VYPR

Vendor CVEs

Samsung Mobile

All CVEs

2,204 total · sorted by risk
  • CVE-2025-20973MedMay 7, 2025
    risk 0.35cvss 5.4epss 0.00

    Improper authentication in Secure Folder prior to version 1.8.12.0 in Android 13, and 1.9.21.00 in Android 14 allows physical attackers to reset the lock type of Secure Folder.

  • CVE-2024-2995MedMar 27, 2024
    risk 0.35cvss 5.4epss 0.01

    A vulnerability was found in NUUO Camera up to 20240319 and classified as problematic. This issue affects some unknown processing of the file /deletefile.php. The manipulation of the argument filename leads to denial of service. The attack may be initiated remotely. The exploit…

  • CVE-2016-1319MedFeb 9, 2016
    risk 0.35cvss 5.3epss 0.01

    Cisco Unified Communications Manager (aka CallManager) 9.1(2.10000.28), 10.5(2.10000.5), 10.5(2.12901.1), and 11.0(1.10000.10); Unified Communications Manager IM & Presence Service 10.5(2); Unified Contact Center Express 11.0(1); and Unity Connection 10.5(2) store a cleartext…

  • CVE-2026-2832MedFeb 20, 2026
    risk 0.34cvss epss 0.00

    Certain Samsung MultiXpress Multifunction Printers may be vulnerable to information disclosure, potentially exposing address book entries and other device configuration information through specific APIs without proper authorization.

  • CVE-2020-26146MedMay 11, 2021
    risk 0.34cvss 5.3epss 0.06

    An issue was discovered on Samsung Galaxy S3 i9305 4.4.4 devices. The WPA, WPA2, and WPA3 implementations reassemble fragments with non-consecutive packet numbers. An adversary can abuse this to exfiltrate selected fragments. This vulnerability is exploitable when another device…

  • CVE-2026-8916MedJun 4, 2026
    risk 0.33cvss 6.1epss 0.00

    Out-of-bounds write vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before dcfde72eae1b0464dc0dd760aec00ada6a148635.

  • CVE-2026-49510MedJun 4, 2026
    risk 0.33cvss 6.1epss 0.00

    Integer overflow or wraparound vulnerability in Samsung Open Source rlottie allows Integer Attacks. This issue affects rlottie: before 21292665023e5074b38254432716866d00f1985f.

  • CVE-2026-47320MedJun 4, 2026
    risk 0.33cvss 6.1epss 0.00

    Access of uninitialized pointer, Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Pointer Manipulation, Oversized Serialized Data Payloads. This issue affects rlottie: before eae37633fda13ac05b25c6c95aacea4bc33c80a3.

  • CVE-2026-47319MedJun 4, 2026
    risk 0.33cvss 6.1epss 0.00

    Memory allocation with excessive size value vulnerability in Samsung Open Source rlottie allows Excessive Allocation. This issue affects rlottie: before 0b4e308fa88c72cbb60cc8a2c1d2c2ad89b101dd.

  • CVE-2026-47318MedJun 4, 2026
    risk 0.33cvss 6.1epss 0.00

    Stack-based buffer overflow vulnerability in Samsung Open Source rlottie allows Overflow Buffers. This issue affects rlottie: before ce72b35a7ad0dded03051d3aa0ef75321c3bd035.

  • CVE-2026-47306MedJun 4, 2026
    risk 0.33cvss 6.1epss 0.00

    Uncontrolled Recursion vulnerability in Samsung Open Source rlottie allows Oversized Serialized Data Payloads. This issue affects rlottie: before e2d19e3b150e0e4a9586fa90b56fd3061cc98945.

  • CVE-2026-10305MedJun 4, 2026
    risk 0.33cvss 6.1epss 0.00

    Out-of-bounds read vulnerability in Samsung Open Source rlottie allows Overread Buffers. This issue affects rlottie: before 223a2a41ba4f462e4abe767bebba49a366c9b9fd.

  • CVE-2026-41665MedApr 22, 2026
    risk 0.33cvss 6.1epss 0.00

    Integer overflow in scratch buffer initialization size calculation in Samsung Open Source ONE cause incorrect memory initialization for large intermediate tensors. Affected version is prior to commit 1.30.0.

  • CVE-2026-25204MedApr 13, 2026
    risk 0.33cvss 6.2epss 0.00

    Deserialization of untrusted data vulnerability in Samsung Open Source Escargot Java Script allows denial of service condition via process abort. This issue affects escarogt prior to commit hash 97e8115ab1110bc502b4b5e4a0c689a71520d335

  • CVE-2026-20984MedFeb 4, 2026
    risk 0.33cvss epss 0.00

    Improper handling of insufficient permission in Galaxy Wearable installed on non-Samsung Device prior to version 2.2.68 allows local attackers to access sensitive information.

  • CVE-2025-31716MedAug 1, 2025
    risk 0.33cvss 5.1epss 0.00

    In bootloader, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with no additional execution privileges needed.

  • CVE-2025-20902MedFeb 4, 2025
    risk 0.33cvss 5.1epss 0.00

    Improper access control in Media Controller prior to version 1.0.24.5282 allows local attacker to launch activities in MediaController's privilege.

  • CVE-2024-31955MedOct 15, 2024
    risk 0.32cvss 4.9epss 0.00

    An issue was discovered in Samsung eMMC with KLMAG2GE4A and KLM8G1WEMB firmware. Code bypass through Electromagnetic Fault Injection allows an attacker to successfully authenticate and write to the RPMB (Replay Protected Memory Block) area without possessing secret information.

  • CVE-2026-21034MedJun 5, 2026
    risk 0.31cvss epss 0.00

    Improper export of android application components in Samsung Auto prior to version 3.1.2.61 in Android 15 and 3.2.0.38 in Android 16 allows local attacker to change audio configuration.

  • CVE-2016-1919MedJan 27, 2017
    risk 0.31cvss 4.7epss 0.00

    Samsung KNOX 1.0 uses a weak eCryptFS Key generation algorithm, which makes it easier for local users to obtain sensitive information by leveraging knowledge of the TIMA key and a brute-force attack.

  • CVE-2025-69893MedApr 14, 2026
    risk 0.30cvss 4.6epss 0.00

    A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which…

  • CVE-2016-4032MedApr 13, 2017
    risk 0.30cvss 4.6epss 0.00

    Samsung SM-G920F build G920FXXU2COH2 (Galaxy S6), SM-N9005 build N9005XXUGBOK6 (Galaxy Note 3), GT-I9192 build I9192XXUBNB1 (Galaxy S4 mini), GT-I9195 build I9195XXUCOL1 (Galaxy S4 mini LTE), and GT-I9505 build I9505XXUHOJ2 (Galaxy S4) devices do not block AT+USBDEBUG and…

  • CVE-2026-47317MedMay 19, 2026
    risk 0.29cvss 5.5epss 0.00

    Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

  • CVE-2026-47316MedMay 19, 2026
    risk 0.29cvss 5.5epss 0.00

    Improper Check or Handling of Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

  • CVE-2026-47315MedMay 19, 2026
    risk 0.29cvss 5.5epss 0.00

    Improper Check for Unusual or Exceptional Conditions vulnerability in Samsung Open Source Escargot allows Input Data Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

  • CVE-2026-47313MedMay 19, 2026
    risk 0.29cvss 5.5epss 0.00

    Memory allocation with excessive size value vulnerability in Samsung Open Source Escargot allows Excessive Allocation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

  • CVE-2026-47312MedMay 19, 2026
    risk 0.29cvss 5.5epss 0.00

    Release of invalid pointer or reference vulnerability in Samsung Open Source Escargot allows Buffer Manipulation. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

  • CVE-2026-47309MedMay 19, 2026
    risk 0.29cvss 5.5epss 0.00

    Uncontrolled Recursion vulnerability in Samsung Open Source Escargot allows Oversized Serialized Data Payloads. This issue affects Escargot: 590345cc6258317c5da850d846ce6baaf2afc2d3.

  • CVE-2026-47308MedMay 19, 2026
    risk 0.29cvss 5.5epss 0.00

    NULL pointer dereference vulnerability in Samsung Open Source Walrus allows Pointer Manipulation. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.

  • CVE-2026-47307MedMay 19, 2026
    risk 0.29cvss 5.5epss 0.00

    NULL pointer dereference vulnerability in Samsung Open Source Walrus allows an attacker to cause a denial of service via a crafted WebAssembly module containing deeply nested instructions. This issue affects Walrus: f339b8ee4ea701772e8ae640b3d1b12ac02b1ae9.

  • CVE-2026-6840MedApr 22, 2026
    risk 0.29cvss 5.5epss 0.00

    Missing bounds validation for operator could allow out of range operator-code lookup during model loading Affected version is prior to commit 1.30.0.

  • CVE-2022-39888MedSep 4, 2025
    risk 0.28cvss 4.3epss 0.00

    Improper access control vulnerability in retrieveExternalProxy in MiscPolicy prior to SMR Nov-2022 Release 1 allows local attacker to access to Proxy information.

  • CVE-2025-21030MedSep 3, 2025
    risk 0.28cvss 4.3epss 0.00

    Improper handling of insufficient permission in AppPrelaunchManagerService prior to SMR Sep-2025 Release 1 in Chinese Android 15 allows local attackers to execute arbitrary application in the background.

  • CVE-2024-49419MedDec 3, 2024
    risk 0.28cvss 4.3epss 0.00

    Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to load an arbitrary URL in its webview.

  • CVE-2024-32672MedMay 14, 2024
    risk 0.28cvss 5.3epss 0.01

    A Segmentation Fault issue discovered in Samsung Open Source Escargot JavaScript engine allows remote attackers to cause a denial of service via crafted input. This issue affects Escargot: 4.0.0.

  • CVE-2026-40448MedApr 22, 2026
    risk 0.27cvss 5.3epss 0.00

    Potential Integer overflow in tensor allocation size calculation could lead to insufficient memory allocation for large tensors in Samsung Open Source ONE. Affected version is prior to commit  1.30.0.

  • CVE-2024-32669MedMay 14, 2024
    risk 0.27cvss 5.3epss 0.01

    Improper Input Validation vulnerability in Samsung Open Source escargot JavaScript engine allows Overflow Buffers. However, it occurs in the test code and does not include in the release. This issue affects escargot: 4.0.0.

  • CVE-2015-7268MedNov 27, 2017
    risk 0.27cvss 4.2epss 0.00

    Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when used on Windows and operating in Opal mode on Lenovo ThinkPad T440s laptops with BIOS 2.32 or ThinkPad W541 laptops with BIOS 2.21, or in Opal or eDrive mode on Dell…

  • CVE-2015-7267MedNov 27, 2017
    risk 0.27cvss 4.2epss 0.00

    Samsung 850 Pro and PM851 solid-state drives and Seagate ST500LT015 and ST500LT025 hard disk drives, when in sleep mode and operating in Opal or eDrive mode on Lenovo ThinkPad T440s laptops with BIOS 2.32; ThinkPad W541 laptops with BIOS 2.21; Dell Latitude E6410 laptops with…

  • CVE-2026-40447MedApr 13, 2026
    risk 0.26cvss 5.1epss 0.00

    Integer overflow or wraparound vulnerability in Samsung Open Source Escargot allows undefined behavior.This issue affects Escargot: 97e8115ab1110bc502b4b5e4a0c689a71520d335.

  • CVE-2025-58484MedDec 2, 2025
    risk 0.26cvss 4.0epss 0.00

    Incorrect default permissions in Samsung Cloud Assistant prior to version 8.0.03.8 allows local attacker to access partial data in sandbox.

  • CVE-2025-20940MedApr 8, 2025
    risk 0.26cvss 4.0epss 0.00

    Improper handling of insufficient permission in Samsung Device Health Manager Service prior to SMR Apr-2025 Release 1 allows local attackers to access provider in SDMHS.

  • CVE-2025-20923MedMar 6, 2025
    risk 0.26cvss 4.0epss 0.00

    Improper access control in Galaxy Wearable prior to version 2.2.61.24112961 allows local attackers to launch arbitrary activity with Galaxy Wearable privilege.

  • CVE-2025-20899MedFeb 4, 2025
    risk 0.26cvss 4.0epss 0.00

    Improper access control in PushNotification prior to version 13.0.00.15 in Android 12, 14.0.00.7 in Android 13, and 15.1.00.5 in Android 14 allows local attackers to access sensitive information.

  • CVE-2026-21027LowJun 5, 2026
    risk 0.21cvss 3.3epss 0.00

    Improper export of android application components in ImsSettings prior to SMR Jun-2026 Release 1 allows local attackers to trigger logging function.

  • CVE-2026-21012LowApr 13, 2026
    risk 0.21cvss 3.3epss 0.00

    External control of file name in AODManager prior to SMR Apr-2026 Release 1 allows privileged local attacker to create file with system privilege.

  • CVE-2025-21023LowAug 6, 2025
    risk 0.21cvss 3.3epss 0.00

    Improper access control in WcsExtension for Galaxy Watch prior to Android Watch 16 allows local attackers to access sensitive information.

  • CVE-2016-2567LowApr 13, 2017
    risk 0.21cvss 3.3epss 0.00

    secfilter in the Samsung kernel for Android on SM-N9005 build N9005XXUGBOB6 (Note 3) and SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to bypass URL filtering by inserting an "exceptional URL" in the query string, as demonstrated by the…

  • CVE-2016-2565LowApr 13, 2017
    risk 0.21cvss 3.3epss 0.00

    Samsung SecEmailSync on SM-G920F build G920FXXU2COH2 (Galaxy S6) devices allows attackers to read sent e-mail messages, aka SVE-2015-5081.

  • CVE-2026-21014LowApr 13, 2026
    risk 0.18cvss 2.8epss 0.00

    Improper access control in Samsung Camera prior to version 16.5.00.28 allows local attacker to access location data. User interaction is required for triggering this vulnerability.

Page 6 of 45