Vendor CVEs
Samsung Mobile
All CVEs
2,204 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-16256 | 0.17 | — | 0.05 | KEV | Sep 12, 2019 | Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka… | ||
| CVE-2026-21006 | Low | 0.16 | 2.4 | 0.00 | Apr 13, 2026 | Improper access control in Samsung DeX prior to SMR Apr-2026 Release 1 allows physical attackers to access to hidden notification contents. | ||
| CVE-2025-4632 | 0.15 | — | 0.24 | KEV | May 13, 2025 | Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority. | ||
| CVE-2025-21043 | 0.12 | — | 0.01 | KEV | Sep 12, 2025 | Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code. | ||
| CVE-2025-21042 | 0.12 | — | 0.12 | KEV | Sep 12, 2025 | Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code. | ||
| CVE-2023-21492 | 0.12 | — | 0.03 | KEV | May 4, 2023 | Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR. | ||
| CVE-2022-22265 | 0.12 | — | 0.00 | KEV | Jan 7, 2022 | An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution. | ||
| CVE-2021-25489 | 0.12 | — | 0.01 | KEV | Oct 6, 2021 | Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic. | ||
| CVE-2021-25487 | 0.12 | — | 0.01 | KEV | Oct 6, 2021 | Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer. | ||
| CVE-2021-25394 | 0.12 | — | 0.00 | KEV | Jun 11, 2021 | A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised. | ||
| CVE-2021-25395 | 0.12 | — | 0.00 | KEV | Jun 11, 2021 | A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised. | ||
| CVE-2021-25372 | 0.12 | — | 0.01 | KEV | Mar 26, 2021 | An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access. | ||
| CVE-2021-25371 | 0.12 | — | 0.01 | KEV | Mar 26, 2021 | A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP. | ||
| CVE-2021-25370 | 0.12 | — | 0.01 | KEV | Mar 26, 2021 | An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic. | ||
| CVE-2021-25369 | 0.12 | — | 0.01 | KEV | Mar 26, 2021 | An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace. | ||
| CVE-2021-25337 | 0.12 | — | 0.03 | KEV | Mar 4, 2021 | Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files. | ||
| CVE-2012-4333 | 0.08 | — | 0.60 | Aug 14, 2012 | Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to execute arbitrary code via a long string in the fname parameter. NOTE: some of… | |||
| CVE-2012-3807 | 0.06 | — | 0.32 | Jan 9, 2020 | Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution. | |||
| CVE-2012-3810 | 0.05 | — | 0.05 | Jan 9, 2020 | Samsung Kies before 2.5.0.12094_27_11 has registry modification. | |||
| CVE-2012-3809 | 0.05 | — | 0.05 | Jan 9, 2020 | Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modification. | |||
| CVE-2012-3808 | 0.05 | — | 0.05 | Jan 9, 2020 | Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification. | |||
| CVE-2013-3585 | 0.05 | — | 0.24 | Aug 28, 2013 | Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file or (2) the user-setup web page. | |||
| CVE-2021-35449 | 0.04 | — | 0.01 | Jul 19, 2021 | The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of… | |||
| CVE-2019-14223 | 0.04 | — | 0.04 | Sep 6, 2019 | An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious… | |||
| CVE-2015-7897 | 0.04 | — | 0.07 | Nov 16, 2015 | The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial of service (memory corruption) via a crafted BMP image file. | |||
| CVE-2015-0555 | 0.04 | — | 0.06 | Feb 24, 2015 | Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code via a long string in the first argument to the (1) ReadConfigValue or (2) WriteConfigValue function. | |||
| CVE-2012-6429 | 0.04 | — | 0.15 | Apr 4, 2014 | Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7 allows remote attackers to execute arbitrary code via a long string to the password argument. | |||
| CVE-2013-3586 | 0.04 | — | 0.12 | Aug 28, 2013 | Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie. | |||
| CVE-2012-4334 | 0.04 | — | 0.07 | Aug 14, 2012 | The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i viewer 1.37.120316 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party… | |||
| CVE-2012-4330 | 0.04 | — | 0.14 | Aug 14, 2012 | The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as demonstrated by the MAC address field, possibly a buffer overflow. | |||
| CVE-2012-4329 | 0.04 | — | 0.13 | Aug 14, 2012 | The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart) via a crafted controller name. | |||
| CVE-2015-7890 | 0.03 | — | 0.01 | Feb 12, 2020 | Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter. | |||
| CVE-2015-7892 | 0.03 | — | 0.01 | Dec 9, 2019 | Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in the Samsung m2m1shot driver framework, as used in Samsung S6 Edge, allows local users to have unspecified impact via a large data.buf_out.num_planes value in an ioctl call. | |||
| CVE-2014-9265 | 0.03 | — | 0.04 | Dec 8, 2014 | Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors. | |||
| CVE-2013-4890 | 0.03 | — | 0.03 | Jul 23, 2013 | The DMCRUIS/0.1 web server on the Samsung PS50C7700 TV allows remote attackers to cause a denial of service (daemon crash) via a long URI to TCP port 5600. | |||
| CVE-2012-5858 | 0.03 | — | 0.04 | Dec 3, 2012 | Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address for authentication, which allows remote man-in-the-middle attackers to read arbitrary phone contents by spoofing or controlling the IP address. | |||
| CVE-2012-4335 | 0.03 | — | 0.03 | Aug 14, 2012 | Samsung NET-i viewer 1.37.120316 allows remote attackers to cause a denial of service (infinite loop) via a negative size value in a TCP request to (1) NiwMasterService or (2) NiwStorageService. NOTE: some of these details are obtained from third party information. | |||
| CVE-2012-4250 | 0.03 | — | 0.06 | Aug 13, 2012 | Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls31.dll in Samsung NET-i viewer 1.37 allows remote attackers to execute arbitrary code via a long string in the first argument. | |||
| CVE-2008-4380 | 0.03 | — | 0.04 | Oct 1, 2008 | The web interface in Samsung DVR SHR2040 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, related to the filter for configuration properties and "/x" characters. | |||
| CVE-2001-1177 | 0.03 | — | 0.01 | Jul 17, 2001 | ml85p in Samsung ML-85G GDI printer driver before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. | |||
| CVE-2020-15419 | 0.02 | — | 0.64 | Jul 28, 2020 | This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Reporter_ImportLicense class. Due to the… | |||
| CVE-2019-6742 | 0.02 | — | 0.06 | Jun 3, 2019 | This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the GameServiceReceiver update… | |||
| CVE-2024-49415 | 0.01 | — | 0.01 | Dec 3, 2024 | Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code. | |||
| CVE-2023-21517 | 0.01 | — | 0.02 | Jun 28, 2023 | Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code. | |||
| CVE-2021-25374 | 0.01 | — | 0.03 | Apr 9, 2021 | An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account. | |||
| CVE-2020-12753 | 0.01 | — | 0.02 | May 11, 2020 | An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader because of an EL1/EL3 coldboot vulnerability involving raw_resources. The LG ID is LVE-SMP-200006 (May 2020). | |||
| CVE-2020-8899 | 0.01 | — | 0.06 | May 6, 2020 | There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram… | |||
| CVE-2019-16253 | 0.01 | — | 0.01 | Sep 25, 2019 | The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 and 3.0.00.101 for Android allows a local attacker to escalate privileges, e.g., to system privileges. The Samsung case ID is 101755. | |||
| CVE-2015-3435 | 0.01 | — | 0.10 | May 1, 2015 | Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request. | |||
| CVE-2012-6422 | 0.01 | — | 0.15 | Dec 18, 2012 | The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges… |
- risk 0.17cvss —epss 0.05
Some Samsung devices include the SIMalliance Toolbox Browser (aka S@T Browser) on the UICC, which might allow remote attackers to retrieve location and IMEI information, or retrieve other data or execute certain commands, via SIM Toolkit (STK) instructions in an SMS message, aka…
- risk 0.16cvss 2.4epss 0.00
Improper access control in Samsung DeX prior to SMR Apr-2026 Release 1 allows physical attackers to access to hidden notification contents.
- risk 0.15cvss —epss 0.24
Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server version before 21.1052 allows attackers to write arbitrary file as system authority.
- risk 0.12cvss —epss 0.01
Out-of-bounds write in libimagecodec.quram.so prior to SMR Sep-2025 Release 1 allows remote attackers to execute arbitrary code.
- risk 0.12cvss —epss 0.12
Out-of-bounds write in libimagecodec.quram.so prior to SMR Apr-2025 Release 1 allows remote attackers to execute arbitrary code.
- risk 0.12cvss —epss 0.03
Kernel pointers are printed in the log file prior to SMR May-2023 Release 1 allows a privileged local attacker to bypass ASLR.
- risk 0.12cvss —epss 0.00
An improper check or handling of exceptional conditions in NPU driver prior to SMR Jan-2022 Release 1 allows arbitrary memory write and code execution.
- risk 0.12cvss —epss 0.01
Assuming radio permission is gained, missing input validation in modem interface driver prior to SMR Oct-2021 Release 1 results in format string bug leading to kernel panic.
- risk 0.12cvss —epss 0.01
Lack of boundary checking of a buffer in set_skb_priv() of modem interface driver prior to SMR Oct-2021 Release 1 allows OOB read and it results in arbitrary code execution by dereference of invalid function pointer.
- risk 0.12cvss —epss 0.00
A use after free vulnerability via race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows arbitrary write given a radio privilege is compromised.
- risk 0.12cvss —epss 0.00
A race condition in MFC charger driver prior to SMR MAY-2021 Release 1 allows local attackers to bypass signature check given a radio privilege is compromised.
- risk 0.12cvss —epss 0.01
An improper boundary check in DSP driver prior to SMR Mar-2021 Release 1 allows out of bounds memory access.
- risk 0.12cvss —epss 0.01
A vulnerability in DSP driver prior to SMR Mar-2021 Release 1 allows attackers load arbitrary ELF libraries inside DSP.
- risk 0.12cvss —epss 0.01
An incorrect implementation handling file descriptor in dpu driver prior to SMR Mar-2021 Release 1 results in memory corruption leading to kernel panic.
- risk 0.12cvss —epss 0.01
An improper access control vulnerability in sec_log file prior to SMR MAR-2021 Release 1 exposes sensitive kernel information to userspace.
- risk 0.12cvss —epss 0.03
Improper access control in clipboard service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows untrusted applications to read or write certain local files.
- CVE-2012-4333Aug 14, 2012risk 0.08cvss —epss 0.60
Multiple stack-based buffer overflows in the BackupToAvi method in the (1) UMS_Ctrl 1.5.1.1 and (2) UMS_Ctrl_STW 2.0.1.0 ActiveX controls in Samsung NET-i viewer 1.37.120316 allow remote attackers to execute arbitrary code via a long string in the fname parameter. NOTE: some of…
- CVE-2012-3807Jan 9, 2020risk 0.06cvss —epss 0.32
Samsung Kies before 2.5.0.12094_27_11 has arbitrary file execution.
- CVE-2012-3810Jan 9, 2020risk 0.05cvss —epss 0.05
Samsung Kies before 2.5.0.12094_27_11 has registry modification.
- CVE-2012-3809Jan 9, 2020risk 0.05cvss —epss 0.05
Samsung Kies before 2.5.0.12094_27_11 has arbitrary directory modification.
- CVE-2012-3808Jan 9, 2020risk 0.05cvss —epss 0.05
Samsung Kies before 2.5.0.12094_27_11 has arbitrary file modification.
- CVE-2013-3585Aug 28, 2013risk 0.05cvss —epss 0.24
Samsung Web Viewer for Samsung DVR devices stores credentials in cleartext, which allows context-dependent attackers to obtain sensitive information via vectors involving (1) direct access to a file or (2) the user-setup web page.
- CVE-2021-35449Jul 19, 2021risk 0.04cvss —epss 0.01
The Lexmark Universal Print Driver version 2.15.1.0 and below, G2 driver 2.7.1.0 and below, G3 driver 3.2.0.0 and below, and G4 driver 4.2.1.0 and below are affected by a privilege escalation vulnerability. A standard low priviliged user can use the driver to execute a DLL of…
- CVE-2019-14223Sep 6, 2019risk 0.04cvss —epss 0.04
An issue was discovered in Alfresco Community Edition versions below 5.2.6, 6.0.N and 6.1.N. The Alfresco Share application is vulnerable to an Open Redirect attack via a crafted POST request. By manipulating the POST parameters, an attacker can redirect a victim to a malicious…
- CVE-2015-7897Nov 16, 2015risk 0.04cvss —epss 0.07
The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial of service (memory corruption) via a crafted BMP image file.
- CVE-2015-0555Feb 24, 2015risk 0.04cvss —epss 0.06
Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code via a long string in the first argument to the (1) ReadConfigValue or (2) WriteConfigValue function.
- CVE-2012-6429Apr 4, 2014risk 0.04cvss —epss 0.15
Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7 allows remote attackers to execute arbitrary code via a long string to the password argument.
- CVE-2013-3586Aug 28, 2013risk 0.04cvss —epss 0.12
Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie.
- CVE-2012-4334Aug 14, 2012risk 0.04cvss —epss 0.07
The ConnectDDNS method in the (1) STWConfigNVR 1.1.13.15 and (2) STWConfig 1.1.14.13 ActiveX controls in Samsung NET-i viewer 1.37.120316 allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party…
- CVE-2012-4330Aug 14, 2012risk 0.04cvss —epss 0.14
The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as demonstrated by the MAC address field, possibly a buffer overflow.
- CVE-2012-4329Aug 14, 2012risk 0.04cvss —epss 0.13
The Samsung D6000 TV and possibly other products allow remote attackers to cause a denial of service (continuous restart) via a crafted controller name.
- CVE-2015-7890Feb 12, 2020risk 0.03cvss —epss 0.01
Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter.
- CVE-2015-7892Dec 9, 2019risk 0.03cvss —epss 0.01
Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in the Samsung m2m1shot driver framework, as used in Samsung S6 Edge, allows local users to have unspecified impact via a large data.buf_out.num_planes value in an ioctl call.
- CVE-2014-9265Dec 8, 2014risk 0.03cvss —epss 0.04
Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors.
- CVE-2013-4890Jul 23, 2013risk 0.03cvss —epss 0.03
The DMCRUIS/0.1 web server on the Samsung PS50C7700 TV allows remote attackers to cause a denial of service (daemon crash) via a long URI to TCP port 5600.
- CVE-2012-5858Dec 3, 2012risk 0.03cvss —epss 0.04
Samsung Kies Air 2.1.207051 and 2.1.210161 relies on the IP address for authentication, which allows remote man-in-the-middle attackers to read arbitrary phone contents by spoofing or controlling the IP address.
- CVE-2012-4335Aug 14, 2012risk 0.03cvss —epss 0.03
Samsung NET-i viewer 1.37.120316 allows remote attackers to cause a denial of service (infinite loop) via a negative size value in a TCP request to (1) NiwMasterService or (2) NiwStorageService. NOTE: some of these details are obtained from third party information.
- CVE-2012-4250Aug 13, 2012risk 0.03cvss —epss 0.06
Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls31.dll in Samsung NET-i viewer 1.37 allows remote attackers to execute arbitrary code via a long string in the first argument.
- CVE-2008-4380Oct 1, 2008risk 0.03cvss —epss 0.04
The web interface in Samsung DVR SHR2040 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request, related to the filter for configuration properties and "/x" characters.
- CVE-2001-1177Jul 17, 2001risk 0.03cvss —epss 0.01
ml85p in Samsung ML-85G GDI printer driver before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
- CVE-2020-15419Jul 28, 2020risk 0.02cvss —epss 0.64
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Veeam ONE 10.0.0.750_20200415. Authentication is not required to exploit this vulnerability. The specific flaw exists within the Reporter_ImportLicense class. Due to the…
- CVE-2019-6742Jun 3, 2019risk 0.02cvss —epss 0.06
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Samsung Galaxy S9 prior to 1.4.20.2. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the GameServiceReceiver update…
- CVE-2024-49415Dec 3, 2024risk 0.01cvss —epss 0.01
Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.
- CVE-2023-21517Jun 28, 2023risk 0.01cvss —epss 0.02
Heap out-of-bound write vulnerability in Exynos baseband prior to SMR Jun-2023 Release 1 allows remote attacker to execute arbitrary code.
- CVE-2021-25374Apr 9, 2021risk 0.01cvss —epss 0.03
An improper authorization vulnerability in Samsung Members "samsungrewards" scheme for deeplink in versions 2.4.83.9 in Android O(8.1) and below, and 3.9.00.9 in Android P(9.0) and above allows remote attackers to access a user data related with Samsung Account.
- CVE-2020-12753May 11, 2020risk 0.01cvss —epss 0.02
An issue was discovered on LG mobile devices with Android OS 7.2, 8.0, 8.1, 9, and 10 software. Arbitrary code execution can occur via the bootloader because of an EL1/EL3 coldboot vulnerability involving raw_resources. The LG ID is LVE-SMP-200006 (May 2020).
- CVE-2020-8899May 6, 2020risk 0.01cvss —epss 0.06
There is a buffer overwrite vulnerability in the Quram qmg library of Samsung's Android OS versions O(8.x), P(9.0) and Q(10.0). An unauthenticated, unauthorized attacker sending a specially crafted MMS to a vulnerable phone can trigger a heap-based buffer overflow in the Quram…
- CVE-2019-16253Sep 25, 2019risk 0.01cvss —epss 0.01
The Text-to-speech Engine (aka SamsungTTS) application before 3.0.02.7 and 3.0.00.101 for Android allows a local attacker to escalate privileges, e.g., to system privileges. The Samsung case ID is 101755.
- CVE-2015-3435May 1, 2015risk 0.01cvss —epss 0.10
Samsung Security Manager (SSM) before 1.31 allows remote attackers to execute arbitrary code by uploading a file with an HTTP (1) PUT or (2) MOVE request.
- CVE-2012-6422Dec 18, 2012risk 0.01cvss —epss 0.15
The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges…
Page 7 of 45