Vulnerabilities (CVE)

Filtered by vendor Samsung Subscribe
Total 932 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2017-18696 3 Google, Qualcomm, Samsung 4 Android, Msm8996, Exynos 7420 and 1 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered on Samsung mobile devices with M(6.0) and N(7.0) (Exynos7420, Exynos8890, or MSM8996 chipsets) software. RKP allows memory corruption. The Samsung ID is SVE-2016-7897 (January 2017).
CVE-2018-21040 2 Google, Samsung 2 Android, Exynos 9810 2023-12-10 6.8 MEDIUM 8.1 HIGH
An issue was discovered on Samsung mobile devices with O(8.x) and P(9.0) (Exynos 9810 chipsets) software. There is a race condition with a resultant use-after-free in the g2d driver. The Samsung ID is SVE-2018-12959 (December 2018).
CVE-2020-25056 2 Google, Samsung 2 Android, Galaxy S20 2023-12-10 5.0 MEDIUM 7.5 HIGH
An issue was discovered on Samsung mobile devices with Q(10.0) (Galaxy S20) software. Because HAL improperly checks versions, bootloading by the S.LSI NFC chipset is mishandled. The Samsung ID is SVE-2020-16169 (August 2020).
CVE-2018-21076 2 Google, Samsung 3 Android, Exynos 8890, Exynos 8895 2023-12-10 2.1 LOW 5.5 MEDIUM
An issue was discovered on Samsung mobile devices with N(7.x) (Exynos8890/8895 chipsets) software. There is information disclosure (a KASLR offset) in the Secure Driver via a modified trustlet. The Samsung ID is SVE-2017-10987 (April 2018).
CVE-2020-10835 1 Samsung 1 Exynos 2023-12-10 10.0 HIGH 9.8 CRITICAL
An issue was discovered on Samsung mobile devices with any (before February 2020 for Exynos modem chipsets) software. There is a buffer overflow in baseband CP message decoding. The Samsung IDs are SVE-2019-15816 and SVE-2019-15817 (February 2020).
CVE-2020-6616 3 Apple, Google, Samsung 7 Ipados, Iphone Os, Mac Os X and 4 more 2023-12-10 3.3 LOW 6.5 MEDIUM
Some Broadcom chips mishandle Bluetooth random-number generation because a low-entropy Pseudo Random Number Generator (PRNG) is used in situations where a Hardware Random Number Generator (HRNG) should have been used to prevent spoofing. This affects, for example, Samsung Galaxy S8, S8+, and Note8 devices with the BCM4361 chipset. The Samsung ID is SVE-2020-16882 (May 2020).
CVE-2020-10849 2 Google, Samsung 4 Android, Exynos 7885, Exynos 8895 and 1 more 2023-12-10 5.0 MEDIUM 9.8 CRITICAL
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) (Exynos7885, Exynos8895, and Exynos9810 chipsets) software. The Gatekeeper trustlet allows a brute-force attack on the screen lock password. The Samsung ID is SVE-2019-14575 (January 2020).
CVE-2019-20610 2 Google, Samsung 8 Android, Exynos 7570, Exynos 7870 and 5 more 2023-12-10 9.3 HIGH 8.1 HIGH
An issue was discovered on Samsung mobile devices with N(7.X) and O(8.X) (Exynos 7570, 7870, 7880, 7885, 8890, 8895, and 9810 chipsets) software. A double-fetch vulnerability in Trustlet allows arbitrary TEE code execution. The Samsung ID is SVE-2019-13910 (April 2019).
CVE-2019-20601 2 Google, Samsung 6 Android, Exynos 7570, Exynos 7580 and 3 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
An issue was discovered on Samsung mobile devices with N(7.x), O(8.x), and P(9.0) (Exynos7570, 7580, 7870, 7880, and 8890 chipsets) software. RKP memory corruption causes an arbitrary write to protected memory. The Samsung ID is SVE-2019-13921-2 (May 2019).
CVE-2017-18690 2 Google, Samsung 9 Android, Exynos 5410, Exynos 5420 and 6 more 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered on Samsung mobile devices with KK(4.4), L(5.0/5.1), M(6.0), and N(7.0) (Exynos54xx, Exynos7420, Exynos8890, or Exynos8895 chipsets) software. There is a buffer overflow in the sensor hub. The Samsung ID is SVE-2016-7484 (January 2017).
CVE-2019-20578 2 Google, Samsung 2 Android, Exynos 9820 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered on Samsung mobile devices with P(9.0) (Exynos 9820 chipsets) software. A Buffer overflow occurs when loading the UH Partition during Secure Boot. The Samsung ID is SVE-2019-14412 (August 2019).
CVE-2020-15582 2 Google, Samsung 2 Android, Exynos 7885 2023-12-10 4.3 MEDIUM 5.5 MEDIUM
An issue was discovered on Samsung mobile devices with P(9.0) and Q(10.0) (Exynos 7885 chipsets) software. The Bluetooth Low Energy (BLE) component has a buffer overflow with a resultant deadlock or crash. The Samsung ID is SVE-2020-16870 (July 2020).
CVE-2019-20566 1 Samsung 1 Exynos Smp1300 2023-12-10 7.5 HIGH 9.8 CRITICAL
An issue was discovered on Samsung mobile devices with any (before September 2019 for SMP1300 Exynos modem chipsets) software. Attackers can trigger stack corruption in the Shannon modem via a crafted RP-Originator/Destination address. The Samsung ID is SVE-2019-14858 (September 2019).
CVE-2020-8860 2 Google, Samsung 2 Android, Galaxy S10 2023-12-10 5.4 MEDIUM 8.0 HIGH
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets. User interaction is required to exploit this vulnerability in that the target must answer a phone call. The specific flaw exists within the Call Control Setup messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the baseband processor. Was ZDI-CAN-9658.
CVE-2019-15440 1 Samsung 2 Galaxy J5, Galaxy J5 Firmware 2023-12-10 4.6 MEDIUM 7.8 HIGH
The Samsung J5 Android device with a build fingerprint of samsung/on5xeltedx/on5xelte:8.0.0/R16NW/G570YDXU2CRL1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=6010000, versionName=6.1.0.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVE-2019-15459 1 Samsung 2 Galaxy J7 Neo, Galaxy J7 Neo Firmware 2023-12-10 4.6 MEDIUM 7.8 HIGH
The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB3:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVE-2019-15461 1 Samsung 2 Galaxy J7 Neo, Galaxy J7 Neo Firmware 2023-12-10 4.6 MEDIUM 7.8 HIGH
The Samsung J7 Neo Android device with a build fingerprint of samsung/j7velteub/j7velte:8.1.0/M1AJQ/J701MUBS6BSB4:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.
CVE-2012-3806 1 Samsung 1 Kies 2023-12-10 5.0 MEDIUM 7.5 HIGH
Samsung Kies before 2.5.0.12094_27_11 contains a NULL pointer dereference vulnerability which could allow remote attackers to perform a denial of service.
CVE-2018-16270 1 Samsung 20 Galaxy Gear, Galaxy Gear Firmware, Gear 2 and 17 more 2023-12-10 5.0 MEDIUM 7.5 HIGH
Samsung Galaxy Gear series before build RE2 includes the hcidump utility with no privilege or permission restriction. This allows an unprivileged process to dump Bluetooth HCI packets to an arbitrary file path.
CVE-2019-15442 1 Samsung 2 On 7, On 7 Firmware 2023-12-10 7.2 HIGH 7.8 HIGH
The Samsung on7xelteskt Android device with a build fingerprint of samsung/on7xelteskt/on7xelteskt:8.1.0/M1AJQ/G610SKSU2CSB1:user/release-keys contains a pre-installed app with a package name of com.samsung.android.themecenter app (versionCode=7000100, versionName=7.0.1.0) that allows other pre-installed apps to perform app installation via an accessible app component. This capability can be accessed by any pre-installed app on the device which can obtain signatureOrSystem permissions that are required by other other pre-installed apps that exported their capabilities to other pre-installed app.