Samsung: >> Samsung Mobile >> 6.0 Security Vulnerabilities
A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463.
CVSS Score
5.3
EPSS Score
0.165
Published
2018-05-29
On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747.
CVSS Score
6.1
EPSS Score
0.004
Published
2018-03-30
On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Gallery allows remote attackers to execute arbitrary code via a BMP file with a crafted resolution, aka SVE-2017-11105.
CVSS Score
7.8
EPSS Score
0.008
Published
2018-03-30
On Samsung mobile devices with M(6.0) and N(7.x) software, a heap overflow in the sensorhub binder service leads to code execution in a privileged process, aka SVE-2017-10991.
CVSS Score
9.8
EPSS Score
0.011
Published
2018-03-30
On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers can execute arbitrary code in the bootloader because S Boot omits a size check during a copy of ramfs data to memory. The Samsung ID is SVE-2017-10598.
CVSS Score
8.4
EPSS Score
0.001
Published
2018-01-04
LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file.
CVSS Score
6.5
EPSS Score
0.118
Published
2017-08-24
Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
CVSS Score
5.5
EPSS Score
0.001
Published
2017-06-27
Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
CVSS Score
5.5
EPSS Score
0.004
Published
2017-06-27
Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is SVE-2017-8290.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-04-19
The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka SVE-2016-6362.
CVSS Score
9.8
EPSS Score
0.028
Published
2017-03-23
Page 1