJul 3, 2024
    risk 0.36cvss 5.5epss 0.00

    Improper Validation of Array Index vulnerability in Samsung Open Source Walrus Webassembly runtime engine allows a segmentation fault issue. This issue affects Walrus: before 72c7230f32a0b791355bbdfc78669701024b0956.

  • CVE-2018-10498MedSep 24, 2018
    risk 0.36cvss 5.5epss 0.00

    This vulnerability allows local attackers to disclose sensitive information on vulnerable installations of Samsung Email Fixed in version 5.0.02.16. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this…

  • CVE-2018-3926MedAug 28, 2018
    risk 0.36cvss 5.5epss 0.00

    An exploitable integer underflow vulnerability exists in the ZigBee firmware update routine of the hubCore binary of the Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The hubCore process incorrectly handles malformed files existing in its data directory,…

  • CVE-2016-2036MedApr 13, 2017
    risk 0.36cvss 5.5epss 0.00

    The getURL function in drivers/secfilter/urlparser.c in secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to trigger a NULL pointer dereference via a "GET HTTP/1.1" request,…

  • CVE-2016-4546MedFeb 13, 2017
    risk 0.36cvss 5.5epss 0.00

    Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call.

  • CVE-2016-3996MedJan 27, 2017
    risk 0.36cvss 5.5epss 0.01

    ClipboardDataMgr in Samsung KNOX 1.0.0 and 2.3.0 does not properly check the caller, which allows local users to read KNOX clipboard data via a crafted application.

  • CVE-2016-1920MedJan 27, 2017
    risk 0.36cvss 5.5epss 0.00

    Samsung KNOX 1.0.0 uses the shared certificate on Android, which allows local users to conduct man-in-the-middle attacks as demonstrated by installing a certificate and running a VPN service.

  • CVE-2016-9278MedJan 18, 2017
    risk 0.36cvss 5.5epss 0.00

    The Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows local users to cause a denial of service (kernel panic) via a crafted ioctl command. The Samsung ID is SVE-2016-6736.

  • CVE-2017-5217MedJan 9, 2017
    risk 0.36cvss 5.5epss 0.01

    Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app…

  • CVE-2016-6910MedDec 23, 2016
    risk 0.36cvss 5.5epss 0.00

    The non-existent notification listener vulnerability was introduced in the initial Android 5.0.2 builds for the Samsung Galaxy S6 Edge devices, but the vulnerability can persist on the device even after the device has been upgraded to an Android 5.1.1 or 6.0.1 build. The…

  • CVE-2016-9567MedNov 23, 2016
    risk 0.36cvss 5.5epss 0.01

    The mDNIe system service on Samsung Mobile S7 devices with M(6.0) software does not properly restrict setmDNIeScreenCurtain API calls, enabling attackers to control a device's screen. This can be exploited via a crafted application to eavesdrop after phone shutdown or record a…

  • CVE-2014-9798MedJul 11, 2016
    risk 0.36cvss 5.5epss 0.00

    platform/msm_shared/dev_tree.c in the Qualcomm bootloader in Android before 2016-07-05 on Nexus 5 devices does not check the relationship between tags addresses and aboot addresses, which allows attackers to cause a denial of service (OS outage) via a crafted application, aka…

  • CVE-2026-25209MedApr 13, 2026
    risk 0.35cvss 6.5epss 0.00

    Out-of-bounds read vulnerability in Samsung Open Source Escargot allows Resource Leak Exposure.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.

Page 5 of 45