VYPR

Vendor CVEs

Samsung Mobile

All CVEs

2,204 total · sorted by risk
  • CVE-2019-16256KEVSep 12, 2019
    risk 0.17cvss epss 0.05

    Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka…

  • CVE-2026-21006LowApr 13, 2026
    risk 0.16cvss 2.4epss 0.00

    Improper access control in Samsung DeX prior to SMR Apr-2026 Release 1 allows physical attackers to access to hidden notification contents.

  • CVE-2025-4632KEVMay 13, 2025
    risk 0.15cvss epss 0.24

    Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.

  • CVE-2025-21043KEVSep 12, 2025
    risk 0.12cvss epss 0.01

    Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.

  • CVE-2025-21042KEVSep 12, 2025
    risk 0.12cvss epss 0.12

    Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.

  • CVE-2023-21492KEVMay 4, 2023
    risk 0.12cvss epss 0.03

    Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.

  • CVE-2022-22265KEVJan 7, 2022
    risk 0.12cvss epss 0.00

    An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.

  • CVE-2021-25489KEVOct 6, 2021
    risk 0.12cvss epss 0.01

    Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic.

  • CVE-2021-25487KEVOct 6, 2021
    risk 0.12cvss epss 0.01

    Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer.

  • CVE-2021-25394KEVJun 11, 2021
    risk 0.12cvss epss 0.00

    A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised.

  • CVE-2021-25395KEVJun 11, 2021
    risk 0.12cvss epss 0.00

    A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised.

  • CVE-2021-25372KEVMar 26, 2021
    risk 0.12cvss epss 0.01

    An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.

  • CVE-2021-25371KEVMar 26, 2021
    risk 0.12cvss epss 0.01

    A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP.

  • CVE-2021-25370KEVMar 26, 2021
    risk 0.12cvss epss 0.01

    An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.

  • CVE-2021-25369KEVMar 26, 2021
    risk 0.12cvss epss 0.01

    An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.

  • CVE-2021-25337KEVMar 4, 2021
    risk 0.12cvss epss 0.03

    Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.

  • CVE-2012-4333Aug 14, 2012
    risk 0.08cvss epss 0.60

    Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to execute arbitrary code via a long string in the fname parameter. NOTE: some of…

  • CVE-2012-3807Jan 9, 2020
    risk 0.06cvss epss 0.32

    Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution.

  • CVE-2012-3810Jan 9, 2020
    risk 0.05cvss epss 0.05

    Samsung Kies before 2.5.0.12094_27_11 has registry modification.

  • CVE-2012-3809Jan 9, 2020
    risk 0.05cvss epss 0.05

    Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modification.

  • CVE-2012-3808Jan 9, 2020
    risk 0.05cvss epss 0.05

    Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification.

  • CVE-2013-3585Aug 28, 2013
    risk 0.05cvss epss 0.24

    Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file or (2) the user-setup web page.

  • CVE-2021-35449Jul 19, 2021
    risk 0.04cvss epss 0.01

    The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of…

  • CVE-2019-14223Sep 6, 2019
    risk 0.04cvss epss 0.04

    An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious…

  • CVE-2015-7897Nov 16, 2015
    risk 0.04cvss epss 0.07

    The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial of service (memory corruption) via a crafted BMP image file.

  • CVE-2015-0555Feb 24, 2015
    risk 0.04cvss epss 0.06

    Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code via a long string in the first argument to the (1) ReadConfigValue or (2) WriteConfigValue function.

  • CVE-2012-6429Apr 4, 2014
    risk 0.04cvss epss 0.15

    Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7 allows remote attackers to execute arbitrary code via a long string to the password argument.

  • CVE-2013-3586Aug 28, 2013
    risk 0.04cvss epss 0.12

    Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie.

  • CVE-2012-4334Aug 14, 2012
    risk 0.04cvss epss 0.07

    The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i viewer 1.37.120316 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party…

  • CVE-2012-4330Aug 14, 2012
    risk 0.04cvss epss 0.14

    The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as demonstrated by the MAC address field, possibly a buffer overflow.

  • CVE-2012-4329Aug 14, 2012
    risk 0.04cvss epss 0.13

    The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart) via a crafted controller name.

  • CVE-2015-7890Feb 12, 2020
    risk 0.03cvss epss 0.01

    Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter.

  • CVE-2015-7892Dec 9, 2019
    risk 0.03cvss epss 0.01

    Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in the Samsung m2m1shot driver framework, as used in Samsung S6 Edge, allows local users to have unspecified impact via a large data.buf_out.num_planes value in an ioctl call.

  • CVE-2014-9265Dec 8, 2014
    risk 0.03cvss epss 0.04

    Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors.

  • CVE-2013-4890Jul 23, 2013
    risk 0.03cvss epss 0.03

    The DMCRUIS/0.1 web server on the Samsung PS50C7700 TV allows remote attackers to cause a denial of service (daemon crash) via a long URI to TCP port 5600.

  • CVE-2012-5858Dec 3, 2012
    risk 0.03cvss epss 0.04

    Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address for authentication, which allows remote man-in-the-middle attackers to read arbitrary phone contents by spoofing or controlling the IP address.

  • CVE-2012-4335Aug 14, 2012
    risk 0.03cvss epss 0.03

    Samsung NET-i viewer 1.37.120316 allows remote attackers to cause a denial of service (infinite loop) via a negative size value in a TCP request to (1) NiwMasterService or (2) NiwStorageService. NOTE: some of these details are obtained from third party information.

  • CVE-2012-4250Aug 13, 2012
    risk 0.03cvss epss 0.06

    Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls31.dll in Samsung NET-i viewer 1.37 allows remote attackers to execute arbitrary code via a long string in the first argument.

  • CVE-2008-4380Oct 1, 2008
    risk 0.03cvss epss 0.04

    The web interface in Samsung DVR SHR2040 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, related to the filter for configuration properties and "/x" characters.

  • CVE-2001-1177Jul 17, 2001
    risk 0.03cvss epss 0.01

    ml85p in Samsung ML-85G GDI printer driver before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

  • CVE-2020-15419Jul 28, 2020
    risk 0.02cvss epss 0.64

    This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Reporter_ImportLicense class. Due to the…

  • CVE-2019-6742Jun 3, 2019
    risk 0.02cvss epss 0.06

    This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the GameServiceReceiver update…

  • CVE-2024-49415Dec 3, 2024
    risk 0.01cvss epss 0.01

    Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.

  • CVE-2023-21517Jun 28, 2023
    risk 0.01cvss epss 0.02

    Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code.

  • CVE-2021-25374Apr 9, 2021
    risk 0.01cvss epss 0.03

    An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account.

  • CVE-2020-12753May 11, 2020
    risk 0.01cvss epss 0.02

    An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader because of an EL1/EL3 coldboot vulnerability involving raw_resources. The LG ID is LVE-SMP-200006 (May 2020).

  • CVE-2020-8899May 6, 2020
    risk 0.01cvss epss 0.06

    There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram…

  • CVE-2019-16253Sep 25, 2019
    risk 0.01cvss epss 0.01

    The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 and 3.0.00.101 for Android allows a local attacker to escalate privileges, e.g., to system privileges. The Samsung case ID is 101755.

  • CVE-2015-3435May 1, 2015
    risk 0.01cvss epss 0.10

    Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request.

  • CVE-2012-6422Dec 18, 2012
    risk 0.01cvss epss 0.15

    The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges…

Page 7 of 45